TrustCaptcha – Bot protection

Gin CAPTCHA Integration

Wire TrustCaptcha into a Gin handler — or, even cleaner, into a small Gin middleware — in just a few lines of Go. Stop bot-driven spam on logins, signups and contact forms with a shared *TrustCaptcha that's safe for concurrent use. EU-hosted, GDPR-ready, no image puzzles.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key and licence key, and you can also create your API key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

CAPTCHA security rules of a demo CAPTCHA.

2. Add the CAPTCHA widget to your form

Drop the TrustCaptcha widget into the HTML form your Gin handler serves. The widget runs the CAPTCHA in the background and adds a hidden tc-verification-token field on submit, which Gin exposes via c.PostForm.

contact.html

HTML

<script type="module" src="https://cdn.trustcomponent.com/trustcaptcha/3.0.x/trustcaptcha.esm.min.js"></script>

<form method="post" action="/contact">
    <input type="email" name="email" required>
    <trustcaptcha-component sitekey="<your_site_key>"></trustcaptcha-component>
    <button type="submit">Send</button>
</form>

The CAPTCHA widget will then be displayed inside your form:

Need detailed information about the CAPTCHA widget integration?
For the full widget reference — including themes, languages, custom design and more — please read our documentation.

Read the documentation

3. Validate the token in your Gin handler

In your Gin handler, take the verification token from the form, look up the result via our Go module, and decide whether to accept the request.

First, install our TrustCaptcha Go module:

Install

bash

go get github.com/trustcomponent/trustcaptcha-go/v3@v3.0.0

Then validate the token inside your Gin handler and act on the result:

main.go

package main

import (
    "net/http"
    "github.com/gin-gonic/gin"
    "github.com/trustcomponent/trustcaptcha-go/v3"
)

func main() {
    r := gin.Default()

    r.POST("/contact", func(c *gin.Context) {
        token := c.PostForm("tc-verification-token")

        result, err := trustcaptcha.GetVerificationResult("<your_api_key>", token)
        if err != nil {
            c.String(http.StatusBadRequest, "CAPTCHA verification failed.")
            return
        }

        if !result.VerificationPassed || result.Score > 0.5 {
            c.String(http.StatusBadRequest, "CAPTCHA verification failed.")
            return
        }

        // CAPTCHA passed — process the request
        c.String(http.StatusOK, "Thanks!")
    })

    r.Run(":8080")
}

Need detailed information about the Gin CAPTCHA integration?
For full step-by-step instructions — including a reusable Gin middleware for projects with several protected routes — please read our documentation.

Read the documentation

Other backend framework instead of Gin?
If you use a different framework, pick the matching recipe here. If your framework isn’t listed, your software developers can integrate the verification themselves using our documentation or ask our support team for a pre-built integration.

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

FAQs

Where in a Gin app does the CAPTCHA verification go?

Inside the handler that receives the form submission, before persisting data or sending mail. The CAPTCHA token comes in as a regular form field — read it with c.PostForm("tc-verification-token").

Can I run the CAPTCHA verification as Gin middleware?

Yes — and it's the cleanest approach once you protect more than one route. Build a closure that takes a *TrustCaptcha and returns a gin.HandlerFunc; on failure call c.AbortWithStatusJSON(...). Apply it per route, or to a whole r.Group(...) prefix.

How do I share the *TrustCaptcha across handlers?

Build it once at startup and store it in a package-level variable (e.g. var trustCaptcha *trustcaptcha.TrustCaptcha). The SDK is immutable and safe for concurrent use, so one instance is enough for the whole app.

What if my endpoint receives JSON instead of form data?

Bind the body into a struct with c.ShouldBindJSON(&body) and read the token from there. The TrustCaptcha verification call is the same — only how you obtain the token changes.

Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

Puzzle-free UX

Runs in the background while visitors type — so more people finish your forms and fewer drop off.

GDPR-ready

EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.

Multi-layer Security

Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.

Full Control

Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your Gin application with TrustCaptcha in just a few steps!

EU-hosted & GDPR-ready
No puzzles
Try free for 14 days

Get started Contact sales