The send2crm service provides a custom form validator for verifying Google reCAPTCHA tokens.
Add reCAPTCHA to website
Sign up for an API key pair, then follow the installation instructions to add to your form(s).
This will automatically add the verification token to the form submission values, named g-recaptcha-response
.
Create a named credential
Create a new Legacy Named Credential with the following settings:
Label: as desired
Name:
Google_reCAPTCHA
URL: https://www.google.com/recaptcha/api/siteverify (or as required)
Identity Type: Named Principal
Authentication Protocol: Password Authentication
Username: <Site Key>
Password: <Secret>
Un-check Generate Authorization Header (the request does not actually use authentication)
Check Allow Merge Fields in HTTP Body (so the secret can be set via token in the request body)
Apply to form mapping
Set the reCAPTCHA validator on the applicable form mapping(s).
Limitations
Google reCAPTCHA tokens are single-use only. This validation cannot be used by both Salesforce and your website backend for the same submission.