Skip to main content

Guys, I have no idea where I should put this question

Last month we received an e-mail telling us that our reCaptcha quota had been exceeded and we had 90 days to upgrade do Enterprise. Yesterday we received the second e-mail. In both e-mail we had over 1 million requests per month, and that number does not match our traffic volume. 

We use reCaptcha in our Azure AD B2C license. The url is similar to "https://mycompany.b2clogin.com/mycompany.onmicrosoft.com/etc"  and all the other Azure AD B2C clients have their instances running in a URL similar to that "companyname.b2clogin.com/etc"

This alert started when we implemented reCaptcha in our Registration form. We know that roughly 20k users get to this page monthly. 

We have the following questions before upgrading to Enterprise (because something seems to be wrong):

1- what counts as a request for reCaptcha V2? If the widget is printed, the user interacts with it and then our backend verify the token, then 1, 2 or 3 requests are computed?

2- are we sharing our quota with other people that has a Azure AD B2C instance running in a URL similar to  "https://somecompany.b2clogin.com/mycompany.onmicrosoft.com/etc"  ?

This is the message I received this month

"Domain: b2clogin.com 
Total site_verify requests last month on this domain: 2,308,200

Site key: ##########################
Total site_verify requests last month on this site key: 68,822
site_verify requests last month on this domain on this site key: 68,822
https://www.google.com/recaptcha/admin/site/######" 

Below is the number in our dashboard


Many thanks in advance. If this is not the correct place to ask this question, please address me the correct place so that I can fix it

Hello victorsferreira,


Welcome to GCC!


reCAPTCHA Enterprise has restrictions and usage limits that apply to Google Cloud console projects and are shared on all applications and IP addresses the project is using.


As how reCAPTCHA Enterprise work stated on this document:



When reCAPTCHA Enterprise is deployed in your environment, it interacts with the customer backend/server and customer web pages.


When an end user visits the web page, the following events are triggered in a sequence:



  1. The browser loads the customer web page stored on the backend/web server, and then loads the reCAPTCHA JavaScript from reCAPTCHA Enterprise.

  2. When the end user triggers an HTML action protected by reCAPTCHA such as login, the web page sends signals that are collected in the browser to reCAPTCHA Enterprise for analysis.

  3. reCAPTCHA Enterprise sends an encrypted reCAPTCHA token to the web page for later use.

  4. The web page sends the encrypted reCAPTCHA token to the backend/web server for assessment.

  5. The backend/web server sends the create assessment (assessments.create) request and the encrypted reCAPTCHA token to reCAPTCHA Enterprise.

  6. After assessing, reCAPTCHA Enterprise returns a score (from 0.0 through 1.0) and reason code (based on the interactions) to the backend/web server.

  7. Depending on the score, you (developer) can determine the next steps to take action on the user.


The following sequence diagram shows the graphical representation of the reCAPTCHA Enterprise workflow:



Additional info


https://cloud.google.com/recaptcha-enterprise/docs/getting-started


https://developers.google.com/recaptcha/docs/faq#should-i-use-recaptcha-v2-or-v3

Hello, @Willbin 

Does this apply to reCaptcha v2 as well? We are not using reCaptcha Enterprise yet, and we need to make sure there is no problem with our installation of reCaptcha before upgrading to Enterpise. As I said, we only recognize something around 60k page views, not 1.7kk. 

Can you help us understand where this high volume come from since it's not shown in the charts?

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.