Submit JSON with reCAPTCHA

Google reCAPTCHA protects you from fraudulent activities, spam, and abuse. There are two versions of reCAPTCHA and we support both clickable (v2) and invisible reCAPTCHA (v3).

We recommend going with v3 unless you'd like your users to click on cars and traffic lights before submitting!

Before getting started make sure to reference the reCAPTCHA documentation.

✨🤖🚦 reCAPTCHA is available on all paid plans

1. Get a Site Key and Secret Key

  1. Head to the Google reCAPTCHA website
  2. Create a new site, or select an existing one
  3. Copy your site key and secret key.

2. Integrate reCAPTCHA with your front end

  1. Insert the reCAPTCHA script in your HTML's <head> tag.
<script src="https://www.google.com/recaptcha/api.js"></script>
  1. Render the client-side integration.

Follow Google's instructions on how to integrate reCAPTCHA v2 or v3

⚡️ OR ⚡️ if you're using a JS framework there is likely a package that will make the integration easier:

3. Pass your token along with your submission

Once the reCAPTCHA widget is setup, you can send the reCAPTCHA response token to our API in two ways.

  1. It can be passed along in the request body via a g-recaptcha-response property. This is the reCAPTCHA's default behavior and requires no additional config from you.
document.getElementById('myForm').addEventListener('submit', async function (e) {
  const formData = new FormData(this);
  const data = Object.fromEntries(formData)
  // data is something like { ..., 'g-recaptcha-response': 'xxxxxx'}
  const response = await fetch('https://api.submitjson.com/v1/submit/XxXx', {
    method: 'POST',
    headers: {
      'content-type': 'application/json',
      'X-API-Key': 'sjk_xxx',
    body: { data },

  const submission = await response.json()
  1. If your situation requires more versatility, it can be added to the submission options with a recaptchaToken key. For this example we'll use the JS client.
await sj.submit({ name: 'Franky', loves: 'Vegapunk' }, {
  recaptchaToken: 'xxxxxxxxxx'

Now that you've integrated reCAPTCHA with your front-end it's time to validate the token.

4. Validate the server-side response

We've got you all covered here. Follow these instructions to set it and forget it:

  1. Head to your endpoint's security settings
  2. Select reCAPTCHA as your CAPTCHA provider
  3. Paste in your secret key, and click Save

🚛✨💚 Nice job, submissions to your endpoint are now validated with Google reCAPTCHA