TrustCaptcha
Sign inGet started
Sinatra
TrustCaptcha – Bot protection

Sinatra CAPTCHA Integration

Wire TrustCaptcha into a Sinatra route in just a few lines of Ruby. Stop bot-driven spam on logins, signups and contact forms — and reuse the verification across routes with a small helper plus a before filter. EU-hosted, GDPR-ready, no image puzzles.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key and licence key, and you can also create your API key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

Start of the CAPTCHA creation form.
CAPTCHA security rules of a demo CAPTCHA.

2. Add the CAPTCHA widget to your ERB template

Drop the TrustCaptcha widget into the ERB form your Sinatra route serves. The widget runs the CAPTCHA in the background and adds a hidden tc-verification-token field on submit, which arrives on params like any other input.

views/contact.erb
HTML
<script type="module" src="https://cdn.trustcomponent.com/trustcaptcha/3.0.x/trustcaptcha.esm.min.js"></script>

<form method="post" action="/contact">
    <input type="email" name="email" required>
    <trustcaptcha-component sitekey="<your_site_key>"></trustcaptcha-component>
    <button type="submit">Send</button>
</form>

The CAPTCHA widget will then be displayed inside your form:

CAPTCHA done

Need detailed information about the CAPTCHA widget integration?
For the full widget reference — including themes, languages, custom design and more — please read our documentation.

Read the documentation

3. Validate the token in your Sinatra route

In your Sinatra route, take the verification token from params, look up the result via our Ruby gem, and decide whether to accept the request.

First, install our TrustCaptcha Ruby gem:

Gemfile
Ruby
gem 'sinatra'
gem 'trustcaptcha', '~> 3.0'

Then validate the token inside your Sinatra route and act on the result:

app.rb
Ruby
require 'sinatra'
require 'trustcaptcha/trust_captcha'

post '/contact' do
  token = params['tc-verification-token'].to_s

  begin
    trust_captcha = TrustCaptcha.new('<your_api_key>')
    result = trust_captcha.get_verification_result(token)
  rescue StandardError
    halt 400, 'CAPTCHA verification failed.'
  end

  halt 400, 'CAPTCHA verification failed.' unless result.verification_passed && result.score <= 0.5

  # CAPTCHA passed — process the request
  'Thanks!'
end

Need detailed information about the Sinatra CAPTCHA integration?
For full step-by-step instructions — including a reusable helper plus a before filter — please read our documentation.

Read the documentation

Other backend framework instead of Sinatra?
If you use a different framework, pick the matching recipe here. If your framework isn’t listed, your software developers can integrate the verification themselves using our documentation or ask our support team for a pre-built integration.

Actix Web
ASP.NET Core
Axum
Django
Echo
Express
FastAPI
Fastify
Fiber
Flask
Gin
Hapi
Laravel
Micronaut
NestJS
Next.js
Quarkus
Ruby on Rails
Sinatra
Spring Boot
Symfony

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

CAPTCHA done

FAQs

Where in a Sinatra app does the CAPTCHA verification go?
Inside the route block that handles the form submission, before persisting data or sending mail. The CAPTCHA token comes in as a regular form parameter — read it with params['tc-verification-token'].
Can I run the verification across multiple routes?
Yes. Define a Sinatra helper (e.g. verify_trust_captcha!) inside a helpers do block that calls our Ruby gem and uses halt 400, '...' on failure. Then attach it to the routes you want to protect via before '/contact' do verify_trust_captcha! end.
Does Sinatra's before filter run for GET as well as POST?
Yes. before '/contact' matches every HTTP verb on that path. If the same path serves a GET to render the form, guard the helper with return unless request.post? so the GET request isn't blocked because no token is present yet.
How do I share the SDK across routes?
Build a single TrustCaptcha instance once at startup (e.g. TRUST_CAPTCHA = TrustCaptcha.new(ENV.fetch('TRUSTCAPTCHA_API_KEY'))) and reach it from your helper. The SDK is immutable, so reusing one instance is the right granularity.
Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

CAPTCHA start
CAPTCHA done
Puzzle-free UX
Runs in the background while visitors type — so more people finish your forms and fewer drop off.
GDPR-ready
EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.
Multi-layer Security
Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.
Full Control
Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your Sinatra application with TrustCaptcha in just a few steps!

  • EU-hosted & GDPR-ready
  • No puzzles
  • Try free for 14 days
Get started Contact sales