TrustCaptcha – Bot protection

NodeJS CAPTCHA Integration

Add TrustCaptcha to your Node.js app in minutes. Protect sign-ups, logins, contact forms and API requests by verifying each check on your server. Puzzle-free UX, EU hosting and GDPR-ready compliance keep real users moving while bots get blocked.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key, secret key and licence key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

CAPTCHA security rules of a demo CAPTCHA.

2. Integrate the CAPTCHA widget into your frontend

Integrate the CAPTCHA widget into your website or app. For precise, detailed instructions, please read the CAPTCHA widget guide in our documentation.

Read the documentation

The CAPTCHA widget will then be displayed on your website or app:

Prebuild frontend integrations
You can use one of our pre-built frontend integrations to integrate the CAPTCHA widget into your website or application. If there is no pre-built integration from us for your preferred frontend technology, your software developers can integrate the CAPTCHA themselves using using our documentation or ask our support-team for a pre-built integration solution.

3. Validate the CAPTCHA result in your backend

The following steps give you an idea of how to retrieve the CAPTCHA verification result from our server in a NodeJS backend and determine how to proceed based on this result. For precise, detailed instructions, please read the CAPTCHA integration guide for NodeJS in our documentation.

Read the documentation

First, install our TrustCaptcha NodeJS dependency:

Install

bash

npm i @trustcomponent/trustcaptcha-nodejs

Retrieve the verification result from our server using the verification token and the secret key of your CAPTCHA:

Fetch Result

TypeScript

// Retrieving the verification result
let verificationResult;
try {
  verificationResult = await CaptchaManager.getVerificationResult("<your_secret_key>", "<verification_token_from_your_client>");
} catch (error) {
  // Fetch verification result failed - handle error
}

Based on the verification results and your individual needs, decide how you would like to proceed:

Handle Result

TypeScript

// Act on the verification result
if (!verificationResult.verificationPassed || verificationResult.score > 0.5) {
  console.log("Verification failed or bot score > 0.5 – possible automated request.");
}

Need detailed information about the NodeJS CAPTCHA integration?
For detailed instructions on integrating TrustCaptcha, please refer to our NodeJS CAPTCHA integration guide. A complete integration example for the NodeJS CAPTCHA can be found in our CAPTCHA Samples Repository on Github.

Other backend technology instead of NodeJS?
If you do not want to use NodeJS on your server or have several different backends, you can select a different integration here. If there is no pre-built integration from us for your preferred backend technology, your software developers can integrate the CAPTCHA verification process themselves using our documentation or ask our support-team for a pre-built integration.

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

FAQs

Do I need a frontend to use TrustCaptcha with Node.js?

Yes. TrustCaptcha is solved in the user’s browser (website or app) via the CAPTCHA widget. After it’s solved, your frontend receives a verification token and sends it to your Node.js backend (for example in a form submit or an API request).

What does my Node.js backend need to validate a TrustCaptcha check?

Two things: your CAPTCHA secret key (from your TrustCaptcha dashboard) and the verification token from the frontend. Your backend uses them to retrieve the verification result from TrustCaptcha.

How does the Node.js validation work in simple terms?

You install the TrustCaptcha Node.js package, then your backend calls one function to fetch the verification result. You don’t need to manually decode the token or build the REST call yourself—the library handles that and returns a structured result object.

How do I decide whether to accept or block a request?

Start with two fields: verificationPassed (yes/no) and score (0 to 1, where higher means higher bot risk). A common starting rule is: accept only if verificationPassed is true and score is 0.5 or below—but you can choose stricter or more tolerant thresholds, or use a multi-step flow (e.g., allow, extra verification, reject).

How long is the verification token valid, and can I fetch the result more than once?

As a rule, the verification result can be retrieved only once and only within 15 minutes after solving the CAPTCHA. If you need different limits (for example longer validity or multiple retrievals), this can be adjusted in specific cases.

Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

Puzzle-free UX

Runs in the background while visitors type — so more people finish your forms and fewer drop off.

GDPR-ready

EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.

Multi-layer Security

Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.

Full Control

Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your NodeJS application with TrustCaptcha in just a few steps!

EU-hosted & GDPR-ready
No puzzles
Try free for 14 days

Get started Contact sales