Understand the implementation of reCAPTCHA Enterprise

This document shows the implementation path of reCAPTCHA Enterprise to protect your websites and mobile applications. You can set up reCAPTCHA Enterprise on websites, on mobile applications, and on the WAF layer.

reCAPTCHA Enterprise workflow for websites

The following illustration provides a high-level overview of the implementation of reCAPTCHA Enterprise on websites:

A workflow diagram that shows the implementation workflow for websites

Setting up reCAPTCHA Enterprise on websites involves the following steps:

  1. Create reCAPTCHA keys: Choose the reCAPTCHA key type that is best for your use case and create keys.

  2. Integrate reCAPTCHA Enterprise with your website: To collect information about the user actions and send it to reCAPTCHA Enterprise, install the keys that you created on your web pages by using the reCAPTCHA Enterprise JavaScript API.

  3. Integrate reCAPTCHA Enterprise with your backend: From your backend server, create assessments to verify the token sent by reCAPTCHA Enterprise and assess the risk. Interpret the assessment scores and the associated risk, and define how to handle users—for example, allow the user to log in only when the score is high and the risk is low.

After you set up reCAPTCHA Enterprise, we recommend that you annotate the assessments whenever you have more information about the user interactions. This helps reCAPTCHA Enterprise to tune your site-specific model and improve the risk detection.

You can also set up additional security to protect user accounts and payment workflows on your websites.

For instructions, see Set up reCAPTCHA Enterprise on websites.

reCAPTCHA Enterprise workflow for mobile applications

The following illustration provides a high-level overview of the implementation of reCAPTCHA Enterprise on mobile applications:

A workflow diagram that shows the implementation workflow for mobile applications

Setting up reCAPTCHA Enterprise on mobile applications involves the following steps:

  1. Create reCAPTCHA keys: Create score-based keys for your mobile applications.
  2. Integrate with your mobile application: To collect information about the user actions and send it to reCAPTCHA Enterprise, install the keys that you created on your mobile application by using the reCAPTCHA Enterprise SDK.
  3. Integrate with your backend: From your backend server, create assessments to verify the token sent by reCAPTCHA Enterprise and assess the risk. Interpret the assessment scores and the associated risk, and define how to handle users—for example, allow the user to log in only when the score is high and the risk is low.

After you set up reCAPTCHA Enterprise, we recommend that you annotate the assessments whenever you have more information about the user interactions. This helps reCAPTCHA Enterprise to tune your site-specific model and improve the risk detection.

You can also set up additional security to protect user accounts on your mobile applications.

For instructions, see Set up reCAPTCHA Enterprise on mobile applications.

reCAPTCHA Enterprise workflow for WAF

The following illustration provides a high-level overview of the implementation of reCAPTCHA Enterprise at the WAF layer:

A workflow diagram that shows the implementation workflow for WAF

Setting up reCAPTCHA Enterprise at the WAF layer involves the following steps:

  1. Select WAF features: Understand the WAF features and choose one or more WAF features that suit your use case.
  2. Integrate with your website or mobile application: Create reCAPTCHA keys for WAF. To collect information about the user actions and send it to reCAPTCHA Enterprise, install the keys that you created on your web pages by using the reCAPTCHA Enterprise JavaScript API or on mobile applications by using the reCAPTCHA Enterprise SDK.
  3. Integrate with your WAF service provider: To let your WAF service provider manage the incoming user requests, configure policies based on the scores returned by reCAPTCHA Enterprise.

After you set up reCAPTCHA Enterprise, we recommend that you annotate the assessments whenever you have more information about the user interactions. This helps reCAPTCHA Enterprise to tune your site-specific model and improve the risk detection.

For instructions, see Set up reCAPTCHA Enterprise at the WAF layer.

What's next