Migrating from reCAPTCHA

Transitioning from Google’s reCAPTCHA to ALTCHA Sentinel allows you to provide a frictionless user experience while upholding the highest privacy standards. This guide outlines the differences and provides a step-by-step path to migration.

Why Switch?

While reCAPTCHA is a common industry standard, it often relies on user-tracking cookies and invasive image puzzles. ALTCHA offers a privacy-first, self-hosted alternative that validates intent without compromising user data.

Key Differences

Feature	reCAPTCHA	ALTCHA Sentinel
User Experience	Often intrusive puzzles	Frictionless PoW (Proof-of-Work)
Privacy	Tracks users across sites	Zero tracking, privacy-focused
Data Sovereignty	Data processed by Google	Self-hosted; you own your data
Accessibility	Can be difficult for screen readers	Fully WCAG-compliant
Compliance	Privacy concerns (GDPR/CCPA)	GDPR, CCPA, HIPAA, LGPD, & PIPL compliant
Limits	Tiered pricing/usage limits	Unlimited usage

---

Implementation Comparison

Previous Implementation (reCAPTCHA)

Previously, you likely relied on an external script and a verification call to Google’s servers.

Frontend: Involved loading an external script from Google’s servers and placing a container element (usually with a data-sitekey) inside your form.

Backend: Required an outgoing HTTP request from your server to Google’s siteverify API, sending your SECRET_KEY and the user’s response token for validation.

New Implementation (ALTCHA)

ALTCHA simplifies this by keeping the logic within your own infrastructure.

Frontend: Simply import the package and add the custom element to your form.

import 'altcha';

<form action="/submit" method="post">
  <altcha-widget challenge="https://your-challenge-url"></altcha-widget>
  <button type="submit">Submit</button>
</form>

For a deep dive into customization, see the Widget Integration guide.

Backend: Verification is performed locally using your server-side secret, removing the need for an external API round-trip to Google.

TypeScript

Dart

PHP

Go

Python

Java

Ruby

Elixir

Rust

C++

Learn more about validating payloads in the Server Integration guide.

Migration Steps

1. Cleanup Dependencies

   • Remove the <script src="...recaptcha/api.js"> tags from your templates.
   • Delete old Google API keys (SITE_KEY and SECRET_KEY) from your environment variables.

2. Deploy Sentinel

   • Set up ALTCHA Sentinel or integrate the challenge generation into your existing backend.

3. Update Your Forms

   • Replace the .g-recaptcha div with the <altcha-widget>.
   • Ensure the challengeurl points to your new challenge endpoint.

4. Update Server-Side Logic

   • Replace the Google siteverify fetch with a local verification check using one of our Server Integration Libraries.

Benefits After Migration

• Performance: Faster page loads by removing heavy external scripts.
• Compliance: Immediate relief from many GDPR/CCPA data-sharing requirements.
• Reliability: No dependency on third-party service uptime for form submissions.

Resources

• Troubleshooting Integration
• Server-Side Libraries
• API Reference