reCaptcha: error code “invalid-keys”

Question

I currently implementing the reCaptcha for an form with HTML and PHP. The client-side solution works without any problems. But the server side fails with the validation.

So here is my server side code:

$data = array(
    "secret" => "MY_SECRET_KEY",
    "response" => $captcha_response,
    "remoteip" => $_SERVER['REMOTE_ADDR']
);
$opts = [
    "http" => [
        "method" => "POST",
        "header" => "Accept-language: en",
        "content" => http_build_query($data)
    ]
];

$context = stream_context_create($opts);

$data = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context), true);

So now when I dump the result I get the following output:

array(4) {
  ["success"]=>
  bool(false)
  ["challenge_ts"]=>
  string(20) "2017-06-22T13:14:50Z"
  ["hostname"]=>
  string(9) "localhost"
  ["error-codes"]=>
  array(1) {
    [0]=>
    string(12) "invalid-keys"
  }
}

I'm sure that the response code will completly send to the PHP script.

I also searched in the API docs, but only find these error codes and nothing matches with invalid-keys .

What did I wrong?

Answer 1

So dumb. I took the secret key from the wrong project from the admin console . The wrong project not white listed localhost , which I needed. Also the website key and the secret key didn't match and this threw the error.

Answer 2

I can confirm, the error-code invalid-keys only returns when an existing, but incorrect account or project secret key is used.

If the secret key is invalid or malformed, an error-code invalid-input-secret will be returned.

In our case, our Wordpress production environment had a plugin that defined a constant we were using with an incorrect secret key from a different account.