2

We are planning to use recaptcha-V3 on our website. To try this out first and do a phased released - one suggestion was just to have the front-end integration (without backend integration for site verification) and then monitor using the reCaptcha console for unusual activities. If we find unusual activities, we'll then turn on an extra verification on the login page (controlled by a switch).

So the key question I have got is - Can we integrate recaptchaV3 only on the front-end and not on the backend - and use the Admin console to monitor activities?

avijendr
  • 3,958
  • 2
  • 31
  • 46

1 Answers1

1

Yes you can do that. without any backend integration it can be done but that will not be a good way to implement this . The secret key and as well as the request token will be exposed in client browser.

Try this code :

<script src="http://www.google.com/recaptcha/api.js?render={recaptchaSiteKey}"></script>
<script>
 grecaptcha.ready(function() {
 grecaptcha.execute('recaptchaSiteKey', {action: 'homepage'}).then(function(token) {

var recaptchaSecret={recaptchaSecret};
var responseString = "https://www.google.com/recaptcha/api/siteverify?secret="+recaptchaSecret+"&response="+token;

            $.ajax({
            url:responseString
                //your code
            });
          });
     });
</script>
Nihar Sarkar
  • 1,187
  • 1
  • 13
  • 26
  • Thanks Nihar, but what I want to know is can I completely ignore site verification? – avijendr Jun 28 '19 at 09:51
  • Yes, you can .After getting the response from the API add your code based on the response. If the rating is <0.5 , enable your extra verification process. – Nihar Sarkar Jun 28 '19 at 12:56
  • Thanks - but can you please update the code to have it without the site-verification? I am slightly confused about how that could be done. Also without the site verification, can I see the score on the Admin console of recaptcha? – avijendr Jul 02 '19 at 14:29