Why Captcha ?
Captcha is a type of challenge-response test used in computing to determine whether or not the user is human.
Okey, let’s go through the flow for implementing Google reCAPTCHA on Marketo form to ensure that the user is human.
- User requests your webpage.
- Load Marketo form to the webpage with form fields.
- User completes Captcha Challenge.
- User Submit the data to Marketo Server with Captcha Response.
- Post the Captcha Response to Google reCAPTCHA server
- Validate Captcha challenge status and accept if successful.
Yes, you got it right, Captcha is not a browser only technology, this need to be verified at both client and server side.
Configure reCAPTCHA for browser (client)
This is demonstrated very well by Sanford Whiteman, pen follows.
Please note :- To perform the server side validation, we need to pass the captcha response to the marketo server. On JS line number 32, a hidden field named ‘lastRecaptchaUserInput’ is added to the form with reCAPTCHA response as its value. If response value is empty, it means that the user is not validated reCAPTCHA, proceed to form submit only if we have a value.
Ref : https://nation.marketo.com/message/139545#157692 https://stackoverflow.com/questions/27450562/how-to-validate-google-recaptcha-on-form-submit
Verify reCAPTCHA at Marketo Server
We should do the following steps here.
- Configure form to accept the captcha response and status
- Send the received captcha response with secret to google reCAPTCHA sever.
- Do form operations only if google responded with success as true.
We can use the webhooks to send the captcha response to google reCAPTCHA server.
Make sure that response type is JSON and Captcha Response is getting populated as per your form configuration.
This can be verified from the payload field on activity details once the webhook is called.
Ref : http://developers.marketo.com/webhooks/
Now we need to verify the response and accept once the status is true. for the same we need to do a Response Mapping and create a workflow.
Here we mapped the google reCAPTCHA ‘success’ to Marketo field named ‘captchaSuccess’.
Now we need to create a flow to perform operations like add to lead list or send emails etc only if the captchaStatus is ‘true’. captchaStatus is ‘false’ means somebody is trying to hack our systems!.
Final Tip : If captcha Response is getting saved to the form felids please reset it in both the cases. We don’t need any unwanted data to be saved :). Happy Coding!
Reference’s
