This document shows you how to migrate from reCAPTCHA (non-Enterprise version) to reCAPTCHA Enterprise by using an active site key. The migration process takes 5–10 minutes to complete and requires no code changes.
If you currently access the reCAPTCHA Admin console, then you are using the non-Enterprise version of reCAPTCHA, which has limited functionality and strict limits on monthly usage. For more information about the features comparison, see Comparison of features between reCAPTCHA versions.
After the migration, you become a user of reCAPTCHA Enterprise and you are charged when you exceed 1,000,000 requests per month. For more information, see reCAPTCHA Enterprise pricing.
Before you begin
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.
reCAPTCHA Enterprise requires billing to be linked and enabled on the project for the migration. You can enable billing by using either a credit card or an existing Google Cloud project billing ID. If you require assistance with billing, contact the Cloud Billing Support.
- If you want to run the gcloud CLI outside of the Google Cloud console,
install and initialize the gcloud CLI. For instructions, see
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
Enable the reCAPTCHA Enterprise API
Console
In the Google Cloud console, go to the reCAPTCHA Enterprise API page.
Verify that the name of your project appears in the project selector at the top of the page.
If you don't see the name of your project, click the project selector, then select your project.
- Click Enable.
gcloud
- To set your Google Cloud project in the gcloud session, run the
gcloud config set projectcommand. Replace PROJECT_ID with your Google Cloud project ID.gcloud config set project PROJECT_ID - To enable the reCAPTCHA Enterprise API, run the
gcloud services enablecommand:gcloud services enable recaptchaenterprise.googleapis.com - To verify that the reCAPTCHA Enterprise API is enabled, run the
gcloud services listcommand:gcloud services list --enabledVerify that the reCAPTCHA Enterprise API is listed in the list of enabled APIs.
Migrating to reCAPTCHA Enterprise
Migrating from a non-Enterprise version of reCAPTCHA to reCAPTCHA Enterprise involves choosing an active site key from the reCAPTCHA Admin console and migrating the site key. You can migrate one or more active site keys. However, you can migrate only one site key at a time.
To execute the migration process, you must have a reCAPTCHA user account that satisfies the following requirements:
- In the reCAPTCHA Admin console, the user account is listed as an owner for the site key you want to migrate.
- The user account has one of the following IAM roles for the
Google Cloud project for which the reCAPTCHA Enterprise API is
enabled:
- Project Owner (
roles/owner) - Project Editor (
roles/editor) - reCAPTCHA Enterprise Admin (
roles/recaptchaenterprise.admin)
- Project Owner (
Migrate the site key by using Google Cloud console, Cloud Shell, the Google Cloud CLI, or the reCAPTCHA Enterprise API:
Google Cloud console
In the Google Cloud console, go to the reCAPTCHA Enterprise page.
Verify that the name of your project appears in the resource selector at the top of the page. If you don't see the name of your project, click the resource selector, then select your project.
From the Classic keys section, identify the key you want to migrate, and click Upgrade key.
To complete the migration of the selected key, click Confirm.
Cloud Shell
- In the Google Cloud console, go to Cloud Shell. Go to Cloud Shell
- If prompted, click Authorize.
Choose and copy an active site key that you have used to integrate reCAPTCHA with your web pages:
- Go to the reCAPTCHA Admin console and click .
Choose a site key. The following reCAPTCHA site keys are supported for migration: reCAPTCHA v2 Checkbox, reCAPTCHA v2 Invisible, and reCAPTCHA v3.
To copy the site key, click Copy site key.
Migrate the site key.
Use the
gcloud recaptcha keys migratecommand as shown in the following example:gcloud recaptcha keys migrate SITE_KEY --project PROJECT-ID
Provide the following values:
- SITE_KEY: the active site key that you copied from the reCAPTCHA Admin console.
- PROJECT-ID: the ID of the Google Cloud project for which the reCAPTCHA Enterprise API is enabled.
gcloud CLI
To configure authentication, run the following
gcloudcommand:gcloud auth loginLog in with the reCAPTCHA user account that owns the chosen site key and has one of the following roles: Project Owner, Project Editor, or reCAPTCHA Enterprise Admin role.
Choose and copy an active site key that you have used to integrate reCAPTCHA with your web pages:
- Go to the reCAPTCHA Admin console and click .
Choose a site key. The following reCAPTCHA site keys are supported for migration: reCAPTCHA v2 Checkbox, reCAPTCHA v2 Invisible, and reCAPTCHA v3.
To copy the site key, click Copy site key.
Migrate the site key.
Use the
gcloud recaptcha keys migratecommand as shown in the following example:gcloud recaptcha keys migrate SITE_KEY --project PROJECT-ID
Provide the following values:
- SITE_KEY: the active site key that you copied from the reCAPTCHA Admin console.
- PROJECT-ID: the ID of the Google Cloud project for which the reCAPTCHA Enterprise API is enabled.
REST API
Choose and copy an active site key that you have used to integrate reCAPTCHA with your web pages:
- Go to the reCAPTCHA Admin console and click .
Choose a site key. The following reCAPTCHA site keys are supported for migration: reCAPTCHA v2 Checkbox, reCAPTCHA v2 Invisible, and reCAPTCHA v3.
To copy the site key, click Copy site key.
Migrate the site key.
Before using any of the request data, make the following replacements:
- PROJECT_ID: the ID of the Google Cloud project for which the reCAPTCHA Enterprise API is enabled.
- SITE_KEY: the active site key that you copied from the reCAPTCHA Admin console.
HTTP method and URL:
POST https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/keys/SITE_KEY:migrate
To send your request, choose one of these options:
curl
Execute the following command:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d "" \
"https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/keys/SITE_KEY:migrate"PowerShell
Execute the following command:
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }
Invoke-WebRequest `
-Method POST `
-Headers $headers `
-Uri "https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/keys/SITE_KEY:migrate" | Select-Object -Expand ContentYou should receive a JSON response similar to the following:
{ "name": "projects/PROJECT-ID/keys/6Ldqgs0UAAAAAIn4k7YxEB-LwEh5S9-Gv6IIWB8m", "displayName": "My site key", "webSettings": { "allowAllDomains": false, "allowedDomains": [ recaptcha.net ], "allowAmpTraffic": false, "integrationType": "SCORE", "challengeSecurityPreference": "CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED" } }
To verify that the site key is migrated, do the following:
Google Cloud console
Go to the reCAPTCHA Enterprise page and find the migrated site key in the Enterprise keys section.
Cloud Shell
Run the
gcloud recaptcha keys listcommand and find the migrated site key in the list of keys.gcloud CLI
Run the
gcloud recaptcha keys listcommand and find the migrated site key in the list of keys.
After migrating to reCAPTCHA Enterprise, you can continue to use the siteverify method to assess a user's reCAPTCHA response token.
You can revoke the reCAPTCHA Enterprise Admin
(roles/recaptchaenterprise.admin) IAM role from your reCAPTCHA
user account. You can either ask your administrator to revoke the access,
or follow the instructions on Granting, changing, and revoking access.