Documentation Index
Fetch the complete documentation index at: https://docs.spike.ac/llms.txt
Use this file to discover all available pages before exploring further.
Spike offers multiple layers of spam protection to keep your forms secure.
Honeypot Field
The simplest spam protection. Add a hidden field that bots will fill out:
<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
<input type="email" name="email" required>
<textarea name="message" required></textarea>
<!-- Honeypot - bots will fill this, humans won't see it -->
<input
type="text"
name="_gotcha"
style="display:none"
tabindex="-1"
autocomplete="off"
>
<button type="submit">Send</button>
</form>
reCAPTCHA
reCAPTCHA v2 (Checkbox)
- Get keys at google.com/recaptcha
- Enable reCAPTCHA in your form settings
- Add the widget to your form:
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
<input type="email" name="email" required>
<textarea name="message" required></textarea>
<div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY"></div>
<button type="submit">Send</button>
</form>
reCAPTCHA v3 (Invisible)
For invisible protection:
<script src="https://www.google.com/recaptcha/api.js?render=YOUR_SITE_KEY"></script>
<form id="contact-form" action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
<input type="email" name="email" required>
<textarea name="message" required></textarea>
<input type="hidden" name="g-recaptcha-response" id="recaptcha-token">
<button type="submit">Send</button>
</form>
<script>
document.getElementById('contact-form').addEventListener('submit', async (e) => {
e.preventDefault();
const token = await grecaptcha.execute('YOUR_SITE_KEY', { action: 'submit' });
document.getElementById('recaptcha-token').value = token;
e.target.submit();
});
</script>
hCaptcha
Privacy-focused alternative to reCAPTCHA:
<script src="https://js.hcaptcha.com/1/api.js" async defer></script>
<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
<input type="email" name="email" required>
<textarea name="message" required></textarea>
<div class="h-captcha" data-sitekey="YOUR_SITE_KEY"></div>
<button type="submit">Send</button>
</form>
Cloudflare Turnstile
Cloudflare’s privacy-preserving CAPTCHA alternative:
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
<input type="email" name="email" required>
<textarea name="message" required></textarea>
<div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY"></div>
<button type="submit">Send</button>
</form>
Blocklists
Block specific emails, domains, IPs, or words in your form settings:
| Type | Example | Description |
|---|
| Emails | spam@example.com | Block specific email addresses |
| Domains | spammer.com | Block all emails from a domain |
| IPs | 1.2.3.4 | Block submissions from an IP |
| Words | crypto, viagra | Block submissions containing words |
Work Email Validation
Require business email addresses by enabling “Require Work Email” in settings. This blocks common free email providers:
- gmail.com
- yahoo.com
- hotmail.com
- outlook.com
- And 100+ more
ML Spam Filtering
Enable ML-based spam detection for advanced filtering. This analyzes:
- Content patterns (crypto spam, phishing, etc.)
- Email address patterns
- Submission metadata
- Link density
Configure the spam threshold (0-1) in your form settings. Higher values are more strict.
Rate Limiting
Prevent abuse with rate limiting:
| Setting | Default | Description |
|---|
| Enabled | Yes | Enable/disable rate limiting |
| Count | 100 | Max submissions per window |
| Window | 3600 | Time window in seconds (1 hour) |
429 Too Many Requests error.
