Skip to main content

How to Create Google reCAPTCHA Keys

Pro.svgPRO PLAN

Overview

For added security, you can prevent bots and fraudulent entries or votes by enabling Google reCAPTCHA on the following widgets:

  • Entry Display Widget
  • Form Container Widget

ShortStack requires all users implementing Google reCAPTCHA bot prevention to provide their own API keys. This guide explains how to generate your own keys and add them to your campaign.

Create Google reCAPTCHA Keys

  1. Log in to your Google account and go to the reCAPTCHA Admin Console.
  2. Label: Enter a name to identify your site (e.g., "My Holiday Campaign").
  3. reCAPTCHA type: Select Score based (v3).
  4. Domains: Enter the domain name(s) where your campaign will live, then click the add (plus) icon.
    • ShortStack-Provided Domain: If you are publishing to a ShortStack URL, enter the base domain: cmpgn.page, lndg.page, or shortstack.page.
    • Custom Domain: If you are using a custom domain (e.g., mybrand.com), enter that domain here.
    • Embed: If you are embedding the campaign on your website, enter the domain where the embed will be placed.
  5. If you are new to the Google Cloud console, accept the Terms of Service.
  6. Click Submit.

Note: If you are new to the Google Cloud console, a project and the necessary APIs will be created automatically. For additional support click here.

Disable Domain Checking (Optional)

If you plan to publish to multiple domains without manually updating your key settings each time, you can disable domain checking.

  1. Find the domain verification setting in your Google dashboard:
    • reCAPTCHA Admin Console: Uncheck the box for Verify the origin of reCAPTCHA solutions.
    • Google Cloud Console: Check the box for Disable domain verification.
  2. Save your changes.

Security Warning: Disabling domain checking poses a security risk. Google warns: "Turning off this protection by itself poses a large security risk - your key could be taken and used by anyone... For this reason, when verifying a solution, you are required to check the hostname/package field and reject any solutions that are coming from unexpected sources." Learn more.

Add Keys to ShortStack

  1. Open the campaign you want to protect in the Campaign Builder.
  2. Click the Campaign Settings icon (gear icon).
  3. Select the Security tab.
  4. Click on the Choose Profile button.
  5. Click on the Add button located at the bottom right corner of the pop-up.
  6. Enter the Profile Name and Description
  7. Copy and paste the Site Key and Secret Key provided by Google into their respective fields. 
  8. Click Save.

Edit Keys in ShortStack

You can update or remove your reCAPTCHA keys using the Entry Profiles Manager.

  1. Open the Entry Profiles Manager.
  2. Use the filter menu to select Integration.
  3. Locate the integration labeled Google reCAPTCHA Keys.
  4. Click the Edit icon (pencil) to update the keys.
  5. To delete a key, select the integration and click Delete in the top menu.

FAQs

Why is ShortStack changing how Google reCAPTCHA works?

Google recently introduced new API fees for reCAPTCHA. These fees create a recurring cost for ShortStack. Rather than absorb that cost and raise plan prices for everyone, we’ve decided to change how reCAPTCHA is provided going forward. This allows us to keep ShortStack pricing stable while still giving you access to strong fraud protection tools.

Do I still have access to other fraud prevention tools?

Yes. 

ShortStack continues to provide multiple fraud protection options, including: 

These tools remain fully supported and available to all customers

Will ShortStack charge a fee for this change?

No.

ShortStack is not adding any new fees related to this change, and plan pricing remains the same.

Does it cost additional money to get a Google reCAPTCHA key?

Google provides 10,000 free reCAPTCHA uses per month. The majority of ShortStack customers fall well within this limit. If your usage exceeds 10,000 monthly interactions, Google may charge according to their pricing model. 

You can review Google’s current pricing here. Any costs billed by Google are handled directly between you and Google.

I already have a form or campaign using Google reCAPTCHA. Will it still work?

Yes

All existing published campaigns that already use Google reCAPTCHA will continue to function as they do today. Only new campaigns published starting the week of 1/26/26 will require you to provide your own Google reCAPTCHA key.

 

Was this article helpful?