Need a server-side API to validate keys, especially the public one

[davemerrill]

Many applications prompt for reCAPTCHA keys, save them, and use them to generate the UI as needed. Ideally we'd be able to validate those keys before accepting them.

We can validate the private key by submitting an empty response to the verification API, and if 'invalid-input-secret' isn't in the 'error-codes' array in the result, the private key is valid. That's a bit indirect, but workable.

However, the verification API doesn't take the public key as a parameter, so it can't be validated that way. Best I've been able to figure out is to use the public key to show the reCAPTCHA UI on the client, and ask the user to confirm that it displayed correctly.

Some server-side way to test that the public key is valid for this domain would be vastly preferable. Ideally we could test both keys at once, without the fake verification step above.

[rowan-m]

Closing super old issues. Please re-raise if still relevant.

[davemerrill]

I'm not working on that project any more, but it still seems pretty relevant to me, for the reasons stated.

[davemerrill]

This issue doesn't appear to be getting any traction. Could someone on the dev team please explain to me what existing techniques there are to procedurally validate the public and private keys before saving them in the above scenario, or why that's not necessary?