Chapter 10. Configuring reCAPTCHA for 3scale

This document describes how to configure reCAPTCHA for Red Hat 3scale API Management On-premises to protect against spam.

Prerequisites

  • An installed and configured 3scale On-Premises instance on a supported OpenShift version.
  • Get a site key and the secret key for reCAPTCHA v2. See the Register a new site web page.
  • Add the Developer Portal domain to an allowlist if you want to use domain name validation.

To configure reCAPTCHA for 3scale, perform the steps outlined in the following procedure:

10.1. Configuring reCAPTCHA for spam protection in 3scale

To configure reCAPTCHA for spam protection, you have two options how to patch the secret file that contains the reCAPTCHA. These options are in the OpenShift Container Platform (OCP) user interface or using the command line interface (CLI).

Procedure

  1. OCP 4.x: Navigate to Project: [Your_project_name] > Workloads > Secrets.
  2. Edit the system-recaptcha secret file.

    The PRIVATE_KEY and PUBLIC_KEY from the reCAPTHCA service must be in base64 format encoding. Transform the keys to base64 encoding manually.

Note

The CLI reCAPTCHA option does not require base64 format encoding.

  • CLI: Type the following command:

    oc patch secret/system-recaptcha -p '{"stringData": {"PUBLIC_KEY": "public-key-from-service", "PRIVATE_KEY": "private-key-from-service"}}'

Post-procedure steps

  • Redeploy the system pod after you have completed one of the above options.
  • In the 3scale Admin Portal turn on spam protection against users that are not signed:

    1. Navigate to Audience > Developer Portal > Spam Protection.
    2. Select one of the following options:

      • Always - reCAPTCHA will always appear when a form is presented to a user who is not logged in.
      • Suspicious only - reCAPTCHA is only shown if the automated checks detect a possible spammer.
      • Never - turns off Spam protection.

After system-app has redeployed, the pages that use spam protection on the Developer Portal will show the reCAPTCHA I’m not a robot checkbox.

I’m not a robot

Additional resources

  • See ReCAPTCHA home page for more information, guides, and support.