Cap Standalone is a self-hosted version of Cap's backend that allows you to spin up a server to validate and create challenges so you can use it with languages other than JS.
To install Cap Standalone, you need to have [Docker](https://docs.docker.com/get-docker/) installed on your server. Once you have it installed, you can run the following command to pull the image:
This will start the server on port 3000 and create a `cap-standalone` folder in your current directory to store the data. Change the port if needed.
Make sure to replace `your_secret_key` with a strong secret key, as anyone with it will be able to log into the dashboard and create keys.
Then, you can access the dashboard at `http://localhost:3000`, log in, and create a key. The key ID and secret will be used to configure the widget and verify the token on your server. You'll also need to make the server publicly accessible from the internet, as the widget needs to be able to reach it.
Cap Standalone is a very simple and barebones server. There's no advanced automatic difficulty scaling. As such, always assume that it might fail to protect you and **always** add ratelimits.
You can change the default CORS settings for redeeming tokens and generating challenges by setting the `CORS_ORIGIN` environment variable when running the server. This defaults to `*`, which allows all origins. This will directly assign to Access-Control-Allow-Origin header.
By default, Cap Standalone updates and stores multiple files for Cap's client-side `cap.js/widget` library. This helps Cap be truly self-hosted and not depend on any external resources.
These files are stored in the `.data` folder and exposed in the following paths:
- /assets/widget.js
- /assets/floating.js
- /assets/cap_wasm_bg.wasm
- /assets/cap_wasm.js
You can use these in your app by setting the widget's script source to the appropriate path, like this: