Implementing reCAPTCHA v3 in Salesforce

Implementing reCAPTCHA v3 in Salesforce involves integrating the reCAPTCHA v3 API into your Salesforce org to add an additional layer of security to your web forms and prevent spam or abusive bot traffic. Here’s a step-by-step guide to implementing reCAPTCHA v3 in Salesforce:

1. Sign Up for reCAPTCHA v3:

• Go to the reCAPTCHA website (https://www.google.com/recaptcha) and sign in with your Google account.
• Register your site to get reCAPTCHA keys (site key and secret key) that you’ll need to integrate reCAPTCHA into your Salesforce org.

1. Add reCAPTCHA Keys to Salesforce:

• In your Salesforce org, go to Setup > Security Controls > CAPTCHA Settings.
• Enter your reCAPTCHA site key and secret key in the appropriate fields.
• Save your changes.

1. Integrate reCAPTCHA with Visualforce Pages:

• Open the Visualforce page where you want to add reCAPTCHA.
• Add the reCAPTCHA JavaScript library to your Visualforce page by including the following script tag in the section:

<script src="https://www.google.com/recaptcha/api.js?render=YOUR_SITE_KEY"></script>

Replace YOUR_SITE_KEY with your reCAPTCHA site key.

• Add the reCAPTCHA widget to your form by including the following code inside the tag:

<div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY"></div>

Replace YOUR_SITE_KEY with your reCAPTCHA site key.

4. Verify reCAPTCHA Response:

• In your Visualforce controller or extension, retrieve the reCAPTCHA response token from the form submission.
• Send the reCAPTCHA response token to the reCAPTCHA verification endpoint using a server-side HTTP request.

String recaptchaResponse = ApexPages.currentPage().getParameters().get('g-recaptcha-response');

• Verify the reCAPTCHA response with the reCAPTCHA secret key.

1. Process reCAPTCHA Verification Response:

• Handle the reCAPTCHA verification response in your Visualforce controller or extension.
• If the reCAPTCHA verification is successful (score > threshold), process the form submission normally.
• If the reCAPTCHA verification fails (score < threshold), display an error message to the user and prevent the form submission.

1. Test Your Implementation:

• Test your reCAPTCHA implementation by submitting the form with and without valid reCAPTCHA responses.
• Verify that the form submission is blocked when the reCAPTCHA verification fails and allowed when the verification is successful.

1. Deploy Your Changes:

• Once you’ve tested your reCAPTCHA implementation thoroughly, deploy your changes to your Salesforce org.

By following these steps, you can successfully implement reCAPTCHA v3 in your Salesforce org to enhance security and prevent spam or abusive bot traffic on your web forms. Make sure to stay updated with any changes or updates to the reCAPTCHA API and adjust your implementation accordingly.

Here’s an example of how to implement reCAPTCHA v3 in a Visualforce page in Salesforce:

1. Add reCAPTCHA Script to Visualforce Page:

<apex:page controller="ReCaptchaController">
    <html>
        <head>
            <title>reCAPTCHA v3 Example</title>
            <script src="https://www.google.com/recaptcha/api.js?render=YOUR_SITE_KEY"></script>
            <script>
                function onSubmit(token) {
                    // Handle form submission with reCAPTCHA token
                    // For example, submit the form data to the server
                }
            </script>
        </head>
        <body>
            <form>
                <input type="text" name="name" placeholder="Your Name" required><br>
                <input type="email" name="email" placeholder="Your Email" required><br>
                <div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY" data-callback="onSubmit"></div>
                <button type="submit">Submit</button>
            </form>
        </body>
    </html>
</apex:page>

Replace YOUR_SITE_KEY with your reCAPTCHA site key.

2. Handle reCAPTCHA Verification in Apex Controller:

public class ReCaptchaController {
    public String verifyReCaptcha(String recaptchaResponse) {
        HttpRequest req = new HttpRequest();
        req.setEndpoint('https://www.google.com/recaptcha/api/siteverify');
        req.setMethod('POST');
        req.setBody('secret=YOUR_SECRET_KEY&response=' + EncodingUtil.urlEncode(recaptchaResponse, 'UTF-8'));

        Http http = new Http();
        HttpResponse res = http.send(req);

        if (res.getStatusCode() == 200) {
            Map<String, Object> result = (Map<String, Object>) JSON.deserializeUntyped(res.getBody());
            Boolean success = (Boolean) result.get('success');
            if (success) {
                return 'ReCAPTCHA verification successful';
            } else {
                return 'ReCAPTCHA verification failed';
            }
        } else {
            return 'Error verifying ReCAPTCHA';
        }
    }
}

Replace YOUR_SECRET_KEY with your reCAPTCHA secret key.

3. Call Apex Method from Visualforce Page:

Add an action attribute to the form tag in the Visualforce page to call the Apex method:

<form action="{!verifyReCaptcha}" method="post">
    <!-- Form fields -->
</form>

This will call the verifyReCaptcha method in the ReCaptchaController when the form is submitted.

4. Process Verification Response:

Handle the verification response in the verifyReCaptcha method and take appropriate action based on the result.

This example demonstrates a basic implementation of reCAPTCHA v3 in Salesforce using Visualforce and Apex. Make sure to customize it according to your specific requirements and error handling needs. Additionally, ensure that you follow best practices for security and data protection when implementing reCAPTCHA in your Salesforce org.