Captcha
A captcha protects your registration/login flows from automated abuse before an OTP is ever sent. Configure it from Manage environment โ External services (see Overview). Three providers are supported:
| Provider | Fields |
|---|---|
| Google reCAPTCHA v3 | Secret Key |
| Friendly Captcha | Secret Key |
| Cardinal Kerberus Captcha | none โ no API key required |
Kerberus is Cardinal's own free captcha: "You don't need to provide an API key โ Cardinal will automatically generate one for you." It's a great default for getting started.
Your application needs the site key for whichever captcha you enabled. The keys surface in Manage environment โ Environment variables and on the wizard's Ready to go step (e.g. reCAPTCHA site key, Friendly Captcha site key, Kerberus API key). See Environment and Initialize the Cardinal SDK.
Captcha configuration is Environment-Access only and shared across every project in the Environment.
Where to go nextโ
- Email ยท SMS โ the OTP delivery gateways.
- Demo setup โ includes Kerberus by default.
- Authentication Processes โ the flows the captcha protects.
Cardinal SDK reference: Solving the captcha โ handling the captcha from your app.