Lightweight Java Bindings for reCAPTCHA V2. See Verifying the user's response | reCAPTCHA | Google Developers. Why lightweight? Provides a minimalist API and imposes no transitive dependencies on its user, except for SLF4J.

• Get a public and a secret API key from Google.
• Set up your client side to display the reCAPTCHA V2 widget, containing the public API key, as described here.
• Send the response token to your server.

Add the latest stable version to the dependency management tool of your choice.

<dependency>
    <groupId>de.triology.recaptchav2-java</groupId>
    <artifactId>recaptchav2-java</artifactId>
    <version>1.0.2</version>
</dependency>

You can also get snapshot versions from our snapshot repository (for the most recent commit on develop branch). To do so, add the following repo to your pom.xml or settings.xml:

<repository>
    <id>snapshots-repo</id>
    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
    <releases><enabled>false</enabled></releases>
    <snapshots><enabled>true</enabled></snapshots>
</repository>

On your server:

• Create a new instance of ReCaptcha,
• passing the reCAPTCHA private API key (the one beloging to the public key used in your client code to generate the response).
• Then validate the token sent by the client, you'll receive a boolean response.

It's as simple as that.

String response = "03AEHxwuyM-dll21GpJuJ65tGT6SVEvQEO3tvLfyxbbgBCaSdOLRQBT4Py-jMjGxplhE1wo7nn7Y6zRNgqUufFTnYDdqzYDTupfZkgx0LppSC3_eBKkODMopBaSBeeGMlt_wzkqWes5tAo34t2LmS0fGdwsE_feGJ_NsrB29NsUNAO78FGyL5DpL7f8K5dnh9Q_6QiN5Qg0MapUEu2w30r-GOI7MfVDMF7qk7wDwbM8uZmoIMn8AenNVKsZY0yEP6ghGVTBhtFvBVaD6jiHXeKztnAX1oLAvPa0jh9sJe20Dwk4jtmuemWKLI";
String secret = "sMSd8L8jlFrKGHdtbXePOphPfhJO_oA4A0sfvw0i";

new ReCaptcha(secret).isValid(response);

For trying out, see TestServer. Run it with these env vars

• SECRET
• SITE_KEY
• PORT

In case there are not technical problems Recaptcha.isValid() always returns a boolean. Otherwise a ReCaptchaException is thrown. If you need insight into the underlying HTTP traffic you best set the log level of all loggers de.triology.recaptchav2java to TRACE using your favorite SLF4J implementation.