CAPTCHA Provider
LoginRadius supports multiple CAPTCHA providers to help protect authentication workflows from automated bot attacks, credential abuse, and fraudulent sign-ups. By integrating CAPTCHA challenges into your Login, Registration, and Forgot Password flows, you can significantly improve your app's security posture while maintaining a seamless user experience.
This guide provides a high-level comparison of the three CAPTCHA solutions supported by LoginRadius: Google reCAPTCHA, Tencent CAPTCHA, and hCaptcha. It highlights their benefits, typical use cases, and how they integrate with the LoginRadius platform.
Why CAPTCHA Matters
CAPTCHAs are a foundational layer of identity security. When integrated correctly, they ensure that access points—like login forms, registration pages, and password reset flows—are protected against malicious automation and bot-based abuse.
Here’s why they’re critical to your app’s success:
- Block automated threats: Bots can exploit open endpoints to mass-create accounts or attempt brute-force logins. CAPTCHA stops these at the source.
- Protect customer data and trust: CAPTCHA prevents unauthorized access attempts, protecting users from potential account takeovers.
- Preserve performance during attacks: During credential stuffing or DDoS attacks, CAPTCHA introduces human verification, reducing server load and filtering bad actors.
- Empower developers with flexibility: LoginRadius lets you choose which CAPTCHA provider fits your audience (e.g., global, China-focused, or privacy-first) and where to apply it — Registration, Login, Forgot Password, or all three.
From a developer standpoint, LoginRadius enables you to:
- Configure CAPTCHA within minutes using the Admin Console
- Use either API or JavaScript SDK for dynamic client-side behavior
- Customize language, challenge mode, and fallback options
CAPTCHA is not just a security add-on—it's a proactive defense strategy tailored to your app’s needs and geography. Each supported provider offers a different balance of user experience, privacy, and regional reliability.
Supported CAPTCHA Providers
LoginRadius supports three major CAPTCHA providers, each suited for different use cases and regional needs. This section outlines their core features, benefits, and integration methods to help you decide which one best fits your application's audience and security requirements.
- Google reCAPTCHA
- Tencent CAPTCHA
- hCaptcha
A widely adopted CAPTCHA system offering multiple challenge types (v2 Checkbox, Invisible, and v3 score-based) and broad global reliability.
Use cases
- Global applications requiring frictionless human verification .
- Preference for invisible reCAPTCHA or score-based thresholds (v3).
Features
- Checkbox and Invisible modes.
- Language customization via script URL.
- Admin Console integration and API support.
Integration
- Use the Site Key and Secret Key in the LoginRadius Admin Console.
- Apply to specific APIs like Login, Registration, Forgot Password.
- Reference: Google reCAPTCHA Documentation.
A CAPTCHA solution popular in China, offering strong performance and compatibility in local regions. Best used when targeting users within mainland China.
Use cases
- Applications with Chinese user base.
- Fallback CAPTCHA for users where Google services may be restricted.
Features
- Works with or without Google fallback.
- Admin Console configuration.
- Supports Registration, Login, and Forgot Password flows.
Integration
- Requires App ID and Secret Key from Tencent Console.
- Enables region-specific CAPTCHA fallback logic.
- Reference: Tencent CAPTCHA Documentation.
hCaptcha focuses on privacy while providing a secure challenge-response system. It's a good alternative to Google reCAPTCHA for apps concerned about user data privacy.
Use cases
- Apps that prioritize user privacy.
- Need an alternative to reCAPTCHA.
Features
- Supports checkbox and invisible modes.
- Language customization supported.
- Admin Console and JS SDK integration.
Integration
- Requires Site Key and Secret Key.
- Enable on LoginRadius APIs and customize widget per use case.
- Reference: hCaptcha Documentation.
Choosing the Right CAPTCHA Provider
Use this comparison table to evaluate which CAPTCHA solution aligns with your product’s goals—whether it’s global reach, privacy compliance, or regional fallback strategies.
| Feature | Google reCAPTCHA | Tencent CAPTCHA | hCaptcha |
|---|---|---|---|
| Global Support | ✅ | 🌐 China-focused | ✅ |
| Privacy Focus | ❌ | ❌ | ✅ |
| Invisible Challenge | ✅ | ✅ | ✅ |
| Language Customization | ✅ | ✅ | ✅ |
| Admin Console Integration | ✅ | ✅ | ✅ |
| Fallback Support | ❌ | ✅ | ❌ |
| Best For | Global apps | Chinese users | Privacy-first |
Let me know if you want to add tooltips, icons, or links to documentation in this table!
Common Use Cases
CAPTCHA is commonly used to prevent abuse and unauthorized access throughout the authentication lifecycle. Below are practical use cases where CAPTCHA helps enhance security:
- Preventing Automated Account Creation: Blocks bots from mass-registering fake accounts.
- Enhancing Login Security: Protects against credential stuffing attacks and brute-force attempts.
- DDoS Protection: Reduces the impact of denial-of-service attacks by requiring human verification.
- Securing Password Reset Flows: Ensures only legitimate users can initiate password resets.
Troubleshooting
Below are common issues and how to resolve them:
| Error | Cause | Fix |
|---|---|---|
| 403 Forbidden - Invalid API Key | Incorrect Site Key or Secret Key | Ensure the correct keys are configured in the LoginRadius Console. |
| CAPTCHA Verification Failed | Domain mismatch | Verify your CAPTCHA domain matches the one sending the request. |
| CAPTCHA Not Loading | Script errors or incorrect setup | Check browser console and confirm proper script integration. |