Technical Functioning

How does Trustcaptcha work

Below is a brief explanation of how Trustcaptcha works technically. This will help you gain a deeper understanding of the technology and functionality of the CAPTCHA. If you are directly interested in the specific implementation and use, you can skip this section.

Preparation

To use Trustcaptcha, you need a Trustcaptcha account. Then, you can create a new CAPTCHA or use an existing one. On the management page of your respective CAPTCHA, you will find the access data with which your applications can access our CAPTCHA servers.

On Your Website

To use Trustcaptcha, it must first be integrated as a dependency into your website or application. For websites with Server-Side Rendering (SSR) and Static Site Generation (SSG), there is a JavaScript file that you can include as a dependency. For a Single-Page Application like Angular, React, or Vue, there are suitable NPM packages that can be installed. Then, the Trustcaptcha component is included in a form section. Here, you need to specify the site-key you received when creating the CAPTCHA. The CAPTCHA starts when the 'Start verification' button is clicked. If there are input fields within the form section, the CAPTCHA observes these and will start automatically when used. If the verification process is completed without errors, you will receive a verification token at the end. You send this with your other form data to your server.

On Your Server

Now you need to decrypt the verification token using the secret-key and then retrieve the result from the servers of Trustcaptcha. There are libraries provided for many common programming languages and frameworks for this purpose. In addition, there is a detailed description of the backend process and the API interface. You can use Trustcaptcha with any programming language and framework of your choice and customize it individually to your needs. It is important to note that each result can only be retrieved exactly once. The use of the secret-key to decrypt the verification token ensures that only you can retrieve the verification result.

With the Result

The obtained result contains the following information: Whether the CAPTCHA was passed, what trust value the client received, on what basis the trust value was created, and further information about the client such as IP address or device information. Based on this information, you can now determine your further, individual approach, such as accepting or rejecting the user action.

Overall Process

The image below illustrates the overall process of Trustcaptcha. It shows how Trustcaptcha is integrated into your website, how the verification process runs in the background, and how you retrieve the result from our servers at the end.
Trustcaptcha sequence diagram