Skip to main content

Captcha

A captcha protects your registration/login flows from automated abuse before an OTP is ever sent. Configure it from Manage environment โ†’ External services (see Overview). Three providers are supported:

ProviderFields
Google reCAPTCHA v3Secret Key
Friendly CaptchaSecret Key
Cardinal Kerberus Captchanone โ€” no API key required

Kerberus is Cardinal's own free captcha: "You don't need to provide an API key โ€” Cardinal will automatically generate one for you." It's a great default for getting started.

info

Your application needs the site key for whichever captcha you enabled. The keys surface in Manage environment โ†’ Environment variables and on the wizard's Ready to go step (e.g. reCAPTCHA site key, Friendly Captcha site key, Kerberus API key). See Environment and Initialize the Cardinal SDK.

caution

Captcha configuration is Environment-Access only and shared across every project in the Environment.

Where to go nextโ€‹

Cardinal SDK reference: Solving the captcha โ€” handling the captcha from your app.