Munich Open Source

English

Deutsch

English

Deutsch

Appearance

Logo CaptchaService
Code Website Open App
Inhouse
Application
Start 2024
Kubernetes
MIT
Logo CaptchaService
Code Website Open App
Inhouse
Application
Start 2024
Kubernetes
MIT

CaptchaService is a self-hosted microservice that provides GDPR-compliant, proof-of-work CAPTCHA challenges using the European open-source ALTCHA library — the bot-protection layer in front of the City of Munich's public Zeitmanagementsystem / eAppointment APIs.

About the project

CaptchaService was built at it@M as the open-source bot-protection layer in front of the public Zeitmanagementsystem / eAppointment APIs operated by the City of Munich — specifically zmscitizenview (the citizen-facing booking frontend) and zmscitizenapi (the REST backend that serves available appointment slots).

Over the years the team went through several iterations to keep automated scrapers and booking bots away from those endpoints: a simple in-house CAPTCHA, then commercial proprietary services, and finally ALTCHA — a GDPR-compliant, privacy-first proof-of-work library made in Europe with no cookies, no tracking, and no third-party calls. Choosing an open-source, European library is a deliberate contribution to digital sovereignty in the public sector.

CaptchaService wraps ALTCHA in a small, multi-tenant Spring Boot service with adaptive difficulty management. A challenge is requested when a citizen opens the booking flow; the verified payload is then required before any reservation or scraping-like read is accepted.

  • Automated bots can no longer cheaply enumerate available appointment slots.
  • Real users only see a near-invisible proof-of-work step — an unobtrusive "I am not a bot" checkbox.
  • Through CaptchaService, no personal data leaves the City of Munich infrastructure.
  • Broader coverage — in the Zeitmanagementsystem appointment booking process, all city departments and agencies are now covered.
  • Easily reusable in other systems via HTTP API and multi-tenant configuration.
  • Very low operating costs compared to commercial CAPTCHA services.

Screenshot of the "I am not a bot" CAPTCHA checkbox on the Zeitmanagementsystem citizen booking page

Technical details

  • Spring Boot microservice with REST API (/challenge, /verify)
  • Proof-of-work CAPTCHA via ALTCHA — no image puzzles
  • Adaptive difficulty scaling based on request patterns per source address
  • Multi-tenant support with per-site keys, secrets, and difficulty maps
  • PostgreSQL persistence with Flyway migrations
  • Health checks and Prometheus metrics via Spring Actuator
  • Built with Java 21 and Spring Boot 3.x, following the reference architecture of the City of Munich
  • Developer handbook and source code