Integrations and Connectors/Connectors/Setup Guides/Fraud & Risk

Turnstile Connector

Turnstile is Cloudflare's smart CAPTCHA alternative that protects your site from spam and abuse. Unlike traditional CAPTCHAs, Turnstile can be embedded into any website without sending traffic through Cloudflare and works without showing visitors a CAPTCHA in most cases.

How Turnstile Works

Turnstile uses advanced risk analysis techniques to distinguish humans from bots. The service adapts the challenge outcome to each individual visitor or browser by running a series of small, non-interactive JavaScript challenges. These challenges include:

  • Proof-of-work and proof-of-space: Computational challenges that verify legitimate browser behavior
  • Web API probing: Detection of browser environment and capabilities
  • Browser-quirk detection: Analysis of human-like browser interactions and behavior patterns

Based on these signals, Turnstile fine-tunes the difficulty of the challenge to the specific request, allowing most legitimate users to pass without any interaction. Only suspected bots are presented with an interactive challenge.

Note

Turnstile is WCAG 2.1 AA compliant and accessible to all users. For detailed information on Turnstile's data privacy practices, refer to the Turnstile Privacy Addendum.

Setting Up the Turnstile Connector

To integrate the Turnstile connector, follow the steps below:

1. Navigate to Connector

  • Visit the Connectors page in the Descope Console.
  • Choose Turnstile from the list of connectors.

2. Connector Setup

Set up the necessary inputs:

  • Connector name: Custom name for your connector. This will come in handy when creating multiple connectors from the same connector template.
  • Connector description: Describe what your connector is used for.
  • Site Key: The site key you get from Cloudflare. For more information on obtaining your keys, see the Cloudflare Turnstile documentation.
  • Secret Key: The secret key you get from Cloudflare. Keep this key secure and never expose it in client-side code.

3. Test & Save

  • Validate your configuration by clicking the Test button and observing the Test Results section.
  • Once successful, click Create to save the connector.

Implementing the Turnstile Connector in Your Flow

1. Select or Create a Flow

  • Access your Dashboard -> Flows.
  • Select an existing flow or create a new one.

2. Integration

Add the Turnstile component to the relevant screen in your flow.

Turnstile connector component

Click on the blue plus sign inside the flow builder and choose "Connector". You should be able to see the new connector action as shown below.

Turnstile connector action

Place the Turnstile / Verify command in the flow, typically immediately after the screen step. The Verify command should be used whenever you need to calculate risk with Turnstile or any CAPTCHA solution.

Once you have a Turnstile connector configured after a screen step (as required), its result will be incorporated into the flow's riskInfo.riskScore context key.

Turnstile connector flow

The Verify command validates the Turnstile challenge token that was generated on the client side, ensuring that the user has successfully completed the Turnstile challenge.

Was this helpful?

Sardine

Use Descope's connector to Sardine AI to evaluate login and onboarding risk using machine learning-based fraud detection.

KYC

Overview of Descope KYC connectors for verifying user identity and documents within flows.

On this page