ReCaptcha API 2.0 has been released.

The other day, doing the next implementation of reCaptcha for one of the projects, faced with a small problem in displaying several security images on 1 page using AJAX, I once again went to the official reCaptcha page and found that the documentation differs significantly from previous versions .
Using the search it became clear - “recaptcha 2.0” came out to the world with an updated API and visualization, as well as a number of other “buns”, which I will discuss in this article.

In the New version of reCaptcha, or as it should now be called “gCaptcha”, the visual interface CAPTCHA for web applications and the algorithm for interacting with the validation service (API) have undergone significant changes. The “security images” themselves have not changed significantly (visually).
At the moment, there is also no (I could not find) information about the “official release” of reCaptcha2, and on the landing page of the project weighs the proud “ coming soon ”.

New reCaptcha 2 interface

One of the major changes that we encounter almost immediately when familiarizing ourselves with reCaptcha2 is the new interface for creating a security image.
The interface has been significantly reworked - now it is displayed as a small widget with an improvised “I'm not a robot” checkbox, with a click on which the user is prompted to unravel the image.

If you successfully solve the image, the captcha will take the following form:

In case of unsuccessful guessing of the image, captcha will notify about it, which is a significant improvement - the user will not need to reload the page several times. Captcha also notifies of failure in case of expiration of the session time.
You can watch reCaptcha2 live on a demo page from Google .

New API

Together with the new interface reCaptcha2, the new algorithm for implementing and interacting with the remote API is also used for interaction.
The keys to use reCaptcha2 on your sites can be obtained in the new interface (google authorization is required):

The algorithm of private and public key, which in this version is called as “secret key” and “key”, respectively, is still used. A significant change is that the key in reCaptcha2 cannot be global - now every domain on which you plan to use reCaptcha2 must be specified in the settings. For localhost and 127.0.0.1 captcha will work without specifying a domain.
With the new api, injecting captcha into the body of the page is a matter of 2 lines of code (* an example of a simple implementation):

<script src="https://www.google.com/recaptcha/api.js" async defer></script> <div class="g-recaptcha" data-sitekey="your_site_key"></div> 

Despite this, api has a fairly large set of functions for different variations of reCaptcha2 unloading and setting its visualization (display by callback, styling, and others).
The API for validating user interaction with captcha has also changed. At once I want to note that the previously used standard post field - recaptcha_response_field now referred to as g-recaptcha-response . API itself now returns the result of the test in JSON format, which in fact cannot but rejoice. The request for validation with submit`e form with captcha should look like this:
www.google.com/recaptcha/api/siteverify?secret=your_secret&response=response_string&remoteip=user_ip_address

where, respectively, secret is the private key (secret key), response is the result of the user's response (post.g-recaptcha-response), remoteip is the user's ip-address (optional). The result of processing on this URL will be returned in JSON format:

 { "success": true|false, "error-codes": [...] } 

as a result, the captcha validation will be executed in 1 line (json_decode; object-> success).
Documentation: look at google
')

Other "Futures"

In addition to the above described in the personal office of reCaptcha2, there are “templates” of statistics that will later allow you to analyze the behavior of your users related to solving a captcha. Also available are statistics on the "spam index" and other ryushechkakh, it is not clear to me yet what they are intended for (apparently for notifying you of an up / down trend with the number of captcha guesses on the site).
In reCaptcha2, algorithms for people with disabilities are also saved - captcha playing and mp3 downloading is available.

Related Links:

• Official landing page reCaptcha2
• Personal account reCaptcha2
• ReCaptcha2 documentation

Ps - for colleagues who are interested in php, I will attach a link to the ready-made library using a simplified (although much easier?) Using reCaptcha2: github / google