This document describes the differences in terminology and key management between the legacy reCAPTCHA Admin Console and Google Cloud console. It also explains how to retrieve reCAPTCHA site keys and secret keys required by third-party plugins like WordPress integrations.
Map legacy terminology to Google Cloud console
Many content management system (CMS) plugins refer to reCAPTCHA
types using legacy naming conventions, like v2 Checkbox, v2 Invisible, and
v3. Google Cloud console uses platform-based descriptors, instead of version
numbers.
The following table maps legacy terminology to Google Cloud console terminology:
| Admin Console terminology | Google Cloud console terminology | Verification mechanism |
|---|---|---|
| Score based (v3) | Website • score | Frictionless, score-based verification. |
| Challenge (v2) | Website • checkbox | Requires user to click an "I'm not a robot" challenge. |
| N/A | Website • policy-based challenge | Challenge configured based on user-defined threshold. |
| N/A | iOS | iOS mobile key without challenge. |
| N/A | Android | Android mobile key without challenge. |
| Invisible (v2) | Website • Invisible with challenge fallback* | May show captcha challenges after risk analysis. |
Verify your key type in Google Cloud console
To verify the type of a key in Google Cloud console, do the following:
In Google Cloud console, go to the Fraud Defense page.
Switch from Cards view to Table view.
Locate the Platform details column to see descriptors such as
Website • score.
Alternatively, in the default Cards view, click Key details for a specific key, and then select Edit key. The Type field displays the configuration.
Find the site key and secret key
Third-party plugins often require a site key and a secret key for reCAPTCHA integration.
- Site key: In the Google Cloud console, the Key ID corresponds to the site key.
- Secret key: the Google Cloud console doesn't display the secret key by default because Google Cloud authentication typically uses API keys or IAM roles. However, you can retrieve the legacy secret key for plugins that require it.
Retrieve the secret key in Google Cloud console
To retrieve the secret key, do the following:
In Google Cloud console, go to the Fraud Defense page.
In the reCAPTCHA Keys section, go to the key that you need the secret key for.
- If you're in the Cards view, click Key details on the key card. The Key ID is displayed at the top of the page.
- If you're in the Table view, the Key ID is visible in the table. Click the key to go to its details page.
The Key ID displayed at the top of the page is your site key.
Go to the Integration tab.
Depending on the key's status:
- If the key is configured for legacy use, click Use Legacy Key.
- If the key isn't integrated with a legacy service, click Integrate with a third-party service or plugin.
A dialog appears with your secret key. Copy this value securely. Treat this secret as sensitive data.
Integrate using assessments
The CreateAssessment method provides detailed risk analysis and reason codes,
and enables access to advanced Fraud Defense features. You can
call the CreateAssessment method using the reCAPTCHA client
libraries or the REST API.
For more information, see Create an assessment for your website.