My WEB recaptcha V3 Enterprise key is flagged as insecure and says that it is not being use to create assessments!
But I do implemented the code to create assessments, and it is actually working just fine, returns the score, and my backend only let go thought scores greater than 0.5
The metrics tab is showing that 92% of the activity is not suspicions and etc, more than 2 thousand request were made.
So I don’t get why is the key flagged as if it was not creating assessment.
Here is the recaptcha function (implemented with PHP) that is posting to get the assessment data for a particular captcha “token”:
function getCaptcha($token)
{
global $configs;
$googleApiKey = $configs['GOOGLE_API_KEY'];
$googleProjectId = $configs['GOOGLE_PROJECT_ID'];
$recaptchaPublicKey = $configs['RECAPTCHA_PUBLIC_KEY'];
$url = "[https://recaptchaenterprise.googleapis.com/v1/projects/](https://recaptchaenterprise.googleapis.com/v1/projects/){$googleProjectId}/assessments?key={$googleApiKey}";
$data = array(
'event' => array(
'token' => $token,
'siteKey' => $recaptchaPublicKey,
'expectedAction' => 'login',
),
);
$options = array(
'http' => array(
'header' => "Content-type: application/json\r\n",
'method' => 'POST',
'content' => json_encode($data)
)
);
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
$result = json_decode($response);
return $result;
}
But still, my metrics page of the key have the following message (translated from portuguese to english):
“No reviews were created this month, which means your site could be at risk. Learn how to create a review”