Cloudflare's Turnstile Captcha for Laravel

Cloudflare's Turnstile Captcha for Laravel

The turnstile-laravel package integrates Turnstile's siteverify API with a server-side Laravel application. To use Turnstile in your Laravel application, you'll need to follow the getting started to set up the client-side integration. The client integration consists of a JavaScript widget that you either render implicitly or explicitly.

Once your users initiate a secured action via the browser, it'll send a request to the server side with a cf-turnstile-response input. This package takes care of taking the POST input sent to the server side and validating the user via the siteverify endpoint:

use DerekCodes\TurnstileLaravel\TurnstileLaravel;

$turnstile = new TurnstileLaravel;
$response = $turnstile->validate(

if ($response['status'] == true) {
    // Register a user
    // Complete an action
    // etc.

You could use Turnstile to provide a Captcha challenge for important application actions, such as login, registration, or any other interaction to want to ensure Captcha with a less intrusive style of challenge. The widget types do not include solving Captcha puzzles, but instead offer the following challenges for users:

  • A non-interactive challenge.

  • A non-intrusive interactive challenge (such as clicking a button), if the visitor is a suspected bot.

  • An invisible challenge to the browser.

As of writing, Turnstile is an open beta and available as a free tool. Calls are limited to one million siteverify calls per month.

You can learn more about this package, get full installation instructions, and view the source code on GitHub. You can learn more about Turnstile and how to set it up from Cloudflare's documenation.