TrustedCaptcha TrustedCaptcha
Sign in Get started
Documentation

Server libraries

Verify the response token in any backend language. The endpoint is reCAPTCHA-compatible.

PHP

$response = file_get_contents(
  'https://challenges.trustedcaptcha.com/api/v1/siteverify'
  . '?secret=' . urlencode($SECRET)
  . '&response=' . urlencode($_POST['trustedcaptcha-response'])
  . '&remoteip=' . urlencode($_SERVER['REMOTE_ADDR'])
);
$result = json_decode($response, true);
if (!$result['success']) {
    http_response_code(400);
    exit('Captcha verification failed');
}

Node.js

const r = await fetch('https://challenges.trustedcaptcha.com/api/v1/siteverify', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: new URLSearchParams({
    secret: process.env.TC_SECRET,
    response: req.body['trustedcaptcha-response'],
    remoteip: req.ip,
  }),
});
const result = await r.json();
if (!result.success) return res.status(400).send('Captcha verification failed');

Python (requests)

import requests, os
r = requests.post('https://challenges.trustedcaptcha.com/api/v1/siteverify', data={
    'secret':   os.environ['TC_SECRET'],
    'response': request.form['trustedcaptcha-response'],
    'remoteip': request.remote_addr,
})
result = r.json()
if not result['success']:
    abort(400, 'Captcha verification failed')

Ruby (Net::HTTP)

require 'net/http'
require 'json'

uri = URI('https://challenges.trustedcaptcha.com/api/v1/siteverify')
res = Net::HTTP.post_form(uri, {
  'secret'   => ENV['TC_SECRET'],
  'response' => params['trustedcaptcha-response'],
  'remoteip' => request.remote_ip,
})
result = JSON.parse(res.body)
halt 400, 'Captcha verification failed' unless result['success']

Go (net/http)

resp, err := http.PostForm("https://challenges.trustedcaptcha.com/api/v1/siteverify", url.Values{
    "secret":   {os.Getenv("TC_SECRET")},
    "response": {r.FormValue("trustedcaptcha-response")},
    "remoteip": {r.RemoteAddr},
})
defer resp.Body.Close()
var result struct {
    Success bool    `json:"success"`
    Score   float64 `json:"score"`
}
json.NewDecoder(resp.Body).Decode(&result)
if !result.Success {
    http.Error(w, "Captcha verification failed", 400)
    return
}

curl (for testing)

curl -X POST https://challenges.trustedcaptcha.com/api/v1/siteverify \
  -d "secret=YOUR_SECRET" \
  -d "response=USER_TOKEN" \
  -d "remoteip=1.2.3.4"

Common framework recipes

  • Laravel: create a custom validation rule that calls siteverify. Most projects use a single TrustedCaptcha rule attached to the relevant form fields.
  • Symfony: wrap as a custom Constraint in App\Validator\TrustedCaptcha. Same pattern as Symfony's Recaptcha bundle.
  • WordPress: hook wp_authenticate for login forms, register_post for signups. We're working on a plugin — email us if you want early access.
  • Django: middleware or form-level. Same shape as django-recaptcha.