reCAPTCHA Enterprise API

Name: reCAPTCHA Enterprise API API
Brand: reCAPTCHA Enterprise API
Availability: InStock

✓ Official Vendor SpecSecurityThreat Detectionoauth218 EndpointsREST

For Agents

Score user actions for risk, manage site keys and firewall policies, and run IP overrides on Google reCAPTCHA Enterprise.

Quickstart

Get started with reCAPTCHA Enterprise API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"score a user action with google recaptcha enterprise"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with reCAPTCHA Enterprise API API.

Create assessments to score the risk of a user action and receive a 0.0 to 1.0 risk score

Annotate previous assessments with the observed outcome to improve model accuracy

Create and manage reCAPTCHA Enterprise site keys for web and mobile clients

Define firewall policies that act on assessment scores and reorder them by priority

GET STARTED

Start building with reCAPTCHA Enterprise API API

Explore with Jentic

View OpenAPI Document

Use for: I need to score a sign-up attempt for risk using reCAPTCHA Enterprise, Annotate a previous assessment as legitimate after manual review, Create a new site key for our checkout page, Add an IP override to allow our office IP through firewall policies

Not supported: Does not handle WAF rule enforcement, network-layer DDoS mitigation, or end-to-end identity verification — use for action-level risk scoring, firewall policies, and site key management only.

Google reCAPTCHA Enterprise protects websites and apps from fraudulent activity, spam, and abuse using risk scores derived from billions of signals. The API exposes operations to create site keys, evaluate user actions through assessments, define and reorder firewall policies, manage IP overrides, and migrate legacy reCAPTCHA keys. Risk scores returned by assessments power downstream decisions such as showing additional verification, throttling traffic, or blocking outright.

Use Cases

Patterns agents use reCAPTCHA Enterprise API API for, with concrete tasks.

★ Sign-up and Login Fraud Protection

Sites send a reCAPTCHA token from their sign-up or login form to the Assessments API to receive a risk score and a list of reasons. Sites use that score to decide whether to allow the action, throw up additional verification, or block. Annotation calls back into the API help close the loop on which assessments turned out to be fraudulent.

Call POST /v1/{+parent}/assessments with the token and expected action login, then route the user to MFA when the score is below 0.5.

Firewall Policies for High-Risk Routes

Firewall policies let teams declare actions (allow, block, redirect, substitute) keyed off assessment results without changing application code. Policies can be reordered to express priority, and IP overrides allow trusted networks to bypass them entirely.

Create a firewall policy that blocks any request to /admin with score below 0.3, then call POST /v1/{+parent}/firewallpolicies:reorder to put it ahead of the default allow policy.

Migrating Classic reCAPTCHA Keys

Sites moving from classic reCAPTCHA to reCAPTCHA Enterprise need to migrate keys without breaking existing form integrations. The API exposes a migrate operation and a retrieveLegacySecretKey operation so the transition can be staged behind feature flags.

Call POST /v1/{+name}:migrate on the legacy key resource, then POST /v1/{+key}:retrieveLegacySecretKey to fetch the secret needed by existing form posts.

Agent-Driven Risk Triage

A trust and safety agent uses Jentic to fetch assessments, annotate them with verified outcomes, and adjust firewall policies in response to fraud waves, replacing manual console work and giving the agent a clear audit trail of changes.

Search Jentic for annotate a recaptcha assessment, load the schema for projects.assessments.annotate, and execute it with annotation LEGITIMATE for a manually verified user.

Key Endpoints

18 endpoints — google recaptcha enterprise protects websites and apps from fraudulent activity, spam, and abuse using risk scores derived from billions of signals.

METHOD

PATH

DESCRIPTION

POST

/v1/{+parent}/assessments

Create an assessment to score a user action

POST

/v1/{+name}:annotate

Annotate a previous assessment with the observed outcome

POST

/v1/{+name}:addIpOverride

Add an IP override to a firewall policy or key

POST

/v1/{+name}:removeIpOverride

Remove an IP override

POST

/v1/{+parent}/firewallpolicies:reorder

Reorder firewall policies by priority

POST

/v1/{+name}:migrate

Migrate a classic reCAPTCHA key to reCAPTCHA Enterprise

GET

/v1/{+key}:retrieveLegacySecretKey

Retrieve the legacy secret for a migrated key

POST

/v1/{+parent}/assessments

Create an assessment to score a user action

POST

/v1/{+name}:annotate

Annotate a previous assessment with the observed outcome

POST

/v1/{+name}:addIpOverride

Add an IP override to a firewall policy or key

POST

/v1/{+name}:removeIpOverride

Remove an IP override

POST

/v1/{+parent}/firewallpolicies:reorder

Reorder firewall policies by priority

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 credentials are stored encrypted in the Jentic vault. Scoped, short-lived access tokens with the cloud-platform scope are issued per call so the underlying refresh token never enters the agent context, and IAM bindings on the project determine what assessment, key, and policy actions the agent can perform.

Intent-based discovery

Agents search Jentic by intent (score a user action, annotate an assessment, add an IP override) and Jentic returns the matching reCAPTCHA Enterprise operation with its input schema, replacing the need to navigate the reCAPTCHA Enterprise reference docs.

Time to first call

Direct integration takes 1-2 days for OAuth, site key creation, and threshold tuning. Through Jentic: under 1 hour to start scoring assessments — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Web Risk API

Checks URLs against Google's threat lists for phishing and malware

Use Web Risk to validate links submitted by users alongside reCAPTCHA Enterprise scoring of the submitter.

Complementary

Safe Browsing API

Checks URLs against Google's Safe Browsing lists

Use Safe Browsing as a free alternative to Web Risk for general-purpose URL safety checks.

Complementary

Network Security API

Manages Google Cloud network security policies that complement application-layer controls

Use Network Security when threats need to be blocked at the network edge in addition to application-layer scoring.

Complementary

Binary Authorization API

Enforces deploy-time policies for container images on Google Cloud

Use Binary Authorization to enforce supply-chain rules in deploy pipelines while reCAPTCHA Enterprise handles runtime user-action risk.

FAQs

Specific to using reCAPTCHA Enterprise API API through Jentic.

What authentication does the reCAPTCHA Enterprise API use?

The API uses Google OAuth 2.0 with the cloud-platform scope, sent as a Bearer token. Through Jentic the OAuth credentials live in the vault and short-lived access tokens are minted per call, so the underlying refresh token never enters the agent.

What does an assessment score mean?

An assessment returns a risk score from 0.0 (very likely abusive) to 1.0 (very likely legitimate) along with reasons such as AUTOMATION or UNEXPECTED_USAGE_PATTERNS. Sites set their own thresholds, with login forms typically allowing above 0.7, challenging the 0.3-0.7 band, and blocking below 0.3.

What are the rate limits for the reCAPTCHA Enterprise API?

Per-project quotas are documented in the reCAPTCHA Enterprise quotas page. Assessments scale to high QPS by default; firewall policy and key management calls are control-plane operations and have lower quotas.

How do I score a sign-up through Jentic?

Search Jentic for create a recaptcha assessment, load the schema for the projects.assessments.create operation which maps to POST /v1/{+parent}/assessments, and execute it with the token from the form, the site key, and the expected action.

Is the reCAPTCHA Enterprise API free?

Yes up to a generous monthly free tier of assessments per project, with overage pricing published on the reCAPTCHA Enterprise pricing page. Firewall policies and site key management are not separately billed.

How do I add an IP override?

Call POST /v1/{+name}:addIpOverride with the IP CIDR and override type (e.g., allow) on the firewall policy or key resource. Use removeIpOverride to revert when the trusted source is no longer needed.