TrustCaptcha
current language
English
Englisch
English
Deutsch
Deutsch
Sign inGet started
JavaScript
TrustCaptcha – Bot protection

JavaScript CAPTCHA Integration

Deploy TrustCaptcha on any JavaScript site in minutes with a simple form widget. Secure actions such as sign-ups, password resets, lead forms and checkouts from automated abuse—without puzzles. EU-hosted, GDPR-ready, and accessibility-friendly.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key, secret key and licence key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

Start of the CAPTCHA creation form.
CAPTCHA security rules of a demo CAPTCHA.

2. Integrate the CAPTCHA widget into your frontend

The following steps give you a rough idea of how to integrate the TrustCaptcha CAPTCHA widget into an JavaScript frontend. For precise, detailed instructions, please read the CAPTCHA integration guide for JavaScript in our documentation.

Read the documentation

First, install our TrustCaptcha JavaScript package:

Install
HTML
ECMAScript Modules (esm)
<script type="module" src="https://cdn.trustcomponent.com/trustcaptcha/2.1.x/trustcaptcha.esm.min.js"></script>

CommenJS (cjs)
<script src="https://cdn.trustcomponent.com/trustcaptcha/2.1.x/trustcaptcha.cjs.min.js"></script>

Universal Module Definition (umd)
<script src="https://cdn.trustcomponent.com/trustcaptcha/2.1.x/trustcaptcha.umd.min.js"></script>

Now insert the CAPTCHA widget, the so-called trustcaptcha-component HTML tag, into any HTML form:

example.html
HTML
<form>
  <!-- your input fields -->
  <trustcaptcha-component
    sitekey="<your_site_key>"
  ></trustcaptcha-component>
  <!-- further input fields / submit button -->
</form>

<script>
  const trustcaptchaComponent = document.getElementsByTagName('trustcaptcha-component')[0];
  trustcaptchaComponent.addEventListener('captchaSolved', (event) => {
    console.log('Verification token:', event.detail); <!-- handle success -->
  });
  trustcaptchaComponent.addEventListener('captchaFailed', (event) => {
    console.error(event.detail); <!-- handle error -->
  });
</script>

The CAPTCHA widget will now be displayed on your JavaScript website:

CAPTCHA done

Need detailed information about the JavaScript CAPTCHA integration?
For detailed instructions on integrating TrustCaptcha, please refer to our JavaScript CAPTCHA integration guide. A complete integration example for the JavaScript CAPTCHA can be found in our CAPTCHA Samples Repository on Github.

Other frontend technology instead of JavaScript?
If you do not want to use JavaScript or have several websites or applications, you can select a different framework or platform here. If there is no pre-built integration from us for your preferred frontend technology, your software developers can integrate the CAPTCHA themselves using our documentation or ask our support-team for a pre-built integration solution.

Android
Angular
Craft CMS
Flutter
iOS
JavaScript
Joomla
Keycloak
Magento 2
React
React Native
TYPO3
Vue
Webflow
WordPress

3. Validate the CAPTCHA result in your backend

Once the CAPTCHA is complete, take the verification token and send it to your backend. In your backend, retrieve the CAPTCHA verification result from our servers and validate the result. Depending on how high the bot risk is, you decide how to proceed. You can find detailed information on backend integration and result validation in our documentation.

Prebuild backend integrations
You can use one of our pre-built integrations to integrate the CAPTCHA validation process into your backend service. If there is no pre-built integration from us for your preferred backend technology, your software developers can integrate the CAPTCHA themselves using using our documentation or ask our support-team for a pre-built integration solution.

.Net
Go
Groovy
Java
Kotlin
Nodejs
PHP
Python
Ruby
Rust
Scala
Spring

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

CAPTCHA done

FAQs

What do I need to integrate TrustCaptcha on a plain JavaScript website?
You add the widget script to your page, place the CAPTCHA element inside your form, and configure your site key. Then your backend must verify the token with our API before you accept the submission.
Does it work only with JavaScript, or also with other frameworks and CMS platforms?
The JavaScript integration works on any website that can run JavaScript. If you use a platform like WordPress, TYPO3, Magento, Keycloak, or a framework like Angular/React/Vue, you can also use a ready-made plugin or wrapper instead.
Why does the CAPTCHA have to be placed inside a <form>?
Because the widget is designed to work with a form: it automatically creates a hidden token field and connects the verification flow to that form. If it is not inside a form, it cannot work correctly.
How do I get the verification token and send it to my server?
The widget automatically adds a hidden input field (by default named "tc-verification-token") to your form. If you submit the form normally, the token is sent automatically; if you submit in a custom way (AJAX), you can read the hidden field or listen to the "captchaSolved" event.
Do I still need server-side validation, or is the frontend widget enough?
You should always validate on the server. The frontend widget only creates a token; your backend must verify that token with our API to make a safe decision.
Can we self-host the JavaScript file instead of loading it from your CDN?
Yes. You can host the JavaScript file on your own infrastructure, which can reduce external dependencies. If you self-host, you are responsible for updating the file when you want bug fixes and improvements.
How do we set up authorized websites (domains) for production and development?
Add the domain or subdomain you want to protect (for example "example.com" or "app.example.com"). For local testing you can add "localhost" or an IP address. Do not include protocol, ports, paths, or query parameters; wildcard domains are not enabled by default and can be activated by support if needed.
Can I use multiple CAPTCHAs on the same page?
Yes, that is possible. The recommended setup is one CAPTCHA per form; if you ever place more than one CAPTCHA inside the same form, you should use different token field names to avoid conflicts.
Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

CAPTCHA start
CAPTCHA done
Puzzle-free UX
Runs in the background while visitors type — so more people finish your forms and fewer drop off.
GDPR-ready
EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.
Multi-layer Security
Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.
Full Control
Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your JavaScript application with TrustCaptcha in just a few steps!

  • EU-hosted & GDPR-ready
  • No puzzles
  • Try free for 14 days
Get started Contact sales