TrustCaptcha – Bot protection

Quarkus CAPTCHA Integration

Wire TrustCaptcha into a Quarkus JAX-RS resource in just a few lines of Java. Stop bot-driven spam on logins, signups and contact forms — with native-image friendly code, MicroProfile config and Hibernate Validator. EU-hosted, GDPR-ready, no image puzzles.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key and licence key, and you can also create your API key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

CAPTCHA security rules of a demo CAPTCHA.

2. Add the CAPTCHA widget to your form

Drop the TrustCaptcha widget into the HTML form your Quarkus resource serves. The widget runs the CAPTCHA in the background and adds a hidden tc-verification-token field on submit, which Quarkus then exposes to your @POST method via @FormParam.

contact.html

HTML

<script type="module" src="https://cdn.trustcomponent.com/trustcaptcha/3.0.x/trustcaptcha.esm.min.js"></script>

<form method="post" action="/contact">
    <input type="email" name="email" required>
    <trustcaptcha-component sitekey="<your_site_key>"></trustcaptcha-component>
    <button type="submit">Send</button>
</form>

The CAPTCHA widget will then be displayed inside your form:

Need detailed information about the CAPTCHA widget integration?
For the full widget reference — including themes, languages, custom design and more — please read our documentation.

Read the documentation

3. Validate the token in your Quarkus resource

In your Quarkus resource, take the verification token from the form, look up the result via our Java library, and decide whether to accept the request.

First, install our TrustCaptcha Java library:

pom.xml

XML

<dependency>
  <groupId>com.trustcomponent</groupId>
  <artifactId>trustcaptcha</artifactId>
  <version>3.0.0</version>
</dependency>

Then validate the token inside your JAX-RS resource and act on the result:

ContactResource.java

Java

@Path("/contact")
public class ContactResource {

  @POST
  public Response submit(@FormParam("tc-verification-token") String token) {

    VerificationResult result;
    try {
      result = TrustCaptcha.getVerificationResult("<your_api_key>", token);
    } catch (CaptchaFailureException e) {
      return Response.status(400).entity("CAPTCHA verification failed.").build();
    }

    if (!result.isVerificationPassed() || result.getScore() > 0.5) {
      return Response.status(400).entity("CAPTCHA verification failed.").build();
    }

    // CAPTCHA passed — process the request
    return Response.ok("Thanks!").build();
  }
}

Need detailed information about the Quarkus CAPTCHA integration?
For full step-by-step instructions — including a Bean Validation refactor for projects with several protected endpoints — please read our documentation.

Read the documentation

Other backend framework instead of Quarkus?
If you use a different framework, pick the matching recipe here. If your framework isn’t listed, your software developers can integrate the verification themselves using our documentation or ask our support team for a pre-built integration.

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

FAQs

Does TrustCaptcha work with quarkus-rest and the older RESTEasy Classic?

Yes — both work the same way. The verification call is a regular Java method call inside your @POST resource method. Whether you use quarkus-rest (RESTEasy Reactive) or quarkus-resteasy-classic only changes the dependency name, not the integration code.

How do I read the CAPTCHA token in a JAX-RS resource?

It arrives as a regular form parameter named "tc-verification-token". Annotate the method parameter with @FormParam("tc-verification-token") and Quarkus hands you the value as a String.

Can I plug the CAPTCHA check into Hibernate Validator (@Valid)?

Yes. For projects with several protected endpoints, build a custom Bean Validation constraint (e.g. @TrustCaptchaToken) backed by a CDI-managed @ApplicationScoped validator that injects the API key via @ConfigProperty. The check then runs automatically whenever you mark a parameter with @Valid.

Where should I put the CAPTCHA API key in a Quarkus app?

In application.properties under a key like trustcaptcha.api-key, and read it with @ConfigProperty(name = "trustcaptcha.api-key"). For production, fill the value from an environment variable or your secret manager so the key never lands in your repo.

Does TrustCaptcha work in a Quarkus native image (GraalVM)?

Yes. The Java SDK works in JVM mode and in native builds. With quarkus-jackson on the classpath, the result type's reflection metadata is registered automatically — no extra configuration is required for typical setups.

What about reactive endpoints that return Uni or Multi?

The Java SDK call is blocking, so wrap it in Uni.createFrom().item(...).runSubscriptionOn(Infrastructure.getDefaultWorkerPool()) inside a reactive resource. This keeps the I/O thread free while the verification call runs.

Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

Puzzle-free UX

Runs in the background while visitors type — so more people finish your forms and fewer drop off.

GDPR-ready

EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.

Multi-layer Security

Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.

Full Control

Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your Quarkus application with TrustCaptcha in just a few steps!

EU-hosted & GDPR-ready
No puzzles
Try free for 14 days

Get started Contact sales