Was this helpful?
How to solve reCAPTCHA Enterprise V2 on app.oneassembly.com
Technical engineer
Introduction
This guide is for developers who are automating authentication on https://app.oneassembly.com, a site protected by Auth0 and reCAPTCHA Enterprise V2.
If you are facing the ERROR_CAPTCHA_UNSOLVABLE error, do not understand how to pass session parameters, or are receiving tokens that the target site rejects, this article is for you.
Prerequisites: understanding of HTTP requests, REST API structure, and basic command line or curl/Postman skills.
General Information
About reCAPTCHA Enterprise V2
reCAPTCHA Enterprise is an extended version of Google reCAPTCHA for business-critical scenarios. Key differences from standard v2:
- Requires passing the
enterprise=1parameter or using a special task type - Supports additional parameters:
action,data-s,apiDomain,enterprisePayload - Often used on pages with enhanced protection, including Auth0-based authentication
Auth0 Session Features
Auth0-based login pages generate unique URLs with a state parameter, for example:
https://login.oneassembly.com/u/login?state=hKFo2SB1MTFkY2IyWnN6cEtwMVZ5WkloWlFCTXJvNlc0VXp1VKFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIEdWTDZIeElIU0RGZHV6SG9NMWpVdk1wMmM3Q1R0bjNSo2NpZNkgSnNOTlAwM3pxTDZVQUJjZHlncXFhczZySlpTdmduNzYThis parameter binds the session to a specific browser and IP. If you pass the base URL (https://app.oneassembly.com) to the solver, it will not see the captcha form and will return ERROR_CAPTCHA_UNSOLVABLE.
Key takeaway: always pass the full dynamic URL with all session parameters in websiteURL.
Environment Setup
What You Will Need
- API key from your 2Captcha account dashboard
- HTTP request tool: curl, Postman, httpie, or any programming language
- Access to the target page: ability to open
https://app.oneassembly.comand follow the redirect tologin.oneassembly.com
Getting Your API Key
- Register on 2captcha.com
- Go to your account settings
- Copy your API key
- For security, store the key in an environment variable or secrets manager
bash
# Example of saving the key (Linux/macOS)
export APIKEY_2captcha.com=your_key_herePage Analysis
Step 1. Open the Login Page
Go to the starting URL: https://app.oneassembly.com. You will be automatically redirected to login.oneassembly.com with a state parameter.
Step 2. Open Developer Tools
Press F12, go to the Network tab. Refresh the page and find the request to anchor (loading the reCAPTCHA widget).
Step 3. Extract Parameters
In the anchor request, find the following parameters:
| Parameter | Where to Find | Example Value |
|---|---|---|
websiteKey (sitekey) |
Query string of the anchor request | 6LeSRLUpAAAAAFjsCw4WqcgzM6imNrz2rSS4l_I1 |
websiteURL |
Address bar after redirect | Full URL with state parameter |
apiDomain |
Query string (optional) | www.recaptcha.net |
Important: the data-s parameter is not required for this case, but if it appears in enterprisePayload, you should pass it as well.
Implementation
Creating a Task: RecaptchaV2EnterpriseTaskProxyless
This task type works for most cases. 2Captcha uses its own proxy pool to solve the captcha.
Endpoint: https://api.2captcha.com/createTask
Method: POST
Content-Type: application/json
Example Request for oneassembly.com:
json
{
"clientKey": "YOUR_API_KEY",
"task": {
"type": "RecaptchaV2EnterpriseTaskProxyless",
"websiteURL": "https://login.oneassembly.com/u/login?state=hKFo2SAyc2M1dldxTjhMS19TYV9kb2MxM0hCdjJ6MWdWbXZ5dqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHdFREliaWgyRXNzSkFsUjVvcHFyVllnYU5sVHp4bHhUo2NpZNkgSnNOTlAwM3pxTDZVQUJjZHlncXFhczZySlpTdmduNzY",
"websiteKey": "6LeSRLUpAAAAAFjsCw4WqcgzM6imNrz2rSS4l_I1",
"isInvisible": false,
"enterprisePayload": {}
}
}Creating a Task with Proxy: RecaptchaV2EnterpriseTask
Use this type if IP matching between your request and the request to Google is required (for example, for services like Google Search).
json
{
"clientKey": "YOUR_API_KEY",
"task": {
"type": "RecaptchaV2EnterpriseTask",
"websiteURL": "https://login.oneassembly.com/u/login?state=hKFo2SAyc2M1dldxTjhMS19TYV9kb2MxM0hCdjJ6MWdWbXZ5dqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHdFREliaWgyRXNzSkFsUjVvcHFyVllnYU5sVHp4bHhUo2NpZNkgSnNOTlAwM3pxTDZVQUJjZHlncXFhczZySlpTdmduNzY",
"websiteKey": "6LeSRLUpAAAAAFjsCw4WqcgzM6imNrz2rSS4l_I1",
"isInvisible": false,
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
"cookies": "session_id=abc123; auth_token=xyz789",
"proxyType": "http",
"proxyAddress": "1.2.3.4",
"proxyPort": 8080,
"proxyLogin": "user23",
"proxyPassword": "p4$w0rd"
}
}Getting the Result
After creating the task, use the taskId from the response to poll for the result.
Endpoint: https://api.2captcha.com/getTaskResult
Method: POST
Example Request:
json
{
"clientKey": "YOUR_API_KEY",
"taskId": 74455221488
}Example Successful Response:
json
{
"errorId": 0,
"status": "ready",
"solution": {
"gRecaptchaResponse": "03ADUVZw...UWxTAe6ncIa",
"token": "03ADUVZw...UWxTAe6ncIa"
},
"cost": "0.00299",
"ip": "1.2.3.4",
"createTime": 1692863536,
"endTime": 1692863556
}Using the Token
Pass the received token to the target site in the g-recaptcha-response form field or use it in a request via a callback function, depending on the frontend implementation.
Parameter Explanations
RecaptchaV2EnterpriseTaskProxyless Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type |
String | Yes | RecaptchaV2EnterpriseTaskProxyless or RecaptchaV2EnterpriseTask |
websiteURL |
String | Yes | Full URL of the captcha page, including all session parameters |
websiteKey |
String | Yes | reCAPTCHA sitekey, extracted from the data-sitekey attribute or k parameter in API requests |
enterprisePayload |
Object | No | Additional parameters for grecaptcha.enterprise.render, for example {"s": "value"} |
isInvisible |
Boolean | No | true for the invisible captcha version (without checkbox) |
userAgent |
String | No | Browser User-Agent that will load the captcha |
cookies |
String | No | Cookies in key1=val1; key2=val2 format, passed to the worker browser |
apiDomain |
String | No | Domain for loading the captcha: google.com or recaptcha.net |
Proxy Parameters (RecaptchaV2EnterpriseTask Only)
| Parameter | Type | Required | Description |
|---|---|---|---|
proxyType |
String | Yes | Proxy type: http, socks4, socks5 |
proxyAddress |
String | Yes | Proxy IP address or hostname |
proxyPort |
Integer | Yes | Proxy port |
proxyLogin |
String | No | Login for basic authentication |
proxyPassword |
String | No | Password for basic authentication |
Test Sandbox
Before integrating into production, test your requests in the 2Captcha sandbox. This lets you verify request format without spending balance.
Common Errors
| Error | Likely Cause | Solution |
|---|---|---|
ERROR_CAPTCHA_UNSOLVABLE |
Base URL passed instead of full URL with state | Use the full URL from the address bar after Auth0 redirect |
ERROR_WRONG_USER_KEY |
Invalid API key | Check the key in your account settings on 2captcha.com |
ERROR_ZERO_BALANCE |
Insufficient account balance | Top up your balance or check limits |
ERROR_IP_NOT_ALLOWED |
Request from unauthorized IP | Add the IP to the allowlist in your API key settings |
| Token not accepted by site | User-Agent mismatch, incorrect token submission method, or missing proxy | Use the same User-Agent as in the browser, add a residential proxy in the required location, solve the captcha manually and check how the token is sent |
Feedback on Solving Results
After receiving the token and verifying it on the target site, it is recommended to send feedback. This helps improve recognition quality and in some cases get refunds for incorrect solutions.
If the Site Rejected the Solution (Incorrect Token)
Send a POST request to the reportIncorrect endpoint:
Endpoint: https://api.2captcha.com/reportIncorrect
Method: POST
Content-Type: application/json
Example Request:
json
{
"clientKey": "YOUR_API_KEY",
"taskId": 74455221488
}Example Response:
json
{
"errorId": 0,
"status": "success"
}Important: do not use this method if your success rate is close to 0 percent. This may indicate an error in your code, not in the captcha solutions.
If the Site Accepted the Solution (Correct Token)
Send a POST request to the reportCorrect endpoint:
Endpoint: https://api.2captcha.com/reportCorrect
Method: POST
Content-Type: application/json
Example Request:
json
{
"clientKey": "YOUR_API_KEY",
"taskId": 74455221488
}Example Response:
json
{
"errorId": 0,
"status": "success"
}Refund Policy
- Each case is reviewed individually
- For standard captchas, the correctness of the response is checked
- For token based captchas, worker statistics are analyzed
- Refunds are not guaranteed for every complaint
- The final refund amount may differ from the number of claims
Send reports honestly and only after real verification on the target site.
Additional Resources
- Sandbox: activate sandbox - interface for testing API requests without writing code
- API Documentation: reCAPTCHA V2 Enterprise - full endpoint and parameter specification
- Code Examples on GitHub: 2captcha-python repository - SDK and integration examples
- Support: create a ticket - contact support for technical questions
Pre-Launch Checklist
- API key obtained and verified from 2captcha.com account dashboard
- Current
websiteKeyextracted from thelogin.oneassembly.compage - Full dynamic URL with state parameter passed in
websiteURL - User-Agent in requests matches the browser
- Error handling and logging implemented
- Reporting via
reportIncorrect/reportCorrectconfigured
Conclusion
Solving reCAPTCHA Enterprise V2 on Auth0 pages requires attention to detail: dynamic session parameters, correct API flags, and environment consistency. The key success factor is passing the full URL with the state parameter in the websiteURL field.
Use task type RecaptchaV2EnterpriseTaskProxyless for most scenarios or RecaptchaV2EnterpriseTask if IP matching is required. Do not forget to send feedback via reportIncorrect and reportCorrect, this helps improve service quality and get refunds for incorrect solutions.
By following this guide, you will be able to reliably obtain working tokens and integrate captcha solving into your projects on 2Captcha.