This guide will review how to set up ReCaptcha v3 in Aspenware Identity. For more information about ReCaptcha (including former versions of ReCaptcha available through Aspenware Commerce) see our documentation hub. For a general overview see Google ReCaptcha v3 documentation.
Overview
The new reCAPTCHA v3 API helps you detect abusive traffic without user interaction. Instead of showing a CAPTCHA challenge (as with older versions), reCAPTCHA v3 returns a score. Resorts can then choose the most appropriate action for their websites according to this score. Because scores are determined by monitoring user interaction on your site, Aspenware recommends implementing reCAPTCHA to begin site monitoring as soon as possible and across all available interactions. In addition to disabling at any time, reCAPTCHA v3 thresholds can also be adjusted to be more or less tolerant of risky activities. See below for instructions on how to enable on Aspenware Commerce.
Configuration Guide
Preqequisite Steps
In order to use reCAPTCHA v3 you will need to register your site and get your reCAPTCHA public and private keys at https://www.google.com/recaptcha/admin/create.
Detailed Setup Guide
Go to your Aspenware Identity configuration screen (https://identity-yourresort.com/api/system/info)
Note: You must be an assigned admin in order to access your Identity configuration
Insert your public (site) and private (secret) keys.
Select each of the other locations you would like reCAPTCHA v3 to monitor your site
Note: to receive the best security benefits, Aspenware recommends resorts enable reCAPTCHA v3 to all locations
Set threshold to begin monitoring your site
Note: reCAPTCHA learns by seeing real traffic on your site. For this reason, scores in a staging environment or soon after implementing may differ from production. As reCAPTCHA v3 doesn't ever interrupt the user flow, you can first run reCAPTCHA without taking action and then decide on thresholds by looking at your traffic in the admin console. By default, you can use a threshold of 0.5 or to ensure NO ACTION is ever taken, you can set your threshold to 1.
In general, the best score a user can get is a 1 and the worst (almost certainly a bot) is a zero. If a user scores below the threshold, the selection made in your admin dashboard will determine the action taken. For more information on assessment scores thresholds visit https://developers.google.com/recaptcha/docs/v3#interpreting_the_score
.
Questions and Answers:
What if I would like my threshold to vary depending on the user interaction?
Unfortunately, Aspenware currently only offers one threshold across all user interactions. Although a threshold of .5 should meet most needs, please let your services representative know of any issues.
May I use the same Application Key/Secret for my Aspenware Commerce site and my Identity site?
Yes, you may use the same key for both sites.
If I use the same Application Key/Secret for my Aspenware Commerce and Identity sites can I set different thresholds at each site?
Yes, the threshold is set at the application level, so you may use different thresholds by setting them in the corresponding admin panel.