Skip to main content

CAPTCHA_CHECK_FAILED : Recaptcha verification failed - SITE_MISMATCH

  • December 23, 2024
  • 4 replies
  • 146 views
I
Forum|alt.badge.img+1

Hello Google Support Team,

I am encountering the following error while implementing Firebase reCAPTCHA with the Identity Toolkit API for Phone Authentication:

{
"error": {
"code": 400,
"message": "CAPTCHA_CHECK_FAILED : Recaptcha verification failed - SITE_MISMATCH",
"errors": [
{
"message": "CAPTCHA_CHECK_FAILED : Recaptcha verification failed - SITE_MISMATCH",
"domain": "global",
"reason": "invalid"
}
]
}
}

I have already tried using the sendVerificationCode method from the Identity Toolkit API on both the server and client sides, but I continue to encounter the same issue.

Could you please assist me in understanding the cause of the SITE_MISMATCH error and how to resolve it? Any guidance on what needs to be configured to avoid this error would be greatly appreciated.

Thank you in advance for your help!

Best regards,
Muhammad Nadeem

4 replies

U
Forum|alt.badge.img+1
  • Udaybhan200
  • New Member
  • December 30, 2024

i am faced same issue , if u getting any solution , help me

I
Forum|alt.badge.img+1
  • imuhammadnadeem
  • Author
  • New Member
  • December 31, 2024

i am faced same issue , if u getting any solution , help me


Sure! Can you share more details about the issue you're facing? I’d be happy to help you out!

Sheik
Staff
Forum|alt.badge.img+1
  • Sheik
  • Staff
  • January 7, 2025

Hi,

The issue is caused because the site which generated the reCAPTCHA token is not part of the domain's allowlist for the specified site key. The easiest option to mitigate is to add the site to the domain's allow list. So wondering how did you create the site key ? Are you trying to use reCAPTCHA as multi factor authentication ? 

 

Sheikji Nazirudeen, Product Manager, Google
A
I
Forum|alt.badge.img+1

Hi,

The issue is caused because the site which generated the reCAPTCHA token is not part of the domain's allowlist for the specified site key. The easiest option to mitigate is to add the site to the domain's allow list. So wondering how did you create the site key ? Are you trying to use reCAPTCHA as multi factor authentication ? 

 


This is the head of the index.html.  The key is the reCAPTCHA site key from the Google Cloud.

This is in the body of index.html. The key is the reCAPTCHA site key from the Google Cloud.

This is my function to get the token

Here I'm getting the token.

These are added in Firebase.

These are added in reCAPTCHA.

I added the legacy key in the reCAPTCHA secret key from the reCAPTCHA site below.

 

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.