Google Recaptcha validation

Hi everybody,

I am building a workflow to get some data from my web forms via Webhook to feed my Mailchimp subscribers account. I am using recaptcha and I wonder whether there is actually a “pipe” already implemented or planned to be implemented in the future. Can you suggest me a workaround?

Thank you very much

Hi @adalmagro , could you do me a favor and let me know the specific operation in Mailchimp you’re trying to perform? If you can link me to the specific section of the Mailchimp API docs and tell me the API operation that corresponds with what you’re trying to do, that would be a huge help!

Hi Dylan, sorry. I did explain myself right. The workflow I am trying to build is one that taking the body from a Webhook, put it on a Mailchimp call. I am filling the body with data from a contact form with recaptcha. My question is whether I could build a middle step between the Mailchimp and the Webhook where I could validate the gtoken from the form and, once it is validated, proceed with the Mailchimp API call.

Hope this clarifies

Hi @adalmagro , yes, that helps. We don’t have a built-in reCAPTCHA validation step, but I put together code that I believe may work on Pipedream. I haven’t tested this, so you may need to adjust it slightly.

I referenced the reCAPTCHA docs and the Node.js server section of this article, so those references may help you, as well.

  1. Add an environment variable in Pipedream named GOOGLE_RECAPTCHA_SECRET_KEY that contains your reCAPTCHA secret key from Google.
  2. Add a Run Node.js code step to your workflow.
  3. Add the following code:
const axios = require("axios")

// See https://pipedream.com/docs/environment-variables/
const secret = process.env.GOOGLE_RECAPTCHA_SECRET_KEY

// https://developers.google.com/recaptcha/docs/verify#api_request
const { data } = await axios({
  method: "POST",
  url: "https://www.google.com/recaptcha/api/siteverify",
  data: {
    secret,
    response: event.body['g-recaptcha-response'],
    remoteip: steps.trigger.event.client_ip,
  }
})

if (!data.success) {
  // End the workflow early if the captcha validation failed. See https://pipedream.com/docs/workflows/steps/code/#end
  $end("Failed captcha verification")
}
  1. When you process the reCAPTCHA data on your website, send the response code you get from Google’s client side library in the g-recaptcha-response property of the HTTP payload in a POST request to Pipedream. That will be accessible in your workflow as event.body['g-recaptcha-response'], which we pass to Google along with your reCAPTCHA secret key and the client IP of the user.

Let me know if that helps.

Hi Dylan

Awesome! Thank you very much. I will try it and let you know.

Hi Dylan, just to let you know it worked! Thank you very much for your support