Google reCAPTCHA

WATCH THE VIDEO

Sana Commerce Cloud uses Google reCAPTCHA to increase the security level of a webstore, prevent spam attacks and protect it from bots. reCAPTCHA is a test to check whether the user is a human or not. Sana Commerce Cloud supports Google reCAPTCHA v3 and v2.

Google reCAPTCHA can be used for the Sana webstore and Sana Admin. It is used as an extra security check to deter bots from using these webstore forms:

  • Contact us
  • Customer registration (B2C / B2B)
  • Forgot password
  • Write a review
  • Newsletter subscription
  • Write a comment

How to Register a Sana Webstore and Generate the Site Key and Secret Key

To start using Google reCAPTCHA, you need to sign up for an API key pair for your webstore. The key pair consists of a site key and secret key. The site key is used to invoke the reCAPTCHA service on the Sana webstore. The secret key authorizes communication between Sana Commerce Cloud and the reCAPTCHA server to verify the user's response. The secret key needs to be kept safe for security purposes.

Step 1: Go to the Google reCAPTCHA admin panel and sign in with your Google account. If you do not have a Google account, create it.

Step 2: Enter some label. This can be anything you want, for example the name of your company, or webstore domain.

Step 3: Choose the type of reCAPTCHA you want to show in the Sana webstore.

Google reCAPTCHA v3

reCAPTCHA v3 never interrupts users with a challenge and does not require them to perform any actions. It checks user interactions with your website, determines that their traffic was generated by human visitors, and helps filter out robots generating spam or automated abuse.

When reCAPTCHA v3 is used, a widget indicating that the website is protected by reCAPTCHA is shown on all webstore pages.

Google reCAPTCHA v2

If you add Google reCAPTCHA v2 to the Sana webstore, the widget will be shown on the following webstore pages:

  • Contact us
  • Customer registration (B2C / B2B)
  • Forgot password
  • Write a review
  • Newsletter subscription
  • Write a comment

Sana Commerce Cloud supports two types of Google reCAPTCHA v2:

  • I'm not a robot (Checkbox): It requires the user to click on a checkbox indicating that the user is not a robot.

  • Invisible: It does not require the user to click on a checkbox or any other actions at all. Instead it is invoked directly when the user clicks on the button on the page.

Step 4: Enter your webstore domain.

Step 5: Accept the reCAPTCHA Terms of Service and click Submit.

Now you can see the key pair - Site key and Secret key.

To add Google reCAPTCHA to the Sana webstore pages, you need to enter these keys in Sana Admin.

How to Set Up Google reCAPTCHA in Sana

To configure Google reCAPTCHA in Sana Admin:

Step 1: Log in to Sana Admin and go to: Setup > Security > Captcha. See Google reCAPTCHA settings.

Step 2: Enable Google reCAPTCHA for Sana Admin or webstore, or both.

Step 3: Enable reCAPTCHA and choose the version of reCAPTCHA for which you generated the keys in the Google reCAPTCHA admin panel.

  • If you configure reCAPTCHA v2, choose the type of reCAPTCHA – I’m not a robot or Invisible.

  • If you configure reCAPTCHA v3, enter the Minimum allowed score. It should be between 0.1 and 0.9. The default value is 0.5.

    reCAPTCHA v3 returns a score for each request based on interactions with your website. It rates traffic and interaction on a scale of 0.0 to 1.0, where 1.0 indicates good interaction and a score closer to 0.0 indicates a high probability that the traffic was generated by bots.

Step 4: Enter the Site key and Secret key.

Step 5: Open your webstore and check if the Google reCAPTCHA widget is visible.