Skip to main content

reCAPTCHA Enterprise

reCAPTCHA Enterprise is a Google service that protects websites from fraud and abuse using advanced bot detection without disrupting user experience. This guide will walk you through the process of setting up reCAPTCHA Enterprise with Logto.

Prerequisites

  • A Google Cloud project

Setup a reCAPTCHA key

  1. Go to the reCAPTCHA page of Google Cloud Console.
  2. Click Create key button near "reCAPTCHA keys".
  3. Fill out the form with the following details:
    • Display name: Any name you want to give to the key
    • Application type: Website
    • Domain list: Add Logto's endpoint domain
    • Verification type: Choose between Score-based (invisible) or Checkbox challenge. This determines how reCAPTCHA will be displayed to users. See Verification mode for more details.
  4. After creating the key, you will be redirected to the key details page, copy the ID.

Setup an API key

  1. Go to the Credentials page of Google Cloud Console.
  2. Click Create credentials button and select API key.
  3. Copy the API key.
  4. Optionally, you can restrict the API key to reCAPTCHA Enterprise API to make it more secure.
  5. Remember to leave "Application restrictions" to None if you don't understand what it is.

Get project ID

  1. Copy the Project ID from the home page of Google Cloud Console.

Verification mode

reCAPTCHA Enterprise supports two verification modes:

  • Invisible: Score-based verification that runs automatically in the background without user interaction. This is the default mode.
  • Checkbox: Displays the classic "I'm not a robot" checkbox widget that requires user interaction.
note:

The verification mode you select in Logto must match the key type you created in Google Cloud Console. If you created a score-based key, select Invisible. If you created a checkbox challenge key, select Checkbox.

Custom domain

By default, Logto loads the reCAPTCHA script from www.google.com. However, in some regions where Google's standard domain is inaccessible, you can configure an alternative domain.

Supported domains:

  • www.google.com (default)
  • recaptcha.net

To configure a custom domain, enter the domain in the Domain field when setting up reCAPTCHA Enterprise in Logto Console.

Enable CAPTCHA

Remember to enable CAPTCHA bot protection after you have set up the CAPTCHA provider.

Go to the Security page, find the CAPTCHA tab, and switch on the toggle button of "Enable CAPTCHA".