Google reCAPTCHA Validation

The Send2CRM service provides a custom form validator for verifying Google reCAPTCHA tokens.

Add reCAPTCHA to website

Sign up for an API key pair, then follow the installation instructions to add to your form(s).

This will automatically add the verification token to the form submission values, named g-recaptcha-response.

Create a named credential

Create a new Legacy Named Credential with the following settings:

  • Label: as desired

  • Name: Google_reCAPTCHA

  • URL: https://www.google.com/recaptcha/api/siteverify (or as required)

  • Identity Type: Named Principal

  • Authentication Protocol: Password Authentication

  • Username: <Site Key>

  • Password: <Secret>

  • Un-check Generate Authorization Header (the request does not actually use authentication)

  • Check Allow Merge Fields in HTTP Body (so the secret can be set via token in the request body)

Apply to form mapping

Set the reCAPTCHA validator on the applicable form mapping(s).

Limitations

Google reCAPTCHA tokens are single-use only. This validation cannot be used by both Salesforce and your website backend for the same submission.

For those using out-of-the-box functionality, Send2CRM will automatically halt form submissions as normal if verification fails, no further action needed. However if you need programmatic confirmation you can handle the Send2CRM submit event and test the form response for success; it will always fail if the reCAPTCHA did not verify!