To use reCAPTCHA, you need to sign up for an API key pair for your site. The key pair consists of a site key and secret. The site key is used to display the widget on your site. The secret authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. The secret needs to be kept safe for security purposes.
The API key pair is unique to the domains and first-level subdomains that you specify. Specifying more than one domain could come in handy if you serve your website from multiple top level domains.
For example, if you specify the API key pair to yoursite.com, the following table shows whether or not reCAPTCHA will work for the domain and its subdomain variations. If you specify other domain names or TLDs (for example: anothersite.com, yoursite.net), the same reCAPTCHA conditions apply.
|Specified domain||Website domain||Will reCAPTCHA work?|
If you would like to use "localhost" for development, you must add it to the list of domains.