Re: Enterprise Recaptcha Setup

dMallicoat · ‎01-16-2023

I apologize if I've put this in the wrong place, or if I've missed other posts about it. I searched and scanned and didn't see anything.

I am trying to set up Enterprise Recaptcha, mainly for the more granular responses and am struggling. Reading through the docs I'm not entirely sure if it's even possible to use Marketo Webhooks to do it. Has anyone else set up Enterprise Recaptcha in Marketo?

https://cloud.google.com/recaptcha-enterprise/docs/create-assessment

we currently have recaptcha v3 setup, not using the native integration as I'd already set it up previously and didn't want to undo it all.

I've made several efforts, but so far haven't had any success.

dMallicoat · ‎01-17-2023

ok, so after a ton of tests and connecting with my lead dev I got it to work.

The key to getting Enterprise Recaptcha v3 to work in Marketo:
There is the front end script that adds recaptcha to your form page to get your token.
The back end processing to validate the token to get a score.

For the back end processing you will need:

From Google Cloud:
- API Key, Site Key, Project ID
From front end recaptcha response: Token
From front end code:
- USER_ACTION - this is what you set in your front end script, most likely "form"

Marketo Webhook Settings
URL: https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY
Request Type: POST
Template:

{
    "event": {
    "token": "TOKEN",
    "siteKey": "KEY",
    "expectedAction": "USER_ACTION"
    }
}

Request Token Encoding: JSON
Response Type: JSON

~~Custom Headers~~
~~Content-Type = application/json; charset=utf-8~~

The response will contain much more than free v3, a real response shown below with substitions for privacy marked as REDACTED.

{
"name": "REDACTED",
"event": {
"token": "REDACTED",
"siteKey": "REDACTED",
"userAgent": "",
"userIpAddress": "",
"expectedAction": "form",
"hashedAccountId": ""
},
"riskAnalysis": {
"score": 0.9,
"reasons": []
},
"tokenProperties": {
"valid": true,
"invalidReason": "INVALID_REASON_UNSPECIFIED",
"hostname": "REDACTED",
"androidPackageName": "",
"iosBundleId": "",
"action": "form",
"createTime": "2023-01-17T21:52:28.472Z"
}
}

View solution in original post

SanfordWhiteman · ‎01-16-2023

Would be better if you'd describe what you've tried and how the results didn't match your expectations.

Yes, you can call the Enterprise endpoint as a Marketo webhook using an API key to authenticate. However, mapping the riskAnalysis.reasons responses to individual fields is tricky because you don't know the order of items in the array. But you can map riskAnalysis.reasons[0], riskAnalysis.reasons[1], etc. to a few different custom string fields in Marketo.

dMallicoat · ‎01-17-2023

From the create an assessment https://cloud.google.com/recaptcha-enterprise/docs/create-assessment I've put the correct values into the URL:

https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY

and then putting the JSON into the Template section of the webhook with the appropriate values and marking it as JSON Encoding.

{
  "event": {
    "token": "TOKEN",
    "siteKey": "KEY",
    "expectedAction": "USER_ACTION"
  }
}

I've tried converting the JSON to a string:
"{\"event\":{\"token\":\"TOKEN\",\"siteKey\":\"KEY\",\"expectedAction\":\"USER_ACTION\"}}"

All efforts so far have resulted in a 400 error response.
I'm not quite sure what I need to set in the Webhook options or how to adjust the JSON body they show in the documentation. https://cloud.google.com/recaptcha-enterprise/docs/create-assessment

dMallicoat · ‎01-17-2023

I've put all the various values for the variables, just can't share them here.

dMallicoat · ‎01-17-2023

ok, so after a ton of tests and connecting with my lead dev I got it to work.

The key to getting Enterprise Recaptcha v3 to work in Marketo:
There is the front end script that adds recaptcha to your form page to get your token.
The back end processing to validate the token to get a score.

For the back end processing you will need:

From Google Cloud:
- API Key, Site Key, Project ID
From front end recaptcha response: Token
From front end code:
- USER_ACTION - this is what you set in your front end script, most likely "form"

Marketo Webhook Settings
URL: https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY
Request Type: POST
Template:

{
    "event": {
    "token": "TOKEN",
    "siteKey": "KEY",
    "expectedAction": "USER_ACTION"
    }
}

Request Token Encoding: JSON
Response Type: JSON

~~Custom Headers~~
~~Content-Type = application/json; charset=utf-8~~

The response will contain much more than free v3, a real response shown below with substitions for privacy marked as REDACTED.

{
"name": "REDACTED",
"event": {
"token": "REDACTED",
"siteKey": "REDACTED",
"userAgent": "",
"userIpAddress": "",
"expectedAction": "form",
"hashedAccountId": ""
},
"riskAnalysis": {
"score": 0.9,
"reasons": []
},
"tokenProperties": {
"valid": true,
"invalidReason": "INVALID_REASON_UNSPECIFIED",
"hostname": "REDACTED",
"androidPackageName": "",
"iosBundleId": "",
"action": "form",
"createTime": "2023-01-17T21:52:28.472Z"
}
}

SanfordWhiteman · ‎01-17-2023

Well, yes. Not sure what else you would have tried (there would never be any reason to pre-JSON-encode the payload).

You also don't need the custom header. The endpoint defaults to expecting UTF-8, as dictated by the JSON standard.

dMallicoat · ‎01-19-2023

I banged my head through dozens and dozens of attempts messing with every setting I could to try and figure out what I missing. I received error responses every time until I did what I explained in my answer. To verify, I removed the custom header and received an error, put it back in and it works. So, not sure there.