# Invisible reCAPTCHA v2

Invisible reCAPTCHA v2 is a variant of Google’s reCAPTCHA that operates without user interaction—unless the system suspects bot activity. It’s commonly used on forms, login pages, or actions like clicking a button or submitting data.

You can identify invisible reCAPTCHA by:

- The presence of `size=invisible` in the reCAPTCHA configuration.
- A DOM element positioned far off-screen (e.g., `top: -10000px`), making it invisible to users.
- Dynamic execution triggered by user actions (e.g., form submission) or page load.


![Invisible reCAPTCHA v2 Widget](/assets/recaptcha-v3-widget.42c1a59c71295a3e53e8c3384f386cd0a1605bdc58321b4e7e0f7da390ce6bd9.9c1bb791.gif)

> **Demo**: See how it works at [Google’s invisible reCAPTCHA v2 demo](https://www.google.com/recaptcha/api2/demo?invisible=true).


## Integration Workflow

1. **Locate the Site Key and Page URL**
  - Check for `data-sitekey` in the HTML or the `k` parameter in reCAPTCHA script URLs.
  - Note the full page URL where the invisible reCAPTCHA is active.
2. **Submit the task**:
  - For API V1: Send a request to `in.php` with `method=userrecaptcha`, `googlekey`, `pageurl`, and **`invisible=1`**.
→ See [API V1 – Invisible reCAPTCHA v2](/api/recaptcha-v2-invisible)
  - **API V2 COMING SOON**


1. **Receive a task ID** and wait **15–20 seconds**.
2. **Poll for the result**:
  - API V1: via `res.php`
→ See [API V1 – Get Result](/api/recaptcha-v2-invisible)
  - **API V2 COMING SOON**


1. **Apply the token** based on the site’s implementation:
  - **Standard injection** (most common):

```javascript
document.getElementById("g-recaptcha-response").innerHTML = "TOKEN_FROM_CAPTCHAAI";
```
Then **Trigger the protected action** (e.g., form submission, button click) immediately after token injection.
  - **Callback-based execution** (if the site uses one):

```javascript
// Replace `onVerify` with the actual callback name
onVerify("TOKEN_FROM_CAPTCHAAI");
```


> **Note**: Invisible reCAPTCHA often validates the token only when the protected action occurs—so ensure the token is set **before** triggering that action.