Stay organized with collections
Save and categorize content based on your preferences.
Troubleshooting the Identity Platform integration with the reCAPTCHA Enterprise API
This document provides guidance for troubleshooting potential issues that might
arise when using the Identity Platform integration with the reCAPTCHA Enterprise API, including the
reCAPTCHA bot protection and reCAPTCHA SMS defense features.
Integration onboarding troubleshooting
Your users might be experiencing issues due to mistakes when onboarding
with the Identity Platform integration with the reCAPTCHA Enterprise API. Some common reasons might include the
following:
You might have missed a step in the Identity Platform integration with the reCAPTCHA Enterprise API set up. For
example, neglecting to set up the service account or enabling the
reCAPTCHA Enterprise API on the project. Ensure you've completed all
the integration requirements. For set up instructions, see Integrate
Identity Platform with the reCAPTCHA Enterprise
API.
If you are bringing your own key to
use with reCAPTCHA, the corresponding reCAPTCHA key
you uploaded might not be valid or might have stopped working. Verify that the
key is working and accessible by Identity Platform.
Users might be using an outdated version of your app. Make sure you provide an
updated version of your app that uses the client SDK, and ask your users
to update their app. To set up the client SDK for your app, see Configure
the
client SDK.
Users can't authenticate through reCAPTCHA Enterprise API supported flows
If you are experiencing issues with reCAPTCHA Enterprise API supported
flows, such as reCAPTCHA bot protection or reCAPTCHA SMS defense, see the
following sections for feature specific guidance.
reCAPTCHA bot protection troubleshooting
The following topics describe possible issues that you might face when using
bot protection and how you might solve them.
Users can't authenticate when using bot protection for the email-password or phone providers
If you have determined that the Identity Platform integration with the reCAPTCHA Enterprise API was set up correctly,
users might be blocked from performing authentication actions through the
email-password or phone providers based on your current configuration. For
example, users might be unable to perform the following actions:
Sign-in, sign-up, or reset a password through an email address.
Request an SMS code to sign in through a phone number.
Enroll in or sign in with SMS-based multi-factor authentication.
To resolve these authentication issues, try the following:
If user requests are failing with ERROR_CAPTCHA_CHECK_FAILED, consider a
more permissive configuration by adjusting the thresholds you've set for
managedRules. Any requests that score below the threshold you set will be
considered a bot. For example, if you set a threshold of 0.6,
reCAPTCHA will fail any request with a 0.5 or lower.
Therefore, the higher you set the score, the stricter the rules will be.
Ask the user to try a different device, browser, or network.
Revert to audit mode and monitor metrics before re-enabling enforcement mode.
reCAPTCHA SMS defense troubleshooting
The following topics describe possible issues you might face when using
reCAPTCHA SMS defense and how you might solve them.
Users can't authenticate when using reCAPTCHA SMS defense for the phone provider
If you have determined that the Identity Platform integration with the reCAPTCHA Enterprise API was set up correctly,
users might be blocked from performing SMS-based authentication actions through
the phone provider based on your current configuration. For example, users might
be unable to request an SMS code to sign in with a phone number or enroll in or
sign in with multi-factor authentication. This can happen if the
reCAPTCHA SMS defense score you set is too strict.
To resolve this, consider a more permissive configuration by adjusting the
threshold you've set for tollFraudManagedRules. Any score above the threshold
you set will be considered SMS toll fraud. For example, if you set a threshold
of 0.3, reCAPTCHA will fail any request with a 0.4 or higher.
Therefore, the lower you set the score, the stricter the rules will be.
If this is an issue, we recommend setting your enforcement mode to audit to test
and monitor the reCAPTCHA metrics emitted by your project. This
will help you ensure that your app is receiving acceptable user traffic before
enabling enforcement again.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[[["\u003cp\u003eThis document offers guidance on troubleshooting issues with the Identity Platform integration with the reCAPTCHA Enterprise API, which includes bot protection and SMS toll fraud protection.\u003c/p\u003e\n"],["\u003cp\u003eCommon issues during onboarding can stem from missed setup steps, like neglecting to set up the service account or using an invalid reCAPTCHA key, or if users are using outdated app versions.\u003c/p\u003e\n"],["\u003cp\u003eUsers might face authentication failures due to strict configurations; adjusting the \u003ccode\u003emanagedRules\u003c/code\u003e thresholds in bot protection or the \u003ccode\u003etollFraudManagedRules\u003c/code\u003e thresholds in SMS toll fraud protection can resolve these issues.\u003c/p\u003e\n"],["\u003cp\u003eWhen encountering authentication issues, you can ask users to try a different device, browser, or network, or revert to audit mode to monitor metrics before re-enabling enforcement mode.\u003c/p\u003e\n"],["\u003cp\u003eIf SMS toll fraud protection is blocking authentication, consider lowering the score threshold to be more permissive, and use audit mode to test and monitor metrics.\u003c/p\u003e\n"]]],[],null,["# Troubleshooting the Identity Platform integration with the reCAPTCHA Enterprise API\n===================================================================================\n\nThis document provides guidance for troubleshooting potential issues that might\narise when using the Identity Platform integration with the reCAPTCHA Enterprise API, including the\nreCAPTCHA bot protection and reCAPTCHA SMS defense features.\n\nIntegration onboarding troubleshooting\n--------------------------------------\n\nYour users might be experiencing issues due to mistakes when onboarding\nwith the Identity Platform integration with the reCAPTCHA Enterprise API. Some common reasons might include the\nfollowing:\n\n- You might have missed a step in the Identity Platform integration with the reCAPTCHA Enterprise API set up. For example, neglecting to set up the service account or enabling the reCAPTCHA Enterprise API on the project. Ensure you've completed all the integration requirements. For set up instructions, see [Integrate\n Identity Platform with the reCAPTCHA Enterprise\n API](/identity-platform/docs/recaptcha-enterprise).\n- If you are [bringing your own key](/identity-platform/docs/recaptcha-byok) to use with reCAPTCHA, the corresponding reCAPTCHA key you uploaded might not be valid or might have stopped working. Verify that the key is working and accessible by Identity Platform.\n- Users might be using an outdated version of your app. Make sure you provide an updated version of your app that uses the client SDK, and ask your users to update their app. To set up the client SDK for your app, see [Configure\n the\n client SDK](/identity-platform/docs/recaptcha-enterprise#configure-sdk).\n\nUsers can't authenticate through reCAPTCHA Enterprise API supported flows\n-------------------------------------------------------------------------\n\nIf you are experiencing issues with reCAPTCHA Enterprise API supported\nflows, such as reCAPTCHA bot protection or reCAPTCHA SMS defense, see the\nfollowing sections for feature specific guidance.\n\n### reCAPTCHA bot protection troubleshooting\n\nThe following topics describe possible issues that you might face when using\nbot protection and how you might solve them.\n\n#### Users can't authenticate when using bot protection for the email-password or phone providers\n\nIf you have determined that the Identity Platform integration with the reCAPTCHA Enterprise API was set up correctly,\nusers might be blocked from performing authentication actions through the\nemail-password or phone providers based on your current configuration. For\nexample, users might be unable to perform the following actions:\n\n- Sign-in, sign-up, or reset a password through an email address.\n- Request an SMS code to sign in through a phone number.\n- Enroll in or sign in with SMS-based multi-factor authentication.\n\nTo resolve these authentication issues, try the following:\n\n- If user requests are failing with `ERROR_CAPTCHA_CHECK_FAILED`, consider a more permissive configuration by adjusting the thresholds you've set for `managedRules`. Any requests that score below the threshold you set will be considered a bot. For example, if you set a threshold of `0.6`, reCAPTCHA will fail any request with a `0.5` or lower. Therefore, the higher you set the score, the stricter the rules will be.\n- Ask the user to try a different device, browser, or network.\n- Revert to audit mode and monitor metrics before re-enabling enforcement mode.\n\n### reCAPTCHA SMS defense troubleshooting\n\nThe following topics describe possible issues you might face when using\nreCAPTCHA SMS defense and how you might solve them.\n\n#### Users can't authenticate when using reCAPTCHA SMS defense for the phone provider\n\nIf you have determined that the Identity Platform integration with the reCAPTCHA Enterprise API was set up correctly,\nusers might be blocked from performing SMS-based authentication actions through\nthe phone provider based on your current configuration. For example, users might\nbe unable to request an SMS code to sign in with a phone number or enroll in or\nsign in with multi-factor authentication. This can happen if the\nreCAPTCHA SMS defense score you set is too strict.\n\nTo resolve this, consider a more permissive configuration by adjusting the\nthreshold you've set for `tollFraudManagedRules`. Any score above the threshold\nyou set will be considered SMS toll fraud. For example, if you set a threshold\nof `0.3`, reCAPTCHA will fail any request with a `0.4` or higher.\nTherefore, the lower you set the score, the stricter the rules will be.\n\nIf this is an issue, we recommend setting your enforcement mode to audit to test\nand monitor the reCAPTCHA metrics emitted by your project. This\nwill help you ensure that your app is receiving acceptable user traffic before\nenabling enforcement again.\n\nWhat's next\n-----------\n\n- Learn more about [monitoring reCAPTCHA\n metrics](/identity-platform/docs/recaptcha-metrics)."]]
