Can you Decrypt and validate the MTCaptcha Verified Token directly without making external API calls
Yes. The standard and easiest method of validating the MTCaptcha verified token is via the checktoken API, but you can decrypt and decode the token directly on server side without making any external API calls to mtcaptcha.com. You will need the site PrivateKey and the ability to calculate MD5 hash and decrypt via AES cipher.
Decrypt Token Server Side Sample Code (No API)
The sample java code to decrypt and decode the token can be found at the github project here :
and reference documentation here
Decode with API
The checktoken API example is as below, see Developers Guide for more details