How to verify Google reCAPTCHA v3 response
Today we’ll show you how to verify Google reCAPTCHA v3 response using Node.js. In the previous article, we explained to you how to implement reCAPTCHA v3 in React.
Here, we will verify the google reCAPTCHA response using Node.js but you can use any backend technology to verify the response.
Google reCAPTCHA v3
- Part 1 – Implement reCAPTCHA v3 in React
- Part 2 – Verify Google reCAPTCHA v3 using Node.js (You are here…)
Verify Google reCAPTCHA v3 using Node.js
1. Create REST API
In the first step, we will create a simple REST API with basic configuration. I would recommend you to check the article: Create REST API in Node.js.
Additionally, we will install npm dependencies in the application. Run the following command to install the packages.
1 | npm i body-parser cors node-fetch |
After implementing the package, your server code should look like below.
server.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | var express = require('express'), bodyParser = require('body-parser'), app = express(), port = process.env.PORT || 4000; // parse application/json app.use(bodyParser.json()); // parse application/x-www-form-urlencoded app.use(bodyParser.urlencoded({ extended: true })); // request handlers app.get('/', (req, res) => { res.status(200).json({ message: 'Clue Mediator' }); }); app.listen(port, () => { console.log('Server started on: ' + port); }); |
We’ll use the other plugins for further use.
2. Enable CORS
To enable the CORS, we will use the cors
npm package. Refer the following article for more information.
3. Create an API to verify reCAPTCHA v3 response
Now, we have to create an API to verify reCAPTCHA v3 response. We will use the node-fetch
npm package to call an external API. Refer the document for the API request.
1 2 3 4 5 6 7 8 9 10 | var fetch = require('node-fetch'); var SECRET_KEY = "<YOUR_SECRET_KEY>"; // verify reCAPTCHA response app.post('/verify', (req, res) => { var VERIFY_URL = `https://www.google.com/recaptcha/api/siteverify?secret=${SECRET_KEY}&response=${req.body['g-recaptcha-response']}`; return fetch(VERIFY_URL, { method: 'POST' }) .then(res => res.json()) .then(json => res.send(json)); }); |
We have used the SECRET KEY to verify reCAPTCHA response. Check out the following link to generate keys.
Generate google reCAPTCHA v3 keys
Let’s combine all code together and see how it looks.
server.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | var express = require('express'), bodyParser = require('body-parser'), app = express(), port = process.env.PORT || 4000; var fetch = require('node-fetch'); var SECRET_KEY = "<YOUR_SECRET_KEY>"; // enable CORS using npm package var cors = require('cors'); app.use(cors()); // parse application/json app.use(bodyParser.json()); // parse application/x-www-form-urlencoded app.use(bodyParser.urlencoded({ extended: true })); // verify reCAPTCHA response app.post('/verify', (req, res) => { var VERIFY_URL = `https://www.google.com/recaptcha/api/siteverify?secret=${SECRET_KEY}&response=${req.body['g-recaptcha-response']}`; return fetch(VERIFY_URL, { method: 'POST' }) .then(res => res.json()) .then(json => res.send(json)); }); // request handlers app.get('/', (req, res) => { res.status(200).json({ message: 'Clue Mediator' }); }); app.listen(port, () => { console.log('Server started on: ' + port); }); |
4. Output
To test this API, we recommend you to use the previous article and call \verify
API and pass the g-recaptcha-response
to verify with google reCAPTCHA backend API.
That’s it for today.
Thank you for reading. Happy Coding..!!
Thank you for a great guide. Simple and it works. A good addition would be a way to remove the Recaptcha badge from the screen for views that don’t use it. For instance, to remove it after user signs in.
You are right.
so awesome and helpful
ncie