Migrating from Cloudflare Turnstile
This guide helps you transition from Cloudflare Turnstile to ALTCHA Sentinel, a self-hosted, privacy-friendly alternative that ensures protection without relying on external cloud services or data logging.
Why Switch?
While Turnstile is less intrusive than traditional CAPTCHAs, it still requires a dependency on Cloudflare’s infrastructure and global network. ALTCHA provides a sovereign alternative, allowing you to run the entire verification process on your own hardware while maintaining a frictionless user experience.
Key Differences
| Feature | Cloudflare Turnstile | ALTCHA Sentinel |
|---|---|---|
| User Experience | Frictionless | Frictionless PoW (Proof-of-Work) |
| Implementation | Requires Cloudflare service | Self-hosted; runs on your infrastructure |
| Privacy | Cloudflare logs and tracks data | Zero tracking, privacy-focused |
| Accessibility | Generally accessible | Fully WCAG-compliant |
| Compliance | Varies by region/usage | GDPR, CCPA, HIPAA, LGPD, & PIPL compliant |
| Verification | Server-to-Cloudflare API call | Fast, local cryptographic verification |
| Limits | Tiered usage limits | Unlimited usage |
Implementation Comparison
Previous Implementation (Turnstile)
- Frontend: Required loading an external script from
challenges.cloudflare.comand adding a container with adata-sitekey. - Backend: Involved a mandatory outgoing POST request to Cloudflare’s
siteverifyendpoint, often requiring the user’s IP address and a secret key for validation.
New Implementation (ALTCHA)
ALTCHA keeps the verification loop within your own environment, improving privacy and reducing external dependencies.
Frontend: Import the package and add the widget to your form.
import "altcha";<form action="/submit" method="post"> <altcha-widget challenge="https://your-challenge-url"> </altcha-widget> <button type="submit">Submit</button></form>For a deep dive into customization, see the Widget Integration guide.
Backend: Verification is performed locally using your server-side secret, removing the need for an external API round-trip to Google.
Learn more about validating payloads in the Server Integration guide.
Migration Steps
-
Remove Turnstile Dependencies
- Remove the Turnstile script tag and the
.cf-turnstilecontainer from your HTML. - Clear out Cloudflare secret keys from your backend configuration.
- Remove the Turnstile script tag and the
-
Deploy ALTCHA Sentinel
- Set up ALTCHA Sentinel or integrate the challenge generation into your existing backend.
-
Update Frontend
- Replace the Turnstile widget with the
<altcha-widget>as described in the Widget Integration guide.
- Replace the Turnstile widget with the
-
Update Server-Side Verification
- Swap the Cloudflare API request for a local verification check using one of our Server Integration libraries.
Benefits After Migration
- Infrastructure Independence: No dependency on Cloudflare’s uptime or service changes.
- Data Privacy: Eliminates external logging of user metadata and IP addresses.
- Low Latency: Local verification removes the delay of cross-network API calls.