As a non-developer, I was looking for the most elementary step-by-step instructions on how to add reCAPTCHA to Marketo forms. I ended up following this article on Medium but noticed some inconsistencies so I was wondering a Marketo expert (*cough, specifically one who is highly referenced in the article *cough* Sanford Whiteman) can help provide some clarity?
In the attached PDF, I copied the parts of the instructions I had questions on and wrote my questions directly in the PDF. It's too much effort to explain everything here since I don't have the images as reference so if you can take a look at be super happy.
Thanks for being awesome!
Sanford Whiteman created multiple elements and comments that provide the necessary elements. Read:
Also, the “lead.captcha response" is a field that you need to add to your form and fill with the response. This is usually done through JS, as in Sanford's codepen example. The Captach status is the answer received from the webhook call, that is done on server side.
Greg, you mentioned this is done in JS? So does that mean I don't have to create a custom field in Marketo? Would Sanford's JS be placed directly in the websites HTML code?
Yes, you need to create the fields in Mareto admin->Field management. But they can be added dynamically to your form with some JS.
Thanks, Greg. While a nice effort (and I appreciate its shout-out to my original code) the Medium article is definitely incomplete.
Christina, if you read my other comments you'll see you need much more than just a success/failure boolean. You need to timestamp the last success and failure, and it's also important that you use a quarantine list rather than immediately deleting leads that fail reCAPTCHA -- you don't want to delete an existing lead whose email was used maliciously!
Another part that often trips people up -- and this is Google's fault, really -- is that the same word "response" is used to both refer to  the automatically generated client-side hash (generated by the reCAPTCHA backend in response to mouse/keyboard interaction in the browser and  the JSON response to the webhook that looks up the client-side hash to see if it passed. They are both responses in grand sense, yes. But it would be better to think of  as the "user fingerprint code" and  as "the webhook response."
Thanks Sanford and Gregoire Michel. As a complete programming nube, I am wondering if there is a step-by-step dummies guide to everything you both said. I understood about 1/4 of what you guys said, lol. Even though I've seen Sanford's codepen, I have no idea how and where to apply that information. Anyhow, I neither want nor expect the two of you to waste anymore time explaining what to you must be elementary-level information to me. I do appreciate both your openness and willingness to help though.
I have been meaning to lay out the "real" way to do it on the blog, but it's naturally very screenshot-heavy and I'm kind of backed up with other posts. I did just roll it out again the other week so maybe I can go into that instance while it's still fresh...
Any chance this evernote doc could be shared again? I'm trying to figure out how to set up the fields in Marketo admin->Field management.