If CAPTCHA is enabled on pages requiring shopper input, then in most cases, the corresponding REST endpoints that send requests to the Magento server must include the shopper’s CAPTCHA response. Supply the shopper’s response in the HTTP
X-Captcha header. The exception to this policy is that you do not send the CAPTCHA response if you specify an integration authorization token in the header of the REST endpoint.
The following table lists the forms that can be configured to require CAPTCHA. Go to Stores > Configuration > Customers > Customer Configuration > CAPTCHA > Forms to enable or disable CAPTCHA on these forms.
|Form name||REST endpoint|
|Add Gift Card Code||
|Applying Coupon Code||
|Contact Us||Not applicable|
|Payflow Pro||Not applicable|
|Send to Friend Form||Not applicable|
|Share Wishlist Form||Not applicable|