12 May 2023

Integrating a Google reCAPTCHA into a website with HTML and JavaScript

The internet is a vast network of information and resources that is accessible to anyone with an internet connection. While the internet has provided a lot of benefits to people all around the world, it has also become a platform for malicious activities like spamming, phishing, and hacking. These nefarious activities can pose a significant threat to websites, their users, and their data.

To combat these malicious activities, web developers use various security measures, including authentication mechanisms and CAPTCHAs. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a security tool that helps prevent automated bots from abusing online services, filling out online forms, or creating fake accounts.

Google reCAPTCHA is one of the most popular CAPTCHA systems that web developers use. In this blog, we will discuss how to integrate Google reCAPTCHA into a website using HTML and JavaScript.

Step 1: Create a Google reCAPTCHA Account

The first step to integrating Google reCAPTCHA into a website is to create a Google reCAPTCHA account. This can be done by visiting the Google reCAPTCHA website and clicking on the "Admin Console" button on the top right-hand corner of the page.

If you do not already have a Google account, you will need to create one before you can create a Google reCAPTCHA account. Once you have created a Google reCAPTCHA account, you will be able to generate reCAPTCHA keys that you can use on your website.

Step 2: Obtain reCAPTCHA Keys

To integrate Google reCAPTCHA into your website, you will need to obtain reCAPTCHA keys. There are two types of reCAPTCHA keys that you can obtain - a site key and a secret key. The site key is used to render the reCAPTCHA widget on your website, while the secret key is used to verify the user's response.

To obtain reCAPTCHA keys, log in to your Google reCAPTCHA account and click on the "Add a new site" button. You will need to enter the domain name of your website and choose the type of reCAPTCHA that you want to use (v2 or v3).

Once you have entered the necessary information, Google will generate a site key and a secret key that you can use on your website.

Step 3: Add the reCAPTCHA Script

To integrate Google reCAPTCHA into your website, you will need to add the reCAPTCHA script to your HTML code. You can do this by adding the following script tag to the head section of your HTML code:

<script src="https://www.google.com/recaptcha/api.js" async defer></script>

This script tag will load the reCAPTCHA API onto your website, which will allow you to render the reCAPTCHA widget and verify the user's response.

Step 4: Render the reCAPTCHA Widget

After adding the reCAPTCHA script to your HTML code, you will need to render the reCAPTCHA widget on your website. You can do this by adding the following code to the body section of your HTML code:

<div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY"></div>

Replace "YOUR_SITE_KEY" with the site key that you obtained in Step 2.

Step 5: Verify the User's Response

Once the user submits the form on your website, you will need to verify their response to the reCAPTCHA challenge. You can do this by sending a POST request to the Google reCAPTCHA API with the user's response and your secret key.

Here is an example of how to verify the user's response using JavaScript:

function onSubmit(token) {
  var response = document.getElementById("g-recaptcha-response").value;
  var xhr = new XMLHttpRequest();
  xhr.open("POST", "https://www.google.com/recaptcha/api/siteverify", true);
  xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  xhr.onreadystatechange = function () {
    if (xhr.readyState == 4 && xhr.status == 200) {
      var result = JSON.parse(xhr.responseText);
      if (result.success) {
        // User passed the reCAPTCHA challenge
        // Submit the form or perform other actions
      } else {
        // User failed the reCAPTCHA challenge
        // Display an error message or take other actions
      }
    }
  };
  xhr.send("secret=YOUR_SECRET_KEY&response=" + response);
}

In this example, we are sending a POST request to the Google reCAPTCHA API with the user's response and our secret key. We are then parsing the response from the API and checking if the user passed the reCAPTCHA challenge or not. If the user passed the challenge, we can submit the form or perform other actions. If the user failed the challenge, we can display an error message or take other actions.

Conclusion

Integrating Google reCAPTCHA into a website using HTML and JavaScript is a straightforward process. By following the steps outlined in this blog, you can add an extra layer of security to your website and protect it from automated bots and other malicious activities. Remember to keep your reCAPTCHA keys secure and use them only on authorized websites to prevent unauthorized access to your reCAPTCHA account.