flask-Vouch is middleware for Flask applications that provides bot challenge and access control capabilities. Designed as a drop-in solution, it issues CAPTCHA challenges to users and grants signed JWT cookies upon successful completion, helping to distinguish between human users and automated bots. The tool is suitable for developers building Python web applications with Flask who require protection against automated abuse and need flexible, configurable bot mitigation.
The middleware offers eight built-in challenge types, including client-side proof-of-work challenges using SHA-256 and Balloon algorithms, image-based CAPTCHAs such as distorted character images and grid selection, as well as interactive challenges like rotation, sliding, circle, and trace-based CAPTCHAs. It also features an audio CAPTCHA for accessibility, presenting spoken digit sequences with layered noise to deter automated transcription. Additional detection methods include navigator attestation, which inspects the browser's API surface to identify headless environments, and an IP blocklist with CIDR support that can deny access to known bad actors before presenting any challenge.
flask-Vouch supports integration with third-party CAPTCHA providers, including Altcha, Arkose, CaptchaFox, GeeTest, and MTCaptcha, by handling the verification flow when credentials are supplied. The middleware can be configured to use Redis for state management and allows developers to swap challenge handlers at construction time without changing templates. Protection can be applied globally to all routes, or selectively using decorators to exempt, protect, or block specific routes. Access claims, such as whether a client is a crawler or the associated risk score, are made available in Flask's request context.
0 license and is made by TN3W. It is available for installation via a standard command and integrates directly into Flask applications using either direct instantiation or the application factory pattern.
flask-Vouch is a Frameworks & SDKs product. It focuses on protecting Flask web applications from automated bots using challenge middleware. It is built as an open-source project for python developers. flask-Vouch is open source under the Apache-2.0 license. The product ships for the command line, and it can be self-hosted.
flask-Vouch first shipped in 2026. Development happens publicly on GitHub with 21 commits in the last 90 days. Key capabilities include CAPTCHA challenges, JWT token support, and redis integration.
Latest indexed changes and source events
Other apps tracked under the same category.