TrustCaptcha – Bot protection

Django CAPTCHA Integration

Wire TrustCaptcha into a Django view in just a few lines of Python. Stop bot-driven spam on logins, signups and contact forms — without breaking CSRF protection or your existing forms.Form classes. EU-hosted, GDPR-ready, no image puzzles.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key and licence key, and you can also create your API key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

CAPTCHA security rules of a demo CAPTCHA.

2. Add the CAPTCHA widget to your Django template

Drop the TrustCaptcha widget into the Django template that renders your form. The widget runs the CAPTCHA in the background and adds a hidden tc-verification-token field on submit, which arrives on request.POST like any other input.

templates/contact.html

HTML

<script type="module" src="https://cdn.trustcomponent.com/trustcaptcha/3.0.x/trustcaptcha.esm.min.js"></script>

<form method="post" action="{% url 'contact_submit' %}">
    {% csrf_token %}
    <input type="email" name="email" required>
    <trustcaptcha-component sitekey="<your_site_key>"></trustcaptcha-component>
    <button type="submit">Send</button>
</form>

The CAPTCHA widget will then be displayed inside your form:

Need detailed information about the CAPTCHA widget integration?
For the full widget reference — including themes, languages, custom design and more — please read our documentation.

Read the documentation

3. Validate the token in your Django view

In your Django view, take the verification token from request.POST, look up the result via our Python library, and decide whether to accept the request.

First, install our TrustCaptcha Python library:

Install

bash

pip install "trustcaptcha>=3.0.0,<4.0.0"

Then validate the token inside your Django view and act on the result:

contact/views.py

Python

from django.shortcuts import redirect, render
from django.views.decorators.http import require_POST
from trustcaptcha.trust_captcha import TrustCaptcha

@require_POST
def submit(request):
    token = request.POST.get("tc-verification-token", "")

    try:
        trust_captcha = TrustCaptcha("<your_api_key>")
        result = trust_captcha.get_verification_result(token)
    except Exception:
        return render(request, "contact.html", {"error": "CAPTCHA verification failed."})

    if not result.verification_passed or result.score > 0.5:
        return render(request, "contact.html", {"error": "CAPTCHA verification failed."})

    # CAPTCHA passed — process the request
    return redirect("contact_success")

Need detailed information about the Django CAPTCHA integration?
For full step-by-step instructions — including a Django Form integration that runs verification inside clean_*() — please read our documentation.

Read the documentation

Other backend framework instead of Django?
If you use a different framework, pick the matching recipe here. If your framework isn’t listed, your software developers can integrate the verification themselves using our documentation or ask our support team for a pre-built integration.

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

FAQs

Where in a Django app does the CAPTCHA verification go?

Inside the view that handles the form submission, before saving the model or sending the email. The CAPTCHA token comes in as a regular form field on request.POST (default name: "tc-verification-token").

Does TrustCaptcha replace Django's CSRF protection?

No. CSRF and TrustCaptcha are independent layers — both should stay enabled. Keep {% csrf_token %} in your template and the CSRF middleware in settings; TrustCaptcha only confirms that a human filled the form.

Can I integrate the CAPTCHA into a Django Form (forms.Form / ModelForm)?

Yes. Add a hidden CharField for the token (e.g. tc_verification_token) and put the verification call inside a clean_tc_verification_token method. Validation errors then surface on the bound form like any other field error.

Why is the form field named with an underscore (tc_verification_token), but the widget posts a dash (tc-verification-token)?

Python identifiers can't contain dashes, so the Form field uses tc_verification_token. The simplest fix is to set token-field-name="tc_verification_token" on the widget so the wire format matches the Form field.

Does TrustCaptcha work in async Django views?

Yes. The Python SDK is blocking, so wrap the call in sync_to_async inside an async view: result = await sync_to_async(trust_captcha.get_verification_result)(token). The event loop stays responsive while the verification runs.

Where should I keep the CAPTCHA API key in a Django project?

In an environment variable (e.g. TRUSTCAPTCHA_API_KEY) and expose it through settings.py as settings.TRUSTCAPTCHA_API_KEY. Read it from settings inside your view or form, never hard-code it.

Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

Puzzle-free UX

Runs in the background while visitors type — so more people finish your forms and fewer drop off.

GDPR-ready

EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.

Multi-layer Security

Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.

Full Control

Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your Django application with TrustCaptcha in just a few steps!

EU-hosted & GDPR-ready
No puzzles
Try free for 14 days

Get started Contact sales