Google is currently sending out a mass email that looks like this:
Dear Webmaster,
You are receiving this email because you are registered as a website administrator using reCAPTCHA, and your website is still using reCAPTCHA v1, which will be turned off on March 31, 2018.
We announced the reCAPTCHA v1 deprecation in May 2016. Starting in November 2017, a small percentage of reCAPTCHA v1 traffic will begin to show a notice informing users that the old API will soon be retired. Any calls to the v1 API will not work after March 31, 2018.
To ensure continued functionality, you’ll need to update your website to a current version of reCAPTCHA. You can learn more about reCAPTCHA v2, Invisible reCAPTCHA and reCAPTCHA Android API in our Developer’s Guide. The new APIs are simple to implement and will streamline the captcha experience for your users. If you need help, you can engage in the reCAPTCHA Google Developer Group or post to Stack Overflow with the ‘recaptcha’ tag.
We hope that your upgrade will be seamless, and we’re confident you’ll be happy with the results.
Thank you,
reCAPTCHA Support
For those of who have built dozens (or hundreds) of sites with ReCAPTCHA over the years, is there a simple way to identify which websites are using version 1?
This question has also been asked in the Google Developers ReCAPTCHA group (by someone else) and I will monitor answers there and post them here if they are relevant: https://groups.google.com/forum/#!topic/recaptcha/KRzmHivCtjM
You might have a look at https://www.google.com/recaptcha/admin#list. However for me all of the sites have V2 as Site Type while I got the same email as you. While checking some of the sites I noticed they were actually using reCAPTCHA v1.
One method: Browse each site and look at the very recaptcha itself:
v1 == punch in letters to complete the captcha.
v2 == select images to complete the captcha.
Could be tedious, yes, but should do the job.
Related
Recaptcha in a paid google account for a site with more than 1,000,000 clicks on Recaptcha (the free quota from google).
there is no option to choose the invisible v2 Recaptcha that is available on the free Recaptcha , only checkbox option or Recaptcha enterprise version (v3).
when trying to use the checkbox version i.e
Checkbox ("I'm not a robot") with scoring
site key and trying to implement it in size="invisible" i get this text on the recaptcha badge.:
This site key is not enabled for the invisible captcha.
when using the Recaptcha enterprise version i.e
Scoring, with no visible challenge to your users
It gets rendered ok, but of course don't get any challenges..
any idea how to use the invisible Recaptcha in the paid version?
Seems i pay and get less options than the free version.
Thanks
You are able to migrate Google Recaptcha V2 invisible to Google Recaptcha Enterprise, as well as create new invisible site keys in Recaptcha Enterprise via cloud shell!
That being said, there are major differences in how V2/V3 and enterprise work, so keep in mind (for web at least) you will need to change some minor frontend and backend code.
Here is the migration guide mentioning the capability to migrate existing invisible site keys:
https://cloud.google.com/recaptcha-enterprise/docs/migrate-recaptcha#:~:text=reCAPTCHA%20v2%20Invisible
Here is the gcloud sdk reference for creating an invisible site key:
https://cloud.google.com/sdk/gcloud/reference/recaptcha/keys/create#:~:text=low%20scoring%20events-,invisible,-Does%20not%20display
reCAPTCHA Enterprise and reCAPTCHA v3 are different.
You said on the webpage you are invoking the reCAPTCHA verification programmatically with an attribute data-size='invisible’. Invisible Recaptcha can be used only in reCAPTCHA v2 & v3 and can’t be used in reCAPTCHA Enterprise. Refer documentation for sample code of reCAPTCHA Enterprise.
To use Invisible reCAPTCHA in v3 refer to the documentation.
To migrate from reCAPTCHA (non-Enterprise version) refer to the documentation.
reCAPTCHA Enterprise has more features than v2 & v3. Refer to the comparison table.
We have added google reCaptcha v3 to our sign-in and have received some complaints from customers that they are being blocked. From what I understand this can happen if they are using the browser incognito mode as well as if they are using a VPN.
With that said, is there away to weed out the good traffic from the bad if google declares the traffic to be suspect ~ i.e. adding a visual challenge and / or adding some type of verification if the score is under a certain threshold?
If so does anyone have a walk through or experience in implementing this type of verification within the latest reCaptcha? The documentation of this is rather limited and does not provide any real world examples of what to do in this circumstance.
Any help or guidance is greatly appreciated.
I found some info - the Google docs says it's possible to issue a challenge with reCaptcha 3.
https://developers.google.com/recaptcha/docs/verify
I wonder if anyone has set up a working example of this?
I hope this is the right forum to ask this question.
I've recently integrated reCaptcha v3 into a website I manage in order to protect the login form.
I get alot of noise from users saying that if they are in the office (and originate from the same IP) or customers who are using shared IPS (office IPs) are failing login.
For the meantime I've disabled reCaptcha by allowing score 0 to login.
My question is.. is there a built in way in reCaptcha to send Google's API information about the request or should I just add the reCaptcha score into my own calculation when allowing the login ?
Thanks !
I have seen an update that Google+ APIs will be shut down on March 7, 2019. I am working on a maintenance project which has below two google apis. But I am not sure whether these two calls are google or google plus api. If it is google plus then I have to replace it.
https://www.googleapis.com/oauth2/v4/token
https://people.googleapis.com/v1/people/me?personFields=birthdays
Appreciate your response on this.
Neither of these use the Google+ API. The first is part of the OAuth and OpenID Connect framework and the second is the Google People API.
You should be good for both.
When searching in Yammer it uses an /api/v2/search endpoint like this:
https://www.yammer.com/api/v2/search/models?search=test&start=0&size=20&model_types=threads&_network=xxxxxxx&relevance=DEFAULT
Compared to the v1 search endpoint this returns more data. We need this data. And we successfully tested using this v2 endpoint.
Now the question: Is this v2 search endpoint safe to use? Is it "official"? Maybe somebody from Yammer reads along - on their Help page it says:
We encourage you to post all programming questions to StackOverflow
with a #yammer hashtag
So here we are. Any help is appreciated.
The Yammer v2 search API endpoint is not yet officially supported for third-party use. This is because we anticipate the need to make changes to it as we build it out. There are no plans to lock developers out of experimenting with the v2 search API. However, when developing any important functionality against this API, automated testing should be used to detect any unannounced breaking changes that we make while we continue to build it out.