Skip to content
THG Ingenuity Horizon GraphQL API

Security

Security features in the Horizon GraphQL API include rate limiting protection, CAPTCHA verification systems, and native app attestation.

Rate Limiting and CAPTCHA

The API supports multiple CAPTCHA providers to bypass rate limiting when legitimate users are affected:

  • Cloudflare Turnstile: Cloudflare’s CAPTCHA alternative
  • hCaptcha: Alternative to reCAPTCHA
  • reCAPTCHA: Traditional Google CAPTCHA with visible and invisible modes

All CAPTCHA providers use the same request header patterns for consistent implementation.

Native App Attestation

For mobile apps, device attestation provides an alternative to CAPTCHA challenges:

  • Apple DeviceCheck: iOS App Attest for genuine Apple devices
  • Play Integrity: Google’s modern integrity API for Android devices

Attestation allows native apps to bypass rate limiting by proving the request originates from a genuine device running the authentic app.