reCAPTCHA is Google's CAPTCHA service and by far the most widely deployed challenge system on the web. It runs in four distinct modes — v2 checkbox, v2 invisible, v3 score-based, and Enterprise — each with different implementation mechanics, token structures, and solver requirements. This guide breaks down all variants and shows you how to automate around each one.
reCAPTCHA Variants at a Glance
| Variant | User Interaction | Output | Common Use |
|---|---|---|---|
| v2 Checkbox | "I'm not a robot" click, sometimes image grid | g-recaptcha-response token |
Login forms, registration, checkout |
| v2 Invisible | None (triggers automatically) | g-recaptcha-response token |
Form submission, button click |
| v3 | None (behavioral scoring) | Score (0.0–1.0) + token | Page-level fraud scoring |
| Enterprise | None or v2-style (configurable) | Scored token + risk signals | High-stakes flows; Google Cloud billing |
reCAPTCHA v2 — Checkbox and Invisible
How v2 Checkbox Works
The v2 checkbox widget adds a visible "I'm not a robot" checkbox to a form. Google's backend evaluates the interaction — mouse movement, timing, browser signals — and either: - Passes the user immediately (most legitimate users) - Presents an image grid challenge (flagged sessions)
On success, Google issues a g-recaptcha-response token signed to the site's key and the user's IP. This token must be submitted with the form within two minutes or it expires.
Site key: Embedded in the page HTML as data-sitekey="..." on the reCAPTCHA div.
Verification: Server calls https://www.google.com/recaptcha/api/siteverify with the token.
How v2 Invisible Works
Invisible reCAPTCHA has no widget. The site calls grecaptcha.execute() programmatically — usually on form submit — which triggers a silent challenge. The token is delivered via a callback function. From a solver's perspective, the submission process is identical to v2 checkbox.
Solver Support — reCAPTCHA v2
| Solver | v2 Checkbox | v2 Invisible | Success Rate | Avg Solve Time |
|---|---|---|---|---|
| CaptchaAI | ✅ | ✅ | ~97–98% | 8–14s |
| 2Captcha | ✅ | ✅ | ~92–95% | 14–25s |
| Anti-Captcha | ✅ | ✅ | ~91–94% | 12–22s |
| CapSolver | ✅ | ✅ | ~93–96% | 10–18s |
| CapMonster Cloud | ✅ | ✅ | ~88–93% | 12–22s |
| NopeCHA | ✅ | ✅ | ~87–91% | 18–35s |
| DeathByCaptcha | ✅ | ✅ | ~85–90% | 20–40s |
reCAPTCHA v3 — Score-Based
How v3 Works
reCAPTCHA v3 runs silently in the background. It monitors user behavior across the session and produces a risk score from 0.0 (likely bot) to 1.0 (likely human). There is no visible challenge.
The score is generated per "action" — login, purchase, comment — and tied to a Google-issued token. The site passes the token to its server, which verifies it with Google and receives the score plus the action name.
Key difference from v2: The solver cannot simply generate a token; the returned token must be from a session Google considers human enough to score above the site's threshold (typically 0.5 or 0.7). This makes v3 significantly harder to solve reliably. Some solvers use real browser sessions or service accounts to generate credible tokens.
v3 Token Lifetime
v3 tokens expire in 2 minutes, same as v2. However, because v3 is embedded in page load flows, you often need to acquire the token and submit the form in a single automated browser session.
Solver Support — reCAPTCHA v3
| Solver | v3 Support | Typical Score | Avg Solve Time | Notes |
|---|---|---|---|---|
| CaptchaAI | ✅ | 0.7–0.9 | 10–20s | Targets configured score threshold |
| 2Captcha | ✅ | 0.7–0.9 | 15–30s | Set min_score parameter |
| Anti-Captcha | ✅ | 0.7–0.9 | 12–25s | Supports action name parameter |
| CapSolver | ✅ | 0.7–0.9 | 10–20s | Enterprise-aware implementation |
| CapMonster Cloud | ✅ | 0.5–0.7 | 15–25s | Lower minimum score guarantee |
| NopeCHA | ✅ | Varies | 20–40s | Less consistent on v3 |
v3 solve rates depend heavily on the target site's threshold and the quality of the solver's session context. All scores cited are approximate.
reCAPTCHA Enterprise
reCAPTCHA Enterprise is the paid, cloud-billed tier of reCAPTCHA. It replaces the v2/v3 JavaScript tags with an Enterprise-specific SDK and provides richer risk signals to the site operator. From a solver perspective:
- The challenge type is similar to v2 or v3 underneath
- The token contains an Enterprise risk assessment object, not just a pass/fail
- Sites using Enterprise often have tighter score thresholds and more aggressive enforcement
Enterprise deployments are identifiable by the enterprise.js script tag (https://www.google.com/recaptcha/enterprise.js) or the grecaptcha.enterprise.execute() call.
Most major solvers offer a separate Enterprise task type. Pass it when you detect an Enterprise deployment — submitting a standard v2 token to an Enterprise endpoint will fail.
How to Solve reCAPTCHA v2 in Python
import requests
import time
def solve_recaptcha_v2(
api_key: str,
page_url: str,
site_key: str,
invisible: bool = False,
) -> str:
"""
Solve reCAPTCHA v2 (checkbox or invisible) using CaptchaAI.
Returns the g-recaptcha-response token.
"""
payload = {
"key": api_key,
"method": "userrecaptcha",
"googlekey": site_key,
"pageurl": page_url,
"json": 1,
}
if invisible:
payload["invisible"] = 1
r = requests.post("https://ocr.captchaai.com/in.php", data=payload, timeout=30)
r.raise_for_status()
result = r.json()
if result.get("status") != 1:
raise RuntimeError(f"Submit failed: {result}")
task_id = result["request"]
time.sleep(5)
for _ in range(24):
r = requests.get(
"https://ocr.captchaai.com/res.php",
params={"key": api_key, "action": "get", "id": task_id, "json": 1},
timeout=30,
)
data = r.json()
if data.get("status") == 1:
return data["request"]
time.sleep(5)
raise TimeoutError("reCAPTCHA v2 solve timed out")
Finding the Site Key
import re
def extract_recaptcha_sitekey(html: str) -> str | None:
patterns = [
r'data-sitekey=["\']([0-9A-Za-z_\-]{40,})["\']',
r'"sitekey"\s*:\s*"([0-9A-Za-z_\-]{40,})"',
r'grecaptcha\.(?:execute|render)\(["\']([0-9A-Za-z_\-]{40,})["\']',
]
for p in patterns:
m = re.search(p, html)
if m:
return m.group(1)
return None
How to Solve reCAPTCHA v3 in Python
def solve_recaptcha_v3(
api_key: str,
page_url: str,
site_key: str,
action: str = "verify",
min_score: float = 0.7,
) -> str:
"""
Solve reCAPTCHA v3. Returns the scored token.
min_score: requested minimum score (0.3, 0.7, or 0.9).
"""
payload = {
"key": api_key,
"method": "userrecaptcha",
"version": "v3",
"googlekey": site_key,
"pageurl": page_url,
"action": action,
"min_score": min_score,
"json": 1,
}
r = requests.post("https://ocr.captchaai.com/in.php", data=payload, timeout=30)
r.raise_for_status()
result = r.json()
if result.get("status") != 1:
raise RuntimeError(f"Submit failed: {result}")
task_id = result["request"]
time.sleep(8)
for _ in range(24):
r = requests.get(
"https://ocr.captchaai.com/res.php",
params={"key": api_key, "action": "get", "id": task_id, "json": 1},
timeout=30,
)
data = r.json()
if data.get("status") == 1:
return data["request"]
time.sleep(5)
raise TimeoutError("reCAPTCHA v3 solve timed out")
Common Errors and Fixes
ERROR_WRONG_GOOGLEKEY
The site key passed to the solver is incorrect. Extract it from the page at runtime rather than hardcoding.
ERROR_CAPTCHA_UNSOLVABLE
The solver exhausted attempts. For v2, retry up to 3 times. For v3, this can indicate the IP is heavily flagged — consider a proxy.
Token rejected on submission ("invalid-input-response") The token expired. Solve within 2 minutes of form submission. For long page-load flows, solve immediately before the submit step.
v3 token accepted but action blocked (score too low)
The returned score is below the site's threshold. Request a higher min_score from the solver, or switch to a solver with higher v3 performance. CaptchaAI targets 0.7–0.9 by default.
Enterprise token accepted by solver but rejected by site
Ensure you're using the Enterprise task type when the site loads enterprise.js. A standard v2 token will fail Enterprise verification.
When to Use Which Solver
| Scenario | Recommended Solver | Reason |
|---|---|---|
| reCAPTCHA v2, general automation | CaptchaAI | ~97–98% success rate per CaptchaRank benchmark |
| reCAPTCHA v3, score-sensitive flows | CaptchaAI or CapSolver | Best reported v3 score consistency |
| Very high volume (> 50k/day) | 2Captcha | Deep worker pool; battle-tested at scale |
| Lowest cost per solve | CapMonster Cloud | Most competitive pricing on v2 |
| Legacy pipeline (2Captcha format already implemented) | 2Captcha | No code change needed |
Explore More in This Hub
- Best reCAPTCHA v2 Solver — ranked comparison with pricing
- Best reCAPTCHA v3 Solver — scored token providers compared
- CAPTCHA Solver API Integration Guide — language-agnostic patterns
- CAPTCHA Solving in Python: Quick Start — full setup in 30 minutes
- Best CAPTCHA Solvers Ranked — full provider leaderboard
Benchmark data sourced from CaptchaRank live performance monitoring. Success rates reflect current data and are updated as solver performance changes.
