# reCAPTCHA v3

reCAPTCHA v3 is Google’s latest CAPTCHA system. Unlike earlier versions, it requires **no user interaction**—no checkboxes or image challenges. Instead, it runs silently in the background and assigns a **“humanity score”** between **0.1 (likely bot)** and **0.9 (likely human)**. Websites use this score to decide whether to allow or block a request.

You must solve reCAPTCHA v3 only when the target site **rejects your automated request** based on a low score.

![reCAPTCHA v3 Widget](/assets/recaptcha-v3-widget.42c1a59c71295a3e53e8c3384f386cd0a1605bdc58321b4e7e0f7da390ce6bd9.9c1bb791.gif)

## Integration Workflow

1. **Identify required parameters** from the target page:
  - **Site Key**: Found in `api.js?render=SITEKEY`, `grecaptcha.execute('SITEKEY', ...)`, or the global `___grecaptcha_cfg` object.
  - **Action**: Extracted from `grecaptcha.execute(sitekey, {action: 'ACTION_NAME'})`. If unknown, use `verify`.
  - **Page URL**: Full URL where reCAPTCHA v3 is embedded.
2. **Submit the task**:
  - For API V1: Send a request to `in.php` with `method=userrecaptcha`, `version=v3`, `googlekey`, `pageurl`, and `action`.
→ See [API V1 – reCAPTCHA v3](/api/recaptcha-v3)
  - **API V2 COMING SOON**


1. **Receive a task ID** and wait **10–15 seconds**.
2. **Poll for the result**:
  - **API V1**: Use `res.php` with your task ID
→ See [API V1 – Get Result](/api/recaptcha-v3)
  - **API V2 COMING SOON**


1. **Use the token immediately** in your automated request:
  - Most sites expect the token in a field named `g-recaptcha-response` or `g-recaptcha-response-100000` (or similar).
  - Send it exactly as a real browser would—typically as a form or JSON parameter in the protected action (e.g., login, checkout).


> **Important**: The token is **single-use** and expires within minutes. Do not reuse or delay submission.