reCAPTCHA v3 is Google’s latest CAPTCHA system. Unlike earlier versions, it requires no user interaction—no checkboxes or image challenges. Instead, it runs silently in the background and assigns a “humanity score” between 0.1 (likely bot) and 0.9 (likely human). Websites use this score to decide whether to allow or block a request.
You must solve reCAPTCHA v3 only when the target site rejects your automated request based on a low score.
Identify required parameters from the target page:
- Site Key: Found in
api.js?render=SITEKEY,grecaptcha.execute('SITEKEY', ...), or the global___grecaptcha_cfgobject. - Action: Extracted from
grecaptcha.execute(sitekey, {action: 'ACTION_NAME'}). If unknown, useverify. - Page URL: Full URL where reCAPTCHA v3 is embedded.
- Site Key: Found in
Submit the task:
- For API V1: Send a request to
in.phpwithmethod=userrecaptcha,version=v3,googlekey,pageurl, andaction.
→ See API V1 – reCAPTCHA v3 - API V2 COMING SOON
- For API V1: Send a request to
Receive a task ID and wait 10–15 seconds.
Poll for the result:
- API V1: Use
res.phpwith your task ID
→ See API V1 – Get Result - API V2 COMING SOON
- API V1: Use
- Use the token immediately in your automated request:
- Most sites expect the token in a field named
g-recaptcha-responseorg-recaptcha-response-100000(or similar). - Send it exactly as a real browser would—typically as a form or JSON parameter in the protected action (e.g., login, checkout).
- Most sites expect the token in a field named
Important: The token is single-use and expires within minutes. Do not reuse or delay submission.