Loader script
Include once anywhere in your page. The async defer attributes are safe and recommended.
<script src="https://cdn.trustedcaptcha.com/widget/v1/api.js" async defer></script>Once loaded, the script exposes window.trustedcaptcha. It auto-renders any element with class .trustedcaptcha and data-sitekey attribute.
Auto-render (recommended)
<div class="trustedcaptcha"
data-sitekey="0x9a7f4b2c..."
data-theme="auto"
data-size="normal"
data-mode="auto"
data-callback="onTcVerified"></div>
<script>
function onTcVerified(token) {
console.log('Verified:', token);
// Token is also written to a hidden input named "trustedcaptcha-response"
}
</script>Explicit render
Wait until trustedcaptcha.ready(), then call render():
trustedcaptcha.ready(function () {
var widgetId = trustedcaptcha.render('#captcha-mount', {
sitekey: '0x9a7f4b2c...',
theme: 'dark',
size: 'normal',
mode: 'auto',
callback: function (token) { /* success */ },
'expired-callback': function () { /* token aged out */ },
'error-callback': function (err) { /* network/site error */ },
});
});Programmatic API
| Method | Description |
|---|---|
render(target, opts) | Render into target. Returns a widget ID. |
reset(id?) | Clear the token, restart the challenge. |
remove(id?) | Remove the widget entirely. |
getResponse(id?) | Returns the current token string, or ''. |
isExpired(id?) | Returns true if the token has aged out. |
execute(sitekey, opts?) | Programmatic trigger for invisible mode. |
ready(cb) | Run cb when the widget API is ready. |
Token compatibility
On success, the widget writes the token into all four of these hidden inputs simultaneously, so existing form code keeps working:
input[name="trustedcaptcha-response"]input[name="g-recaptcha-response"]input[name="h-captcha-response"]input[name="cf-turnstile-response"]
If your form doesn't have any of these, the widget creates a hidden input named trustedcaptcha-response in its mount element.