Steps to a Successful Integration

This page provides you with an overview of all the important organizational and technical measures to quickly and successfully integrate Trustcaptcha into your website or online service.

A comprehensive understanding of all the necessary steps and measures has been proven to help achieve a quick, secure, and successful integration of Trustcaptcha. We therefore recommend that you read this entire page before you begin.

Overview of all steps

The following steps are necessary to successfully integrate Trustcaptcha into your website or online service:

  1. Register or Sign In: If you already have a Trustcaptcha account, sign in. If you do not have a Trustcaptcha account yet, register for free.
  2. Create a CAPTCHA: You can either create a new Captcha or use an existing one. You may also first create a CAPTCHA with a free trial so that you can integrate and extensively test it risk-free. If the available request volume or feature set of the trial is not sufficient for your testing and integration purposes, please contact our support.
  3. Integrate Trustcaptcha: Integrate Trustcaptcha into your website or online service. More detailed information about how it works technically and how to integrate it can be found below on this page.

Trustcaptcha can already be used successfully after integration. However, we recommend additional, optional steps.

  1. Adjust Settings: Fully customize the CAPTCHA settings to your needs.
  2. Privacy Policy: Update your privacy policy to mention our CAPTCHA service. More detailed information can be found further down on this page.
  3. Data Processing Agreement: Conclude a data processing agreement with us.

Technical Functionality and Integration

To better understand the technical integration steps mentioned above, it helps to have a rough understanding of how Trustcaptcha works technically. It can be divided into three steps:

  1. Solve CAPTCHA: A user solves the CAPTCHA on your website and receives a verification token
  2. Retrieve the Result: You send the verification token to your backend and retrieve the verification result from our servers
  3. Next Steps: Based on the verification result, you individually determine the next steps.

The following sequence diagram illustrates the entire Trustcaptcha process.

1. Integrate and Solve the CAPTCHA

Thanks to our libraries, you can quickly and easily integrate Trustcaptcha into any website or online service. For specific integration steps in pure Javascript or Javascript frameworks such as Angular, React, or Vue, please refer to our Frontend Integration. Afterward, the CAPTCHA can be solved in your frontend, and you will then receive a verification token.

For platform systems like Wordpress or CraftCMS, there are dedicated integration guides. These are usually complete solutions that significantly simplify or even eliminate the need for manually retrieving the result and determining the next steps. If your specific platform system is not supported, please contact our support team.

2. Submit Token and Retrieve the Result

Now send the received verification token to your backend. Then retrieve the verification result from our servers in your backend.

For common programming languages and technologies such as NodeJS, Python, Java, Kotlin, PHP, Ruby, .NET, Go, Rust, Groovy, or Scala, please read the Backend Integration. If your preferred programming language is currently not supported, you can implement the result retrieval yourself using our Process Documentation. Alternatively, please contact our support team.

3. Determine the Next Steps

The retrieved result includes information on whether the CAPTCHA was successfully passed and what the bot score (bot probability) is. Here you can find detailed information about the Result and Bot Score.

Based on the verification result and the bot score, individually determine the next steps for each user according to your needs, technical conditions, and requirements. The following exemplary measures are conceivable:

  • Mark requests from your contact form as spam as soon as they reach a certain bot score, but keep them for the time being.
  • Consistently reject registrations above a certain bot score.
  • Take different measures when logging in depending on the bot score: Low: do nothing, Medium: introduce a time delay, High: 2FA or email confirmation, Very high: reject login

Note on the Privacy Policy

Please note that you are generally legally obligated to inform about external software and service providers on your website or online offering. This is usually done in the respective privacy statements.

Text Suggestion

Disclaimer: Below you will find a possible text suggestion. Please note that this only serves as a guideline and does not constitute legally binding advice. If you wish to use the text, please adapt it to your specific requirements and, if necessary, have it reviewed by a legal advisor of your choice.

Trustcaptcha (CAPTCHA-Service)

We use ‘Trustcaptcha’ (www.trustcaptcha.com) on our website to protect us and our online services from unwanted, automated access and spam. Trustcaptcha is a service provided by Trustcaptcha GmbH, Munich, Germany.

Trustcaptcha helps us to differentiate between normal interactions and misuse. When you interact with a part of our website that is protected by Trustcaptcha, your device receives a computational task that is automatically solved in the background. As part of the protection mechanism, Trustcaptcha also calculates a trust score for each request by analysing technical/device data (e.g. IP address, device information) and behavioural data (e.g. mouse movements, clicks). This score evaluates the likelihood that a request is made by a human or a bot (malicious script), based on technical and behavioural indicators. Trustcaptcha does not set or use its own cookies. However, it may see automatically transmitted cookies from the user's device, depending on the user's settings. The actual data depends on the device’s settings and permissions. Trustcaptcha only uses the data to reliably differentiate between human and automated behaviour and afterwards to improve the threat detection algorithms and increase the system security. If Trustcaptcha collects personal data, it is automatically deleted or anonymised within a maximum of 90 days. The legal basis for the use and data processing of Trustcaptcha is our legitimate interest in the security of our website and protection against automated access, spam and other forms of misuse, Art. 6 para. 1 lit. f GDPR.

Further information can be found at https://www.trustcaptcha.com/en/legal/end-privacy-policy.