SOLVED

Enterprise Recaptcha Setup

Go to solution
dMallicoat
Level 2

Enterprise Recaptcha Setup

I apologize if I've put this in the wrong place, or if I've missed other posts about it. I searched and scanned and didn't see anything. 


I am trying to set up Enterprise Recaptcha, mainly for the more granular responses and am struggling. Reading through the docs I'm not entirely sure if it's even possible to use Marketo Webhooks to do it. Has anyone else set up Enterprise Recaptcha in Marketo? 

https://cloud.google.com/recaptcha-enterprise/docs/create-assessment

 

we currently have recaptcha v3 setup, not using the native integration as I'd already set it up previously and didn't want to undo it all. 

I've made several efforts, but so far haven't had any success. 

1 ACCEPTED SOLUTION

Accepted Solutions
dMallicoat
Level 2

Re: Enterprise Recaptcha Setup

ok, so after a ton of tests and connecting with my lead dev I got it to work. 

 

The key to getting Enterprise Recaptcha v3 to work in Marketo:
There is the front end script that adds recaptcha to your form page to get your token. 
The back end processing to validate the token to get a score. 

For the back end processing you will need: 

  • From Google Cloud: 
    • API Key, Site Key, Project ID
  • From front end recaptcha response: Token
  • From front end code:  
    • USER_ACTION - this is what you set in your front end script, most likely "form" 

Marketo Webhook Settings
URL: https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY
Request Type: POST
Template:

{
    "event": {
    "token": "TOKEN",
    "siteKey": "KEY",
    "expectedAction": "USER_ACTION"
    }
}

Request Token Encoding: JSON
Response Type: JSON

Custom Headers
Content-Type = application/json; charset=utf-8



The response will contain much more than free v3, a real response shown below with substitions for privacy marked as REDACTED. 

{
"name": "REDACTED",
"event": {
"token": "REDACTED",
"siteKey": "REDACTED",
"userAgent": "",
"userIpAddress": "",
"expectedAction": "form",
"hashedAccountId": ""
},
"riskAnalysis": {
"score": 0.9,
"reasons": []
},
"tokenProperties": {
"valid": true,
"invalidReason": "INVALID_REASON_UNSPECIFIED",
"hostname": "REDACTED",
"androidPackageName": "",
"iosBundleId": "",
"action": "form",
"createTime": "2023-01-17T21:52:28.472Z"
}
}

View solution in original post

6 REPLIES 6
SanfordWhiteman
Level 10 - Community Moderator

Re: Enterprise Recaptcha Setup

Would be better if you'd describe what you've tried and how the results didn't match your expectations.

 

Yes, you can call the Enterprise endpoint as a Marketo webhook using an API key to authenticate. However, mapping the riskAnalysis.reasons responses to individual fields is tricky because you don't know the order of items in the array. But you can map riskAnalysis.reasons[0], riskAnalysis.reasons[1], etc. to a few different custom string fields in Marketo.

dMallicoat
Level 2

Re: Enterprise Recaptcha Setup

From the create an assessment https://cloud.google.com/recaptcha-enterprise/docs/create-assessment I've put the correct values into the URL: 

https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY

and then putting the JSON into  the Template section of the webhook with the appropriate values and marking it as JSON Encoding. 

{
  "event": {
    "token": "TOKEN",
    "siteKey": "KEY",
    "expectedAction": "USER_ACTION"
  }
}


I've tried converting the JSON to a string: 
"{\"event\":{\"token\":\"TOKEN\",\"siteKey\":\"KEY\",\"expectedAction\":\"USER_ACTION\"}}"

All efforts so far have resulted in a 400 error response. 
I'm not quite sure what I need to set in the Webhook options or how to adjust the JSON body they show in the documentation. https://cloud.google.com/recaptcha-enterprise/docs/create-assessment

dMallicoat
Level 2

Re: Enterprise Recaptcha Setup

I've put all the various values for the variables, just can't share them here. 

dMallicoat
Level 2

Re: Enterprise Recaptcha Setup

ok, so after a ton of tests and connecting with my lead dev I got it to work. 

 

The key to getting Enterprise Recaptcha v3 to work in Marketo:
There is the front end script that adds recaptcha to your form page to get your token. 
The back end processing to validate the token to get a score. 

For the back end processing you will need: 

  • From Google Cloud: 
    • API Key, Site Key, Project ID
  • From front end recaptcha response: Token
  • From front end code:  
    • USER_ACTION - this is what you set in your front end script, most likely "form" 

Marketo Webhook Settings
URL: https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY
Request Type: POST
Template:

{
    "event": {
    "token": "TOKEN",
    "siteKey": "KEY",
    "expectedAction": "USER_ACTION"
    }
}

Request Token Encoding: JSON
Response Type: JSON

Custom Headers
Content-Type = application/json; charset=utf-8



The response will contain much more than free v3, a real response shown below with substitions for privacy marked as REDACTED. 

{
"name": "REDACTED",
"event": {
"token": "REDACTED",
"siteKey": "REDACTED",
"userAgent": "",
"userIpAddress": "",
"expectedAction": "form",
"hashedAccountId": ""
},
"riskAnalysis": {
"score": 0.9,
"reasons": []
},
"tokenProperties": {
"valid": true,
"invalidReason": "INVALID_REASON_UNSPECIFIED",
"hostname": "REDACTED",
"androidPackageName": "",
"iosBundleId": "",
"action": "form",
"createTime": "2023-01-17T21:52:28.472Z"
}
}
SanfordWhiteman
Level 10 - Community Moderator

Re: Enterprise Recaptcha Setup

Well, yes. Not sure what else you would have tried (there would never be any reason to pre-JSON-encode the payload).

 

You also don't need the custom header. The endpoint defaults to expecting UTF-8, as dictated by the JSON standard.

dMallicoat
Level 2

Re: Enterprise Recaptcha Setup

I banged my head through dozens and dozens of attempts messing with every setting I could to try and figure out what I missing. I received error responses every time until I did what I explained in my answer.  To verify, I removed the custom header and received an error, put it back in and it works. So, not sure there.