Skip to main content

Root Cause Analysis on reCAPTCHA Token Invalidation

  • January 14, 2025
  • 4 replies
  • 27 views
G
Forum|alt.badge.img+1

I recently encountered an issue where some of our systems unexpectedly became unavailable. After investigating, we found that the reCAPTCHA token used in our applications had suddenly become invalid.

We didn’t deactivate the token ourselves and didn’t receive any notification from Google about its deactivation. Has anyone else faced a similar situation? I’d love to hear your insights or suggestions on where to start investigating this kind of issue.
I’m also a bit concerned that this might happen again in the future, so any advice on how to prevent it would be greatly appreciated.

Thanks in advance for your help!

4 replies

A
Forum|alt.badge.img+4
  • amitairBronze 2
  • Bronze 2
  • January 14, 2025

 In some cases where a production key hasn't been used in a very long time (several months), it will be removed. Is this the case you're seeing or was this key being actively used?

Thanks,
Amitai Rottem, reCAPTCHA Product Manager

G
G
Forum|alt.badge.img+1
  • GuigoTruckBronze 1
  • Author
  • Bronze 1
  • January 15, 2025

 In some cases where a production key hasn't been used in a very long time (several months), it will be removed. Is this the case you're seeing or was this key being actively used?

Thanks,
Amitai Rottem, reCAPTCHA Product Manager


I appreciate your answer, @amitair. thank you!
Actually, we use those keys frequently in our applications, with over 5K accesses per day.

A
M
Forum|alt.badge.img
  • mattbolton
  • New Member
  • January 22, 2025

We have recreated the recaptcha keys for one of our sites for the second time in 4 weeks today. Works for thousands of visitors everyday until suddenly it doesn't. We have not had a response from Google on the support ticket in 4 weeks either.

G
Forum|alt.badge.img+1
  • GuigoTruckBronze 1
  • Author
  • Bronze 1
  • January 23, 2025

We have recreated the recaptcha keys for one of our sites for the second time in 4 weeks today. Works for thousands of visitors everyday until suddenly it doesn't. We have not had a response from Google on the support ticket in 4 weeks either.


It's very frustrating, @mattbolton. We are planning to move to hCaptcha or other solution because reCAPTCHA Enterprise is too much expensive and we are not sure that Enterprise will protect us of this kind of expiration/invalidation of tokens without notification.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.