Google Recaptcha V3 has a service limit quota of 1000 calls/second or 1 Million requests/month for the free tier. else if the application exceeds these limits then google Sends a warning to the site owner to migrate to Recaptcha V3 Enterprise.
I've checked the Recaptcha V3 admin panel and it shows some analytics, one of the analytics is "Total requests" and it shows I had around 2 Million requests received.
My questions :
- Does the analytics shown in the Recaptcha V3 admin panel are for requests made using the site_key (to get valid captcha token) or using the Secret_key (to validate captcha token) of reCaptcha?
- does the service limit that google warned me about are regarding the requests made using the Site_key of the Secret_key?
- If the answer to the previous question is "Site_key", then is not it possible for a malicious user to get the site_key from my site and use it maliciously to request for valid captcha token thus I'll exceed my Recaptcha site limits, How to solve this issue?
Thanks.
According to the documentation at https://cloud.google.com/recaptcha-enterprise/pricing, the limitations are the same for 4 kinds of requests:
So looks like "requests made using the site_key (to get valid captcha token)" are "assessments.create". And requests that are "using the Secret_key (to validate captcha token)" are password.check.
So both kinds of requests are under same limit, and both are counted as one request each, so 2 requests total per flow of getting captcha and submitting it.