Moya Google Recaptcha

Google reCAPTCHA is a service from Google that prevents bots (automated systems) from accessing your web application. Mosts bots are malicious in nature, and attempt to spam your site with links to products, or to test for potential exploits.


Moya Google Recaptcha is built in to Moya and may be imported from its Python path as follows:

<import py="moya.libs.recaptcha" />

And installed as follows:

<install name="recaptcha" lib="" />

This library's long name is to reflect the fact that it is packaged by Moya, but the author is Google.


The XML namespace for this library is The XML prefix is assumed to be recaptcha: for the the examples in this document.


To use reCAPTCHA, you will need two keys; a site key which identifies the URL your web application will run on, and a secret key which is used when checking the user's response. You can get both keys by signing up.


This library has the following settings:

sitekey = <SITEKEY>

This should be your site key.

secretkey = <SECRETKEY>

This should be your secret key.


This library supplies a tag called <recaptcha> which should be embedded in a <form> as follows:

<field name="g-recaptcha-response">

When the user fills in the CAPTCHA, it writes a reCAPTCHA response value called g-recaptcha-response to the form (this name can not be changed). You can then check reCAPTCHA response with <verify>, which will return True if the user is likely a human. This may done directly in the form with the following:

<validate-field field="g-recaptcha-response">
    <recaptcha:verify response="value" dst="human"/>
    <fail if="not human">
        CAPTCHA failed. You may be a bot.