TrustCaptcha
current language
English
Englisch
English
Deutsch
Deutsch
Sign inGet started
Java
TrustCaptcha – Bot protection

Java CAPTCHA Integration

Use our Java CAPTCHA integration to verify TrustCaptcha tokens on the server and stop bot-driven spam on logins, signups, and forms. Follow a short step-by-step guide with ready-made Java code. EU-hosted and GDPR-ready, with no image puzzles.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key, secret key and licence key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

Start of the CAPTCHA creation form.
CAPTCHA security rules of a demo CAPTCHA.

2. Integrate the CAPTCHA widget into your frontend

Integrate the CAPTCHA widget into your website or app. For precise, detailed instructions, please read the CAPTCHA widget guide in our documentation.

Read the documentation

The CAPTCHA widget will then be displayed on your website or app:

CAPTCHA done

Prebuild frontend integrations
You can use one of our pre-built frontend integrations to integrate the CAPTCHA widget into your website or application. If there is no pre-built integration from us for your preferred frontend technology, your software developers can integrate the CAPTCHA themselves using using our documentation or ask our support-team for a pre-built integration solution.

Android
Angular
Craft CMS
Flutter
iOS
JavaScript
Joomla
Keycloak
Magento 2
React
React Native
TYPO3
Vue
Webflow
WordPress

3. Validate the CAPTCHA result in your backend

The following steps give you an idea of how to retrieve the CAPTCHA verification result from our server in a Java backend and determine how to proceed based on this result. For precise, detailed instructions, please read the CAPTCHA integration guide for Java in our documentation.

Read the documentation

First, install our TrustCaptcha Java dependency:

Maven Central
XML
<dependency>
  <groupId>com.trustcomponent</groupId>
  <artifactId>trustcaptcha</artifactId>
  <version>2.0.0</version>
</dependency>

Retrieve the verification result from our server using the verification token and the secret key of your CAPTCHA:

Fetch Result
Java
// Retrieving the verification result
VerificationResult verificationResult;
try {
  verificationResult = CaptchaManager.getVerificationResult("<your_secret_key>", "<verification_token_from_your_client>");
} catch (CaptchaFailureException e) {
  // Fetch verification result failed - handle error
}

Based on the verification results and your individual needs, decide how you would like to proceed:

Handle Result
Java
// Act on the verification result
if (!verificationResult.isVerificationPassed() || verificationResult.getScore() > 0.5) {
  logger.warn("Verification failed or bot score > 0.5 – possible automated request.");
}

Need detailed information about the Java CAPTCHA integration?
For detailed instructions on integrating TrustCaptcha, please refer to our Java CAPTCHA integration guide. A complete integration example for the Java CAPTCHA can be found in our CAPTCHA Samples Repository on Github.

Other backend technology instead of Java?
If you do not want to use Java on your server or have several different backends, you can select a different integration here. If there is no pre-built integration from us for your preferred backend technology, your software developers can integrate the CAPTCHA verification process themselves using our documentation or ask our support-team for a pre-built integration.

.Net
Go
Groovy
Java
Kotlin
Nodejs
PHP
Python
Ruby
Rust
Scala
Spring

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

CAPTCHA done

FAQs

Do I need a frontend widget to use the Java server validation?
Yes. The Java part only validates a verification token that was created by the CAPTCHA widget in a website or app. Your frontend must display the widget, receive the verification token after solving, and send that token to your Java backend.
What do I need on my Java backend to validate a verification token?
You need (1) the verification token from your frontend request and (2) your Secret Key (server-side only). Then your backend calls our verification API (typically via our Java library) and reads the result.
What does the Java verification result contain?
The result includes at least two key values: (1) verificationPassed (a clear pass/fail signal) and (2) botScore (a risk score from 0 = likely human to 1 = likely bot). You can use both to decide what to do next.
How should I make a decision based on verificationPassed and botScore?
Always check verificationPassed first. Then use botScore as your risk signal. A common starting point is a threshold of 0.5, and you can adjust it depending on how strict you want to be. You can also use different thresholds for different endpoints (for example, login stricter than a newsletter form).
What can I do if the result looks risky, instead of blocking immediately?
You can choose different actions based on your process: block the request, show an error message, require an extra step (like an additional verification), or accept the request but flag it internally as potential spam for later review.
How long is a verification token valid, and can I verify it multiple times?
By default, a token is time-limited (typically 15 minutes) and can usually be retrieved only once. Higher pricing plans can provide more flexibility (for example, longer validity and limited multiple retrievals), depending on your setup.
Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

CAPTCHA start
CAPTCHA done
Puzzle-free UX
Runs in the background while visitors type — so more people finish your forms and fewer drop off.
GDPR-ready
EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.
Multi-layer Security
Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.
Full Control
Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your Java application with TrustCaptcha in just a few steps!

  • EU-hosted & GDPR-ready
  • No puzzles
  • Try free for 14 days
Get started Contact sales