Use reCAPTCHA features after migration

This page explains how to modify an existing reCAPTCHA integration to use reCAPTCHA features, such as Multi-factor authentication (MFA) and Password Leak Detection after migrating from reCAPTCHA Classic. Modifying an existing reCAPTCHA integration involves instrumenting the web pages and migrating the backend calls.

Before you begin

Migrate to reCAPTCHA.

Instrument the web pages

To instrument the web pages with the reCAPTCHA scripts and calls, do the following:

Verify that you have the following script included in your web pages: https://www.google.com/recaptcha/api.js.
In your web pages, replace https://www.google.com/recaptcha/api.js with https://www.google.com/recaptcha/enterprise.js.

Note: If your web pages have the https://www.recaptcha.net/recaptcha/api.js script, then replace it with https://www.recaptcha.net/recaptcha/enterprise.js.
If you programmatically invoke the API, then replace the following calls:
- grecaptcha.execute() -> grecaptcha.enterprise.execute()
- grecaptcha.getResponse() -> grecaptcha.enterprise.getResponse()
- grecaptcha.ready() -> grecaptcha.enterprise.ready()
- grecaptcha.render() -> grecaptcha.enterprise.render()
- grecaptcha.reset() -> grecaptcha.enterprise.reset()

(Optional) To improve the loading performance of reCAPTCHA, do the following:

Verify that you are loading enterprise.js asynchronously. For more information, see Loading reCAPTCHA asynchronously.
Add the following resource hints in the <head> tag of pages that load enterprise.js:
- <link rel="preconnect" href="https://www.google.com">
- <link rel="preconnect" href="https://www.gstatic.com" crossorigin>

Migrate the backend calls

To use reCAPTCHA features, you must migrate your backend calls to the new endpoints and set up authentication:

Replace backend calls to https://www.google.com/recaptcha/api/siteverify with equivalent calls to recaptchaenterprise.googleapis.com. For the complete URL and the POST data format, see Create an assessment for your website.

Set up authentication to reCAPTCHA.

The authentication method you choose depends on the environment where reCAPTCHA is set up. The following table helps you choose the appropriate authentication method and the supported interface to set up authentication:

Environment	Interface	Authentication method
Google Cloud	REST Client libraries	Use attached service accounts.
On-premises or a different cloud provider	REST	Use API keys or Workload identity federation. If you want to use API keys, then we recommend securing the API keys by applying API key restrictions.
Client libraries	Use the following: For Python or Java, use API keys or Workload identity federation. If you want to use API keys, then we recommend securing the API keys by applying API key restrictions. For other languages, use Workload identity federation.

Environment

Interface

Authentication method

Google Cloud

REST
Client libraries

Use attached service accounts.

On-premises or a different cloud provider

REST

Use API keys or Workload identity federation.

If you want to use API keys, then we recommend securing the API keys by applying API key restrictions.

Client libraries

Use the following:

For Python or Java, use API keys or Workload identity federation.
If you want to use API keys, then we recommend securing the API keys by applying API key restrictions.
For other languages, use Workload identity federation.

What's next

Create an assessment for your website