This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

reCAPTCHA is a free service provided by Google that can be used to protect against spam or other forms of internet abuse by verifying whether a user is a human or a robot. It comes in the form of a widget.

Let's learn how to set up and use reCaptcha with WSO2 Identity Server. 

How it works 

First, you will need to register and create an API key pair for the required domain. The key pair consists of a site key and site secret. The site key is used to display the reCaptcha widget on a web page. After the verification, a new parameter called g-recaptcha-response appears on the form, which can be submitted by the user. From the server side, you can verify the submitted captcha response by calling the Google API with the secret key.

Follow the steps below to configure this. 

Configuring reCAPTCHA API keys

  1. Register your identity server domain.

    1. Visit

    2. Provide the following details and click Submit.

      LableThis is a label to identify the site.WSO2 Identity Server
      reCAPTCHA typeThis is the type of the reCaptcha.Select either of the following
      • reCAPTCHA v2 > "I'm not a robot" Checkbox
      • recCAPTCHA v2 > Invisible reCAPTCHA badge
      DomainsThis defines the domain and the subdomains to which this registration applies

    3. Click Submit

      Note that a site key and secret key get generated. Copy them for later use.

  2. Open the file located in the <IS_HOME>/repository/conf/identity/ directory and configure the following properties.

    # Google reCAPTCHA settings
    # Enable Google reCAPTCHA
    # reCaptcha API URL
    # reCaptcha verification URL
    # reCaptcha site key<your site key>
    # reCaptcha secret key
    recaptcha.secret.key=<your site secret key> 
  3. Restart WSO2 Identity Server. 

You have successfully set up reCaptcha for your site. You can now configure reCaptcha with any of the following: 

  • No labels