reCAPTCHA
The reCAPTCHA provider verifies tokens using Google’s siteverify endpoint.
reCAPTCHA provider configuration
| Field | Type | Required | Default | Notes |
|---|---|---|---|---|
secretKey | string | ✅ Yes | — | reCAPTCHA secret key from Google. |
endpoint | string | ❌ No | https://www.google.com/recaptcha/api/siteverify | Custom endpoint override (rarely needed). |
Request requirements
The module expects a captcha token to be sent with each protected request. By default:
- Location: headers
- Field name:
x-captcha-token
These are configurable via guardOptions.