Build reCAPTCHA Enterprise key configurations with web settings, WAF integration, and testing options.
Last verified: May 2026
Build reCAPTCHA Enterprise key configurations with web settings, WAF integration, and testing options.
Required Fields
namedisplayNamewebSettings.allowedDomainswebSettings.integrationTypeOutput will appear here...Build reCAPTCHA Enterprise key configurations with web settings, WAF integration, and testing options. This tool helps GCP engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.
Most reCAPTCHA Enterprise primitives behave the same in standard, Assured Workloads, and sovereign Google Cloud deployments, but available services, regions, and access controls differ. The output is portable in shape; you must verify service availability and any Assured Workloads constraints before applying in a controlled environment.
The reCAPTCHA Enterprise options surface what is currently documented in the Google Cloud reference for that service. When Google adds a new property or value, we add it here after verifying the schema in a real project. If a recently-announced feature is not yet selectable, treat that as a 'not yet supported' signal rather than an opinion that it should not be used.
Your e-commerce site has been getting hammered by automated checkout bots scalping limited inventory. The builder generates a reCAPTCHA Enterprise SCORE-based site key for the checkout page, integrated with Cloud Armor — requests with score <0.3 are blocked at the edge, 0.3-0.7 get a checkbox challenge. Within hours of deploy, automated checkouts drop to near-zero; legitimate customers barely notice the protection because real humans get high scores invisibly. Cost: $0/month (under free tier limit) for the protection that was previously costing $30K+/year in scalped inventory.
The builder constructs reCAPTCHA Enterprise configurations: site key resource (display name, platform: WEB or ANDROID or iOS, integration type: SCORE or CHECKBOX, allowed domains, optional WAF integration setting), site key labels for analytics, and Cloud Armor integration policy referencing the site key. Output is generated as gcloud recaptcha commands and Terraform google_recaptcha_enterprise_key resources.
reCAPTCHA Enterprise scores requests on a 0.0-1.0 scale (1.0=human, 0.0=bot). Don't binary-block based on score alone — use score thresholds with progressive friction: score>0.7 allow, 0.3-0.7 challenge with CAPTCHA, <0.3 block. This minimizes false positive blocks while still stopping bots.
Integration with Cloud Armor lets you use reCAPTCHA scores in WAF rules — block requests with low scores at the edge BEFORE they hit your backend. This is dramatically more efficient than collecting the score in your app and rejecting after backend processing.
The free tier is generous (1M assessments/month free) — for most apps, reCAPTCHA Enterprise is essentially free. Above that, $1/1K assessments. Compared to alternatives (custom bot detection, Akamai Bot Manager) at $$$$/month, reCAPTCHA Enterprise is dramatically cheaper.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.