When a shopper places an order on your store paying with a credit or debit card, they may or may not be required to perform reCAPTCHA validation according to the criteria set in the orderForm configuration.
The recommended configuration is
vtexCriteria, which uses an algorithm to determine which sessions are trustworthy. This reduces the application of reCAPTCHA validation, improving security with no impact conversion.
Regardless of this configuration, reCAPTCHA verification will not be required in some cases:
Fulfillment orders, meaning orders received through a marketplace, in which your store is responsible only for the fulfillment. In this case, reCAPTCHA validation is applied in the marketplace where the order was made by the shopper according to its own configuration.
Orders made by authenticated administrator users, including call center users.
Orders made through the private (
/pvt) placeOrder API endpoint, which is commonly used by integrations and authenticated with appKey and appToken.
Orders where payment does not include a debit or credit card.
Updated 9 days ago