reCAPTCHA to Arkose Labs Migration Guide

This document contains the steps needed to migrate from reCAPTCHA to the Arkose Labs Fraud and Abuse Prevention Platform (Arkose Labs Platform).

Migration to the Arkose Labs Platform requires three steps:

  1. Get a private/public keypair so Arkose Labs can authenticate you when using the client and server-side APIs

  2. Update your client-side code by replacing the script tags that are used for reCAPTCHA with the Arkose Labs client-side script tags, using your private key

  3. Update your server-side code to call the Arkose Labs Verify API using your private key and passing in response.token provided by the client-side onCompleted:(response) => {} API callback


Detailed information on implementing the Arkose Labs Platform can be found in the for Standard Setup and Server-Side Instructions.

Get a Private/Public Key Pair

Arkose Labs authenticates your API requests using a private/public key pair that can be retrieved from the Site Settings page of the Arkose Labs Client Dashboard. If you do not have access to the dashboard or do not have your private and public keys, contact your Sales Rep or Sales Engineer.


Update Your Client-side Code

When using reCAPTCHA your client-side code will contain a script tags, similar to those shown below, that set up the reCAPTCHA API:

<!-- Load the Javascript API -->
<script src="" async defer></script>

<!-- Add a callback function to handle the token -->
  function onSubmit(token) {

The reCAPTCHA script tags should be replaced with script tags that load and configure the Arkose Labs API, like those shown in the example below:

<!-- Load the Arkose Labs Javascript API -->
 <script src="//" data-callback="setupEnforcement" async defer></script>
    <!-- Configure the Arkose Labs API and configure the appropriate callback functions -->
    function setupEnforcement(myEnforcement) {
        selector: '#enforcement-trigger',
        onCompleted: (response) => {
          <!-- Pass response.token to the server-side code -->
          <!-- If the response from the server-side code is that the session was solved -->
          <!-- then the form should be submitted e.g. document.getElementById("demo-form").submit(); -->

    <!-- Prevent normal form submission so that submission can be done based on the Arkose verification -->
    function preventSubmit(event) {
    const form = document.getElementById('demo-form');
    form.addEventListener('submit', preventSubmit)


The INSERT_PUBLIC_KEY element of the scripts src attribute URL should be replaced with the public key described in Get a Private/Public Key Pair.

Both solutions attach their API to an element within the DOM and this also needs to be changed. The example below shows how reCAPTCHA can be attached to a button tag:

<!-- Add attributes to the button that will trigger the reCAPTCHA API -->
<button class="g-recaptcha" 

The reCAPTCHA code should be replaced with a DOM element that contains the id attribute value defined in the selector parameter when configuring the Arkose Labs client-side API, for example:

<!-- Add attributes to the button that will trigger the Arkose Labs API -->
<button id="enforcement-trigger">Submit</button>

More information on the different API callbacks that are available and how to retrieve the response.token value can be found in the Standard Setup guide.

Update Your Server-Side Code

Once an Arkose Labs session has been successfully completed i.e. the onCompleted:(response) => {} function is called, the value of the token key within the JSON response object should be sent to your server for verification. Your server-side code should take the token and pass it to the Arkose Labs verify API:

Full details on how to implement Arkose Labs server-side verification can be found in the Server-Side Instructions.


Was this article helpful?
0 out of 0 found this helpful