Static Forms - Secure form backend and form endpoint for contact forms

How to Generate reCAPTCHA Keys

This guide will walk you through the process of creating reCAPTCHA keys for your Static Forms account. You'll need both a Site Key (for your website) and a Secret Key (for your Static Forms account).

Quick Summary:

  • Site Key: Goes in your website's HTML form (public, visible)
  • Secret Key: Goes in Static Forms CAPTCHA Settings (private, never exposed)
  • Domain Setup: Add both your domain AND staticforms.xyz to Google reCAPTCHA

Why You Need reCAPTCHA

reCAPTCHA helps protect your forms from spam and abuse by verifying that submissions are coming from real humans, not bots. This is essential for:

  • Preventing spam submissions to your email
  • Protecting your forms from automated attacks
  • Ensuring the quality of the data you receive
  • Maintaining the security of your website

Static Forms requires reCAPTCHA integration to ensure all form submissions are legitimate.

Step 1: Access the reCAPTCHA Admin Console

  1. Go to the Google reCAPTCHA Admin Console

  2. Sign in with your Google account. If you don't have one, you'll need to create one.

Note: The reCAPTCHA Admin Console is part of Google's services, so you'll need a Google account to access it.

Step 2: Register a New Site

  1. Once logged in, click the + Add button to register a new site.

  2. Enter a Label for your site (e.g., "My Website Forms")

    This is for your reference only and helps you identify this reCAPTCHA configuration later.

  3. Select reCAPTCHA v2 or v3 as the type

    For v2: Choose "I'm not a robot" Checkbox - users will see and interact with the CAPTCHA.

    For v3 (Pro users only): Choose reCAPTCHA v3 for invisible protection without user interaction.

  4. Add your Domains where the reCAPTCHA will be used

    Enter all domains where your forms will be embedded, one per line:

    • Your website domain (e.g., example.com, www.example.com)
    • Important: Add staticforms.xyz to allow Static Forms to verify submissions
    • For local testing, add localhost

  5. Accept the Terms of Service and click Submit

Step 3: Get Your reCAPTCHA Keys

After registering your site, you'll be provided with two important keys:

Site Key (Public)

This key is used in your HTML form and is visible to users. It looks something like:

6LdQxxxcAAAAABxxxxxxxxxxxxxxxxxxxxxxxx

Where to use it:

  • Add this to your website's HTML form (in the data-sitekey attribute)
  • This key is public and safe to expose in your frontend code

Secret Key (Private)

This key must be kept confidential and is used for server-side verification. It looks something like:

6LdQxxxcAAAAAJxxxxxxxxxxxxxxxxxxxxxxxx

⚠️ Important - Where to use it:

  • Enter this in your Static Forms CAPTCHA Settings (not on your website)
  • Never expose this key in your frontend code or HTML
  • Static Forms uses this to verify CAPTCHA responses with Google

Step 4: Add the Secret Key to Your Static Forms Settings

  1. Log in to your Static Forms account

  2. Navigate to Settings → CAPTCHA Settings

  3. In the reCAPTCHA tab, select your reCAPTCHA version (v2 or v3 for Pro users)

  4. Enter the Secret Key you obtained from the reCAPTCHA Admin Console

    If using v3, you can also configure the minimum score threshold (recommended: 0.5)

  5. Click Save Key or Update Key to complete the configuration

✓ Once saved, Static Forms will use this key to verify all CAPTCHA responses from your forms automatically.

Step 5: Implement reCAPTCHA on Your Website

To add reCAPTCHA to your form, you'll need to include the following elements in your HTML:

For reCAPTCHA v2 (Checkbox)

Add the reCAPTCHA widget and JavaScript to your form:

<form action="https://api.staticforms.xyz/submit" method="POST">
  <!-- Your API key from Static Forms -->
  <input type="hidden" name="accessKey" value="your-access-key-here" />
  
  <!-- Your form fields -->
  <input type="text" name="name" placeholder="Name" required />
  <input type="email" name="email" placeholder="Email" required />
  <textarea name="message" placeholder="Message" required></textarea>
  
  <!-- reCAPTCHA v2 widget - Replace YOUR_SITE_KEY -->
  <div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY"></div>
  
  <button type="submit">Send</button>
  
  <!-- Include reCAPTCHA JavaScript -->
  <script src="https://www.google.com/recaptcha/api.js" async defer></script>
</form>

For reCAPTCHA v3 (Invisible - Pro Only)

Add the reCAPTCHA JavaScript and execute it on form submission:

<form id="contactForm" action="https://api.staticforms.xyz/submit" method="POST">
  <input type="hidden" name="accessKey" value="your-access-key-here" />
  <input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response" />
  
  <!-- Your form fields -->
  <input type="text" name="name" placeholder="Name" required />
  <input type="email" name="email" placeholder="Email" required />
  <textarea name="message" placeholder="Message" required></textarea>
  
  <button type="submit">Send</button>
</form>

<!-- reCAPTCHA v3 Script - Replace YOUR_SITE_KEY -->
<script src="https://www.google.com/recaptcha/api.js?render=YOUR_SITE_KEY"></script>
<script>
  document.getElementById('contactForm').addEventListener('submit', function(e) {
    e.preventDefault();
    grecaptcha.ready(function() {
      grecaptcha.execute('YOUR_SITE_KEY', {action: 'submit'}).then(function(token) {
        document.getElementById('g-recaptcha-response').value = token;
        document.getElementById('contactForm').submit();
      });
    });
  });
</script>

Important: Replace YOUR_SITE_KEY with the Site Key (not Secret Key) you obtained from the reCAPTCHA Admin Console.

Troubleshooting

reCAPTCHA Not Displaying

If the reCAPTCHA widget isn't appearing on your form:

  • Verify that you've included the correct Site Key (not the Secret Key) in your HTML
  • Check that you've added the reCAPTCHA JavaScript library to your page
  • Ensure your domain is listed in the reCAPTCHA Admin Console domain list
  • Check browser console for JavaScript errors
  • Make sure you're using the correct reCAPTCHA version (v2 vs v3) script

Form Submissions Failing

If your form submissions are being rejected:

  • Confirm you've entered the correct Secret Key in your Static Forms CAPTCHA Settings
  • Verify that staticforms.xyz is added to your reCAPTCHA domain list
  • Check that your form is correctly sending the reCAPTCHA response token (g-recaptcha-response)
  • Ensure CAPTCHA is enabled in your Static Forms settings (not disabled globally)
  • For v3: Check if your minimum score threshold is too strict (try lowering it to 0.3-0.5)
  • Verify the reCAPTCHA version in Google Admin matches your Static Forms settings

Version Mismatch Issues

If you're having issues after changing versions:

  • Make sure the reCAPTCHA version in your HTML matches what you selected in Static Forms settings
  • v2 and v3 use different implementation patterns - review Step 5 for the correct code
  • Clear your browser cache after making changes
  • Remember: reCAPTCHA v3 is only available for Pro users

Need More Help?

If you're still having trouble setting up reCAPTCHA, you can:

← Back to Home