We're Hiring!

Approov Web Protection with Google reCAPTCHA V3


Approov is an API security solution used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app. 

Google reCAPTCHA V3 provides a powerful mechanism to tell humans and bots apart. It uses advanced risk analysis techniques to help you detect abusive traffic from your web app without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score that you can then use in the API backend to choose the most appropriate response for your web app.

The Google reCAPTCHA V3 integration with Approov enables you to use the same simple token check for your backend API endpoints whether a request comes from your mobile or web app. After checking Approov token validity, the included claims can be used to differentiate between requests coming from the mobile or web channels and react differently when that is necessary. If required, the full response from the reCAPTHCA check can be embedded in the Approov token to be used by that logic.

Please follow the Quickstart guide in the repo to learn how to integrate Google reCAPTCHA V3 with Approov into your web app.

If you have any questions around why or how to use Approov in your web app, don’t hesitate to contact us.

Cover Photo by Brett Jordan on Unsplash

Paulo Renato

Paulo Renato is known more often than not as paranoid about security. He strongly believes that all software should be secure by default. He thinks security should be always opt-out instead of opt-in and be treated as a first class citizen in the software development cycle, instead of an after thought when the product is about to be finished or released.