TrustCaptcha – Bot protection

Actix Web CAPTCHA Integration

Wire TrustCaptcha into an Actix Web handler in just a few lines of Rust. Stop bot-driven spam on logins, signups and contact forms with a shared TrustCaptcha instance via web::Data and a simple async helper. EU-hosted, GDPR-ready, no image puzzles.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key and licence key, and you can also create your API key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

CAPTCHA security rules of a demo CAPTCHA.

2. Add the CAPTCHA widget to your form

Drop the TrustCaptcha widget into the HTML form your Actix Web handler serves. The widget runs the CAPTCHA in the background and adds a hidden tc-verification-token field on submit, which web::Form deserializes into your struct.

contact.html

HTML

<script type="module" src="https://cdn.trustcomponent.com/trustcaptcha/3.0.x/trustcaptcha.esm.min.js"></script>

<form method="post" action="/contact">
    <input type="email" name="email" required>
    <trustcaptcha-component sitekey="<your_site_key>"></trustcaptcha-component>
    <button type="submit">Send</button>
</form>

The CAPTCHA widget will then be displayed inside your form:

Need detailed information about the CAPTCHA widget integration?
For the full widget reference — including themes, languages, custom design and more — please read our documentation.

Read the documentation

3. Validate the token in your Actix Web handler

In your Actix Web handler, take the verification token from the form, look up the result via our Rust crate, and decide whether to accept the request.

First, install our TrustCaptcha Rust crate:

Install

bash

cargo add trustcaptcha@^3.0

Then validate the token inside your Actix Web handler and act on the result:

src/main.rs

Rust

use actix_web::{post, web, HttpResponse, Responder};
use serde::Deserialize;
use trustcaptcha::trust_captcha::TrustCaptcha;

#[derive(Deserialize)]
struct ContactForm {
    email: String,
    #[serde(rename = "tc-verification-token")]
    tc_verification_token: String,
}

#[post("/contact")]
async fn submit(form: web::Form<ContactForm>) -> impl Responder {
    let trust_captcha = match TrustCaptcha::builder("<your_api_key>").build() {
        Ok(tc) => tc,
        Err(_) => return HttpResponse::InternalServerError().body("CAPTCHA setup failed."),
    };

    let result = match trust_captcha.get_verification_result(&form.tc_verification_token).await {
        Ok(r) => r,
        Err(_) => return HttpResponse::BadRequest().body("CAPTCHA verification failed."),
    };

    if !result.verification_passed || result.score > 0.5 {
        return HttpResponse::BadRequest().body("CAPTCHA verification failed.");
    }

    // CAPTCHA passed — process the request
    HttpResponse::Ok().body("Thanks!")
}

Need detailed information about the Actix Web CAPTCHA integration?
For full step-by-step instructions — including a shared web::Data<TrustCaptcha> setup and a reusable verify_token helper — please read our documentation.

Read the documentation

Other backend framework instead of Actix Web?
If you use a different framework, pick the matching recipe here. If your framework isn’t listed, your software developers can integrate the verification themselves using our documentation or ask our support team for a pre-built integration.

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

FAQs

Where in an Actix Web app does the CAPTCHA verification go?

Inside the async handler that receives the form submission. Bind the body with web::Form<MyForm>, where MyForm carries the CAPTCHA token via #[serde(rename = "tc-verification-token")], then call our Rust crate to fetch the verification result.

How do I share a single TrustCaptcha across handlers?

Build it once at startup, wrap it in web::Data::new(...), and register it with App::new().app_data(...). Each handler then declares trust_captcha: web::Data<TrustCaptcha> in its signature — the underlying Arc makes the handle cheap to clone.

Should I extract the CAPTCHA check into a custom Actix extractor?

It's tempting, but extractors that run before web::Form only see request parts (headers, URI), not the body — and the body has already been consumed by the form extractor. The cleanest pattern is a small async verify_token(...) helper called from inside each protected handler.

Does the Rust SDK fit Actix Web's async runtime?

Yes. The crate is async/reqwest-based, so you await the verification call from any async fn handler. No blocking workarounds and no thread-pool tricks are needed.

Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

Puzzle-free UX

Runs in the background while visitors type — so more people finish your forms and fewer drop off.

GDPR-ready

EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.

Multi-layer Security

Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.

Full Control

Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your Actix Web application with TrustCaptcha in just a few steps!

EU-hosted & GDPR-ready
No puzzles
Try free for 14 days

Get started Contact sales