Recaptcha Enterprise API error when creating assessment

Question

I am trying to implement Recaptcha Enterprise, I get the userToken and am attempting to create an assessment but when sending the information get the following response:

{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name "{JSON SENT}": Cannot bind query parameter. Field '{JSON SENT}' could not be found in request message.",
"status": "INVALID_ARGUMENT",
"details": [
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid JSON payload received. Unknown name \"{JSON SENT}' could not be found in request message."
      }
    ]
  }
]
}
}

My php curl file:

 <?php

 $token = $_GET["token"];
 $secret = "SECRET_ID";

 $url = "https://recaptchaenterprise.googleapis.com/v1/projects/{project_id}/assessments?key=" . $secret;

 $curl = curl_init($url);
 curl_setopt($curl, CURLOPT_URL, $url);
 curl_setopt($curl, CURLOPT_POST, true);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

 $headers = array(
"Content-Type: application/x-www-form-urlencoded",
 );
 curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);

 $data = ['event' => ['token' => $token, 'siteKey' => $secret, 'expectedAction' => 'verify']];

 curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));

 $resp = curl_exec($curl);
 curl_close($curl);
 echo ($resp);

My Json

\"{\"event\":
{\"token\":\"TOKEN\",
\"siteKey\":\"SITE_KEY\",
\"expectedAction\":\"verify\"}
}\"

I have tried consulting the enterprise docs but have been unsuccessful. Any and all help would be appreciated.

Answer 1

1. For the call to googleapis.com you'd have to use an api key, not the site key. Use the site key (your $secret) only where you build the $data array.

2. You are sending JSON to google, so the Content-Type should be 'application/json; chartype=utf-8'.

3. In case you are also posting JSON from your website to this php, then you'd need to use

    $json=file_get_contents('php://input');
    $jdata=json_decode($json);

to retrieve the data, not $_GET[]. Then you could address:

    $token=$jdata->token
    $action=$jdata->action

Answer 2

Here is my solution for adding Google reCaptcha Enterprise to a PHP project using CURL.

There doesn't seem to be many simple / lightweight solutions posted for this, so hopefully this helps someone... don't forget to change the URL's project name; adapt the rest as you need! :-)

// Enterprise reCaptcha
$secretKey = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; // Google Cloud API key
$url = 'https://recaptchaenterprise.googleapis.com/v1/projects/YOUR-PROJECT-NAME/assessments?key='.$secretKey;

// Request data
$data['event'] = [
   'expectedAction' => 'USER_LOGIN',
   'token' => $_POST['recaptchaToken'],
   'siteKey' => 'YOUR SITE KEY HERE'
];
$headers = ['Content-Type: application/json'];

// Execute CURL request
$curl = curl_init ();
curl_setopt_array ($curl, [
    CURLOPT_URL => $url,
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_POST => TRUE,
    CURLOPT_POSTFIELDS => json_encode ($data),
    CURLOPT_RETURNTRANSFER => true,
]);
$curlResponse = curl_exec ($curl);
curl_close ($curl);

// Break down response
$json = json_decode ($curlResponse);
$status = $json->tokenProperties->valid;
$score = $json->riskAnalysis->score;

// Process result
if ($status == 1 && $score >= 0.4) {
    // Successful
} else {
    // Failed
}