This page explains how to install a policy-based challenge key on your website. With a policy-based challenge key, reCAPTCHA can deterministically trigger CAPTCHA challenges based on a score threshold and challenge difficulty.
Before you begin
Create a policy-based challenge key.
Alternatively, you can copy the ID of an existing policy-based challenge key by performing one of the following steps:
To copy the ID of an existing key from the Google Cloud console, do the following:
Go to the reCAPTCHA page.
- In the reCAPTCHA keys list, hold the pointer over the key you want to copy, and then click .
- To copy the ID of an existing key using the REST API, use the projects.keys.list method.
- To copy the ID of an existing key using the gcloud CLI, use the gcloud recaptcha keys list command.
Configure the policy-based challenge key
For your policy-based challenge key, you must specify the challenge difficulty that determines the complexity and frequency of CAPTCHA challenges, and define a custom score threshold for specific actions that overrides the default threshold.
In the Google Cloud console, go to the reCAPTCHA page.
The reCAPTCHA page has two views: Tables and Cards. If your project has many reCAPTCHA keys, only the Table view is available.
Verify that the name of your project appears in the resource selector at the top of the page.
If you don't see the name of your project, click the resource selector, and then select your project.
In the reCAPTCHA keys section, identify the policy-based challenge key that you want to configure, and click the key.
In the Key details page, go to the Overview tab.
In the Configuration section, click Configure for Challenge settings.
In the Configure challenge settings page, select the challenge difficulty.
To trigger CAPTCHA challenges, use the slider to specify the default threshold value.
The default threshold of
0.0does not trigger any challenge.1.0triggers a challenge for every request.To configure a custom score threshold for individual actions, which overrides the default threshold value, do the following:
Enter an action name.
To specify a custom score threshold, use the Set action threshold slider.
Click Done.
Click Save.
Add reCAPTCHA on an HTML button
To load reCAPTCHA on your web page, add the JavaScript API with your policy-based challenge key within the
<head></head>element of your web page.<head> <script src="https://www.google.com/recaptcha/enterprise.js?render=KEY_ID"></script> .... </head>reCAPTCHA uses the browser's language by default. If you want to specify a different language, use the
hl=LANGattribute in your script. For example, to use French, specify the following:<script src="https://www.google.com/recaptcha/enterprise.js?hl=fr"></script>. To learn about the supported languages, see language codes for reCAPTCHA.To add reCAPTCHA on a simple HTML button, do the following:
Define a callback function to handle the token.
<script> function onSubmit(token) { document.getElementById("demo-form").submit(); } // Use `requestSubmit()` for extra features like browser input validation. </script>For more information, see requestSubmit() method.
Add attributes to your html button.
<button class="g-recaptcha" data-sitekey="KEY_ID" data-callback="onSubmit" data-action="submit">Submit</button>
If you want to specify a location for the badge, then use the
data-badge=LOCATIONattribute on the element that hasclass=g-recaptcha. By default, the location is set tobottomright. The other possible values areinlineandbottomleft.When this button is used to submit a form on your site, the
g-recaptcha-responsePOST parameter contains the response token.
After the token is generated, send the reCAPTCHA token to your backend and create an assessment within two minutes.
What's next
- To assess the reCAPTCHA response token, create an assessment.