I'm building client server REST application. Client side is based on Angular while server is PHP (not that it matters much anyhow).

What I am wondering if there are any best practices, good examples of captcha implementation in this case? Captcha would be used for user registration etc.

I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc).

thanks

When google captcha approves one user, it provides you a token.

So imagine this context. Users is about to save, and uses the captcha, the captcha does its business until approve user and gives you a token, it is all that matters.

If you want to see a "tentative" flow of requests for this.

1. User before register passed captcha, the captcha gives you a token in the front end.
2. User clicks save, you receive in the backend the form data and the captcha token. You ask to google through the api, does the token is real? if they said yes, you save the form, if somehow Google does not recognize it, you return an error.
3. Front end listen for success or error and what kind of error. IF error is captcha, force a retry, get a new token.
4. Backend receive again the form data and the new token and check again.

You can have a look on google-recaptcha. Its angular implementation is here

vcRecaptcha

Google's new-ish reCaptcha is pretty slick. They have several easy to understand examples and usage scenarios.

https://www.google.com/recaptcha/intro/index.html

Edit: To address your specific question of how to implement this in a RESTful application, I'd make two files. One would be a public-facing file like index.php and the other would be a back-end file that would hold the private information.

I could copy/paste my previously-written how-to here, or I could just link you to the article I wrote 2 months ago.