I made a public app that is used as an intake form to add cases to our internal software. I want to protect the form from spam and other attacks. Is there a way to add Google reCaptcha or other captcha to a public app?
Hey @Kristofer_Lyon
Retool doesn't currently support direct integration with Google reCAPTCHA or similar tools in public apps. However, you can implement external validation using custom API calls. For better security, handle form submissions on the server side and validate input before processing. You can also explore Retool's input validation options in their documentation. For advanced needs, consider reaching out to Retoolβs support or community forums.
5 Likes
Thanks for reaching out, @Kristofer_Lyon! Let us know if you have any questions about the various workarounds that @WidleStudioLLP mentioned above. 
1 Like
Thanks! I'm assuming I need to (1) add a rest API call, (2) store the credentials in configuration variables as a secret, and (3) add a captcha?
Do I need to add the captcha as a custom component? If I add the captcha code to the retool page as HTML, I won't be able to reference configuration variable secrets, right?
Since I'm protecting a form, is there a way to access the form's submit button with something like Google's reCaptcha requires:
<button class="g-recaptcha"
data-sitekey="reCAPTCHA_site_key"
data-callback='onSubmit'
data-action='submit'>Submit</button>
[Google reCaptcha v3] (reCAPTCHA v3 | Google for Developers)