Was this helpful?

How to bypass reCAPTCHA v3 Enterprise

01.06.2026

Gregory Fisher

Technical engineer

Introduction

If you work in automation, web scraping, or testing web applications, you have probably run into reCAPTCHA v3 Enterprise. This is not the kind of CAPTCHA where you click a checkbox or pick out traffic lights in images. Everything happens in the background: the script collects data about user behavior, analyzes browser fingerprints and network context, then outputs a trust score between 0.0 and 1.0. If the score falls below the threshold set by the site owner, access is denied or an additional challenge appears.

For developers, this creates real headaches. Tokens live for about two minutes. If there is even a slight mismatch between the environment where the token was generated and the environment of the final request, the site rejects the solution. And critically, the Enterprise version uses a different execution method and verifies through Google Cloud API, not the standard reCAPTCHA endpoint.

This guide walks through solving reCAPTCHA v3 Enterprise using 2Captcha. Let me flag the key point upfront: for v3, 2Captcha only supports the RecaptchaV3TaskProxyless task type. You cannot pass proxy or userAgent parameters into the task. This is not a platform limitation but a consequence of how Google's risk assessment algorithm works. When a token is generated through an external proxy network or with a mismatched browser header, the trust score drops sharply and the site rejects the solution. That is why 2Captcha processes all v3 tasks through its own infrastructure, and you configure proxies and headers in your own code when sending the final request.

How to Tell Enterprise Apart from Standard v3

In practice, you can identify the CAPTCHA version in about a minute. Open the target page, hit F12, switch to the Network tab, and filter by recaptcha. If you see enterprise.js in the requests, you are looking at the Enterprise version.

You can also check the page source for the script include:

html Copy

<!-- Standard v3 -->
<script src="https://www.google.com/recaptcha/api.js?render=SITEKEY"></script>

<!-- Enterprise v3 -->
<script src="https://www.google.com/recaptcha/enterprise.js?render=SITEKEY"></script>

Another tell is the JavaScript execution method. Standard v3 uses grecaptcha.execute(), while Enterprise calls grecaptcha.enterprise.execute().

Required Parameters for a 2Captcha Task

Submitting a task to the 2Captcha API requires a basic set of fields. Extra parameters like proxy, cookies, or userAgent are not accepted for v3 tasks—the platform ignores them intentionally to avoid degrading the trust score.

Parameter	Description	Example
type	Always RecaptchaV3TaskProxyless	RecaptchaV3TaskProxyless
websiteURL	Full URL of the page containing the CAPTCHA	https://target-site.com/login
websiteKey	The data-sitekey value from page markup	6Lel38UnAAAAAMRwKj9qLH2Ws4Tf2uTDQCyfgR6b
minScore	Minimum trust score you are willing to accept	0.9
isEnterprise	Must be true for Enterprise version	true

You can optionally include pageAction if the target site requires an exact action name match, and apiDomain if the script loads from recaptcha.net instead of google.com. Everything else is ignored by design.

How to Find the Sitekey and Action

The sitekey and action usually live right in the page markup. In DevTools → Elements, look for a div with class g-recaptcha:

html Copy

<div class="g-recaptcha" 
     data-sitekey="6Lel38UnAAAAAMRwKj9qLH2Ws4Tf2uTDQCyfgR6b"
     data-action="login"
     data-callback="onVerify">
</div>

Copy the data-sitekey value into websiteKey, and data-action into pageAction.

If the markup is generated dynamically or hidden, a console script can help:

javascript Copy

function findEnterpriseRecaptcha() {
    const results = [];
    
    const scripts = document.querySelectorAll('script[src*="recaptcha"]');
    scripts.forEach(s => {
        if (s.src.includes('enterprise.js')) {
            results.push({ type: 'enterprise', src: s.src });
        }
    });
    
    if (typeof ___grecaptcha_cfg !== 'undefined') {
        Object.entries(___grecaptcha_cfg.clients).forEach(([cid, client]) => {
            const sitekey = client['C']?.['k'] || client['k'];
            const action = client['C']?.['C']?.['action'] || null;
            const isEnterprise = client['C']?.['enterprise'] || false;
            
            if (sitekey) {
                results.push({
                    id: cid,
                    sitekey,
                    action,
                    isEnterprise,
                    version: isEnterprise ? 'v3-enterprise' : 'v3'
                });
            }
        });
    }
    
    return results;
}

console.log(JSON.stringify(findEnterpriseRecaptcha(), null, 2));

Run this script in your browser console on the target page, review the output, and copy the values you need.

Example JSON Request to 2Captcha API

Tasks are submitted to the standard endpoint {api-docs}. Here is what a working payload looks like:

json Copy

{
    "clientKey": "YOUR_API_KEY",
    "task": {
        "type": "RecaptchaV3TaskProxyless",
        "websiteURL": "https://target-site.com/login",
        "websiteKey": "6Lel38UnAAAAAMRwKj9qLH2Ws4Tf2uTDQCyfgR6b",
        "minScore": 0.9,
        "pageAction": "login",
        "isEnterprise": true
    }
}

The response includes a taskId. Poll the status using the corresponding API method at roughly 5-second intervals. When the status becomes ready, extract gRecaptchaResponse from the solution field.

Important: There is no RecaptchaV3Task with custom proxy support for v3. If you need a specific IP for your final request to the target site, configure that in your own client after receiving the token.

Workflow: From Token Retrieval to Request Submission

The process is straightforward and does not require complex orchestration:

Get your API key from the 2Captcha dashboard
Extract the sitekey, action, and target page URL
Submit the task with isEnterprise: true
Poll until status is ready
Grab the token and inject it into your request immediately

The critical detail: do not delay. reCAPTCHA v3 tokens expire in about two minutes. If you wait too long, the site will reject the token as expired.

Python Code Example: SeleniumBase

python Copy

from seleniumbase import SB
import time
import requests

API_KEY = "YOUR_API_KEY"
SITE_KEY = "6Lel38UnAAAAAMRwKj9qLH2Ws4Tf2uTDQCyfgR6b"
PAGE_URL = "https://target-site.com/login"
ACTION = "login"
MIN_SCORE = 0.9

def solve_via_api(sitekey, url, action, min_score=0.9):
    payload = {
        "clientKey": API_KEY,
        "task": {
            "type": "RecaptchaV3TaskProxyless",
            "websiteURL": url,
            "websiteKey": sitekey,
            "minScore": min_score,
            "pageAction": action,
            "isEnterprise": True
        }
    }
    
    task = requests.post(f"https://api.2captcha.com/createTask", json=payload).json()
    task_id = task["taskId"]
    
    while True:
        time.sleep(5)
        result = requests.post(
            f"https://api.2captcha.com/getTaskResult",
            json={"clientKey": API_KEY, "taskId": task_id}
        ).json()
        if result["status"] == "ready":
            return result["solution"]["gRecaptchaResponse"]

with SB(uc=True, headless=False, proxy="residential-proxy:port") as sb:
    sb.open(PAGE_URL)
    time.sleep(3)
    
    print("Solving reCAPTCHA v3 Enterprise...")
    token = solve_via_api(SITE_KEY, sb.get_current_url(), ACTION, MIN_SCORE)
    print(f"Token: {token[:40]}...")
    
    sb.execute_script(f"""
        const field = document.getElementById('g-recaptcha-response') || 
                      document.querySelector('[name="g-recaptcha-response"]');
        if (field) field.value = '{token}';
    """)
    
    sb.click('button[type="submit"], #login-btn, .submit-button')
    time.sleep(5)
    
    if "success" in sb.get_page_source().lower() or sb.get_current_url() != PAGE_URL:
        print("Form submitted successfully")
    else:
        print("Submission may have failed — check score or request context")

Why 2Captcha Does Not Support Proxy or userAgent for v3

Google's algorithm is highly sensitive to the environment in which a token is generated. If the request routes through an external proxy network or the task includes a mismatched userAgent string, the system detects the inconsistency and automatically lowers the trust score. That is why 2Captcha accepts only proxyless tasks for v3. This approach maintains high scores on the generation side. You manage IP addresses and headers at the stage of sending the final request to the target site. The key is to use residential IPs, mask TLS fingerprints, and match the action value exactly.

Common Errors and How to Fix Them

Errors fall into two categories: from the 2Captcha API and from the target site. If you receive ERROR_WRONG_USER_KEY or ERROR_ZERO_BALANCE, verify your key and account balance in the dashboard. ERROR_NO_SLOT_AVAILABLE means all workers are busy; simply retry after 10–15 seconds. On the target site side, the most frequent issue is a token being accepted but access still denied. This usually indicates a low trust score. Fix it by raising minScore to 0.9, ensuring exact pageAction matching, or switching to residential proxies in your client. If you get an Invalid token error, the token likely expired or the action name was misspelled. Sometimes adding a small random delay before sending the request helps mimic human behavior and improves acceptance.

Configuration Recommendations

After working with v3 Enterprise through 2Captcha, a few patterns emerge that save both balance and time. Always use RecaptchaV3TaskProxyless. Do not skip the isEnterprise flag — without it, the token is generated for standard v3 and will fail validation. Extract pageAction precisely; even one extra word in the name can tank the score. Start with minScore 0.1; if the site starts rejecting requests, bump it to 0.9. Always mask your final request to look like a real browser using curl_cffi or Selenium UC Mode. Configure proxies at the stage of sending the token, not in the solver task. Test your logic against Google's demo keys before deploying to production. And keep a log of success rates per domain so you can quickly tune minScore for each target.

Official SDKs

If you prefer not to write raw HTTP requests, 2Captcha offers official SDKs. They are available for Python, Node.js, PHP, Java, C#, Go, and Ruby. Here is what integration looks like in Python:

python Copy

from twocaptcha import TwoCaptcha

solver = TwoCaptcha('YOUR_API_KEY')

result = solver.recaptcha(
    sitekey='6Lel38UnAAAAAMRwKj9qLH2Ws4Tf2uTDQCyfgR6b',
    url='https://target-site.com/login',
    version='v3',
    action='login',
    enterprise=True,
    min_score=0.9
)

token = result['code']
print(f"Solved: {token}")

Repository links: https://github.com/2captcha

Useful Links

2Captcha API Documentation: https://2captcha.com/api-docs
Testing Demo Page: https://2captcha.com/demo/recaptcha-v3-enterprise
Support Center: https://2captcha.com/support/tickets/new

Conclusion

Bypassing v3 Enterprise with 2Captcha comes down to three things: correctly identifying the CAPTCHA version, submitting the task with isEnterprise set to true, and injecting the token without delay. Since proxy and userAgent parameters do not work in v3 tasks, the focus shifts to your side of the stack: residential IPs, TLS fingerprint masking, and exact action matching. Keep these elements under control and CAPTCHAs will solve reliably while your balance lasts longer.

Software

Blog

How-to

Captcha demos