Bot Verification Setup

Available Providers

ToolDocs™ supports three bot verification methods. Only one primary provider can be active at a time, but the Honeypot runs as a passive secondary layer alongside any provider.

Honeypot (Default, Passive)

An invisible form field that bots typically fill in but humans never see. If the field has any value, the submission is silently rejected — the bot sees a generic “Thank you” message. No API keys required. Enabled by default.

Configure in Settings → Verification → Honeypot. You can change the field name periodically for extra protection.

Google reCAPTCHA

reCAPTCHA v2 (Checkbox): Users click “I’m not a robot.” Most compatible with all visitors.

reCAPTCHA v3 (Invisible): Runs in the background and returns a score (0.0 = likely bot, 1.0 = likely human). Submissions below the threshold are rejected. Default threshold: 0.5.

Setup:

1. Create keys at Google reCAPTCHA admin.
2. Go to ToolDocs → Settings → Verification → reCAPTCHA.
3. Select v2 or v3 and enter your Site Key and Secret Key.

Cloudflare Turnstile

A privacy-focused CAPTCHA alternative from Cloudflare. Free for unlimited use, supports visible and invisible widget types.

Setup:

1. Create a Turnstile widget at Cloudflare dashboard.
2. Go to ToolDocs → Settings → Verification → Turnstile.
3. Enter your Site Key and Secret Key.

Verification Flow

When a form is submitted, ToolDocs™ checks the Honeypot first (if enabled), then the primary provider. If the Honeypot catches a bot, the failure is silent. If the primary provider fails, an error message is shown and the user can retry.