reCAPTCHA is a tool used to determine if a given action is performed by a real user or malicious automation. Therefore, it is particularly helpful in preventing ecommerce fraud.
This guide shows you how to implement this feature in checkout integrations. To learn more about this type of validation in VTEX stores, see this article on reCAPTCHA on our help center.
VTEX uses reCAPTCHA v2. Learn more about it in the official reCAPTCHA v2 documentation provided by Google. To configure reCAPTCHA verification, follow the steps below:
GETrequest using the endpoint Get orderForm configuration.
POSTrequest using the endpoint Update orderForm configuration with the same data obtained in the GET request, just modifying the
recaptchaValidationparameter to one of the following values:
"never": no purchases are validated with reCAPTCHA.
"always": all purchases are validated with reCAPTCHA.
"vtexCriteria": only some purchases are validated with reCAPTCHA in order to minimize friction and improve shopping experience. VTEX’s algorithm determines which sessions are trustworthy and which should be validated with reCAPTCHA. This is the recommended option.
Make a new
GETrequest using the endpoint Get orderForm configuration to confirm activation.
This configuration is valid for the entire account. It is not possible to activate reCAPTCHA for a limited number of bindings.
If you activate reCAPTCHA for your account, it is important to note that any integrations that deal with placing orders should be able to handle the validation. That is, integrations should display the validation to the user and send the appropriate response token to VTEX once they solve it successfully. If reCAPTCHA is required for a given order, it can not be placed without validation. However, if your store uses VTEX’s native UI, it is already capable of handling reCAPTCHA.
Learn more about the applicable cases and how to implement reCAPTCHA for Checkout integrations.