Use turnstile to protect from bots
To safeguard your Auth API against automated attacks from scripts and bots, you can implement Cloudflare’s Turnstile. Turnstile offers CAPTCHA-like protection without user friction, as it doesn’t require solving puzzles.
This approach balances security with usability, ensuring robust protection where it matters most.
Create a widget on Cloudflare
Sign up on Cloudflare if you haven’t already.
Go to your account -> Turnstile -> Add Widget. Then:
Then click on “create” and write down the site key and the secret key.
Enable Turnstile integration on auth
Start by adding the following configuration to your Nhost project:
Replace turnstileSecretKey
with the secret key from the first step.
Integrate turnstile into your sign up form
To integrate turnstile into your sign up form you can refer to Cloudfare’s documentation. Just keep in mind a few things:
/signup/...
request in the header x-cf-turnstile-response
.Pass turnstile's response to the signup request
To pass the response as a header change your request to include the header. For instance:
In the following PR you can see the changes that were needed in our very own dashboard to integrate turnstile.
Use turnstile to protect from bots
To safeguard your Auth API against automated attacks from scripts and bots, you can implement Cloudflare’s Turnstile. Turnstile offers CAPTCHA-like protection without user friction, as it doesn’t require solving puzzles.
This approach balances security with usability, ensuring robust protection where it matters most.
Create a widget on Cloudflare
Sign up on Cloudflare if you haven’t already.
Go to your account -> Turnstile -> Add Widget. Then:
Then click on “create” and write down the site key and the secret key.
Enable Turnstile integration on auth
Start by adding the following configuration to your Nhost project:
Replace turnstileSecretKey
with the secret key from the first step.
Integrate turnstile into your sign up form
To integrate turnstile into your sign up form you can refer to Cloudfare’s documentation. Just keep in mind a few things:
/signup/...
request in the header x-cf-turnstile-response
.Pass turnstile's response to the signup request
To pass the response as a header change your request to include the header. For instance:
In the following PR you can see the changes that were needed in our very own dashboard to integrate turnstile.