diff --git a/src/constants/common.js b/src/constants/common.js
index 74c54835d..9724f558a 100644
--- a/src/constants/common.js
+++ b/src/constants/common.js
@@ -89,5 +89,5 @@ module.exports = {
 	DELETED_STATUS: 'DELETED',
 	DEFAULT_ORG_VISIBILITY: 'PUBLIC',
 	ROLE_TYPE_NON_SYSTEM: 0,
-	captchaEnabledAPIs: ['/user/v1/account/login'],
+	captchaEnabledAPIs: ['/user/v1/account/login', '/user/v1/account/create', '/user/v1/account/resetPassword'],
 }
diff --git a/src/middlewares/authenticator.js b/src/middlewares/authenticator.js
index c5fe0e42c..5f303c345 100644
--- a/src/middlewares/authenticator.js
+++ b/src/middlewares/authenticator.js
@@ -67,7 +67,7 @@ module.exports = async function (req, res, next) {
 			const isCaptchaEnabledForRoute = common.captchaEnabledAPIs.includes(req.path)
 			if (isCaptchaEnabledForRoute) {
 				// get the token from API
-				const captchaToken = req.get('Captcha-Token')
+				const captchaToken = req.get('captcha-token')
 				// verify token
 				if (!(await verifyCaptchaToken(captchaToken))) {
 					throw responses.failureResponse({