Enable reCAPTCHA from the console

You can enable reCAPTCHA directly from the ReachFive Console.

What is reCAPTCHA?

reCAPTCHA is a free service offered by Google that helps to block automated attempts to log in with user accounts and most importantly, protects your site from abuse. reCAPTCHA v3 uses advanced risk analysis to determine if the attempt is human or bot. With this version, there is no need for user interaction like there was in v2.

Check out the reCAPTCHA version differences here.

Prerequisites

  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.

  • You must have an existing client or you should create a new client.

  • You must have the reCAPTCHA feature enabled on the ReachFive Console.

    If you do not see the feature enabled, contact support. We’ll be happy to help.

Instructions

  1. Log into your ReachFive Console.

  2. Go to Security  Recaptcha.

    recaptcha nav

  3. Click New recaptcha configuration or edit edit icon an existing configuration.

    1. Choose the client from the dropdown where you wish to apply reCAPTCHA.

    2. Paste in your site secret that Google reCAPTCHA generated for you.

    3. Choose the reCAPTCHA version you wish to use.

      You can only choose one for a given configuration.

    4. v3 only Choose the Threshold if you have selected v3.

      The threshold is the reCAPTCHA score assigned to the interaction.

      1.0 is highly likely to be a genuine interaction whereas 0.0 is most likely a bot or unwanted traffic.

    5. Select the endpoints that you wish to apply reCAPTCHA.

      Current endpoints for reCAPTCHA

    6. Select the reCAPTCHA user actions you wish to apply.

      For more on actions, see reCAPTCHA actions

    7. Ensure you have selected the Active checkbox.

      You can choose to temporarily disable the configuration for testing purposes without deleting your configuration, if necessary.

  4. Don’t forget to Save your input.

recaptcha on console

What your users experience

When reCAPTCHA is enabled for an endpoint, the user may experience one of the following behaviors depending on the selected reCAPTCHA version:

reCAPTCHA v2 (Visible)

Users see an interactive challenge on your site. This typically appears as:

  • A checkbox labeled "I’m not a robot".

  • In some cases, an additional image-based challenge (for example, "Select all squares with traffic lights") if Google cannot confidently verify the interaction.

The user must complete the challenge before they can continue with the authentication flow (login, signup, password reset, etc.).

reCAPTCHA v3 (Invisible)

Users do not see any challenge element or widget.

Instead:

  • A score is silently generated in the background during the interaction.

  • No user action is required unless your application triggers additional verification when a low score is detected (for example, blocking the flow or asking for additional identity checks).

This provides frictionless bot detection without interrupting the user experience.