Implement Google ReCaptcha Enterprise with score-based approach in Laravel


What is Google’s ReCaptcha Enterprise?

ReCaptcha Enterprise is built on the existing reCAPTCHA API and it uses advanced risk analysis techniques to distinguish between humans and bots. It include website protection from spam and abuse and detect other types of fraudulent activities on the sites such as credential stuffing, account takeover (ATO) and automated account creation.

ReCaptcha Enterprise offers more features and new enhancement in term of detection with more granular scores, reason codes for risky events, mobile app SDKs, password breach/leak detection, Multi-factor authentication (MFA), and the ability to tune your site-specific model to protect enterprise businesses.

For features comparison between normal reCaptcha and reCaptcha Enterprise, you may visit this link

How score-based work

This ReCaptcha Enterprise works basically the same as ReCaptcha V3 which without user interaction and only based on score but more security enhancement. In short, this score-based reCaptcha lets you understand the level of risk that the interaction poses and helps you to take appropriate actions for your site or application. You may refer this diagram for further understanding.

Implement in Laravel

Well, in this experiment we will try to add Google ReCaptcha Enterprise to a login form without using any package. I will show how to implement reCaptcha Enterprise without any user interaction, only based on score.

Here are the steps:

  1. Enable ReCaptcha API
  2. Create new reCaptcha Enterprise Key
  3. Create new Credential API Key
  4. Add keys to config file
  5. Implement reCaptcha scripting at Login page
  6. Create a Laravel Rule
  7. Add Validation rule to Login logic
  8. Testing and validation