Thanks to visit codestin.com
Credit goes to lib.rs

Lib.rs

Web programming
#captcha #back-end #protection

hcaptcha

hCaptcha client response verification. Validate the hCaptcha response submitted from to your server from the client.

by Jeremiah Russell, gortavoher, jerus-bot and 6 contributors

65 stable releases

3.1.1 Dec 28, 2025
3.1.0 Nov 28, 2025
3.0.33 Oct 28, 2025
3.0.29 Jul 28, 2025
0.4.0 Nov 23, 2020

#147 in Web programming

Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App Codestin Search App

696 downloads per month

MIT/Apache

135KB
2K SLoC

Rust library hcaptcha

Crates.io MIT licensed Build Status Rust 1.88+ Docs OpenSSF Best Practices BuyMeaCoffee GitHubSponsors codecov

The rust library hcaptcha is used with your backend service to verify the hcaptcha response provided from the client.

Contributions are welcome — please see the Contributing Guide and our Governance.

Installation

To use hcaptcha, add the following to your Cargo.toml:

[dependencies]
hcaptcha = "3.1.1"

Quick start

Minimal example verifying a client token on your backend:

use hcaptcha::{Client, Request};

#[tokio::main]
async fn main() -> Result<(), hcaptcha::Error> {
    // Get the secret from your config/secret manager
    let secret = "0x123456789abcde0f123456789abcdef012345678".to_string();
    // Token comes from the client
    let token = "client-response-token".to_string();

let request = Request::new_from_response(&secret, &token)?;
    let client = Client::new();

    // This will call the hCaptcha API
    // In tests/examples, prefer mocking the network
    let _response = client.verify(request).await?;
    Ok(())
}

Breaking changes with version 3.0.0

  • The Hcaptcha prefix has been removed from all types.
  • The default feature now uses rustls-backend and not the nativetls-backend.
  • The verify_client_response method has been deprecated in favour or the verify method.

Usage

Derive a validation method on the data structure representing your data, marking the captcha components in the data structure.

# use hcaptcha::Hcaptcha;

#[derive(Debug, Deserialize, Hcaptcha)]
pub struct ContactForm {
    name: String,
    phone: String,
    email: String,
    message: String,
    #[captcha]
    token: String,
}

Validate the captcha data.

    # #[tokio::main]
    # async main() -> Result<(), Box<dyn std::error::Error>> {
    let contact_form: ContactForm = serde_json::from_str(e.body_string())?;
    contact_form.valid_response(&secret, None).await?;
    # }
    # fn get_your_secret() -> String {
    #   "0x123456789abcde0f123456789abcdef012345678".to_string()
    # }

See the examples folder for an AWS Lambda contact form example.

Web Assembly

Hcaptcha has been tested in a web assembly project using wasm-bindgen and node.

See the hcaptcha-wasm example for a sample project which can be run using wasm-pack test --node.

License

Licensed under either of

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Credits

Initial version based on recaptcha-rs by panicbit.

Dependencies

~5–22MB
~250K SLoC