Objective
Use the Google™ reCAPTCHA service to include additional verification in your organization’s appointment booking workflow. This service provides a mechanism for protecting against concerns such as fraudulent activity and spam during the booking flow without any action needed by your clients.
NOTE: The Google™ reCAPTCHA integration is an add-on feature. Please connect with your Customer Success Manager to get started.
Before you begin
A Google™ Cloud project is required to complete the integration. For more information and details on how to set this up based on Coconut requirements, please refer to this article.
Important note:
Only Admins can set up reCAPTCHA for your organization
Important note:
reCAPTCHA Enterprise must be used. reCAPTCHA v3, or any version other than reCAPTCHA Enterprise, will not work correctly.
Important note:
Please enable billing for your Google™ Cloud project. If billing is not set up, and requests exceed the monthly free quota, appointment booking will be blocked. (https://cloud.google.com/recaptcha/quotas)
Steps
To integrate Google™ reCAPTCHA into your organization’s appointment booking workflow:
In Coconut
From the navigation menu, click Settings
From General, click Client View
From Google™ reCAPTCHA Configuration, enter the following values:
Site Key
Created in your Google™ Cloud project
When creating the Site Key, add your Coconut domain(s)
Under reCAPTCHA > Key Details > Edit Key > Domain list:
Enter your organization’s domain(s)
(i.e.) palmshore.coconutsoftware.com
Validation
Google™ reCAPTCHA only accepts requests from registered domains. If they don’t match, Google™ rejects the request. This prevents misuse and ensures only your approved sites can use the key
This screenshot shows a mock setup where an organization’s Coconut domain has been entered
Be sure to include all of your organization’s domains here (including your Coconut domain)
For more information on setting up your Site Key, please refer to this article
NOTE: The Site key is separate from your API Key
API Key
Also created in your Google™ Cloud project
Configure the following restrictions:
Application restrictions
None, or
IP Address with all Coconut IP addresses listed here for the appropriate environment
API restrictions
Don’t restrict key, or
Restrict key with reCAPTCHA Enterprise API selected
This screenshot shows IP Address restrictions configured for the Demo environment
If you are setting up in Production, be sure to replace these with the Production IP addresses listed for your environment
For more information about setting up your API Key and setting up your environment for Google™ reCAPTCHA please refer to this article
Project ID
Your Google™ reCAPTCHA Project ID is required to link Coconut with the correct Google™ Cloud project
This can be found in your Google™ Cloud Console under
Project Info > Project ID
Copy and paste this value into the Project ID field in Coconut
For more information, please refer to this article
Risk Score Threshold
Google™ reCAPTCHA assigns each request a risk score between 0.0 and 1.0
The threshold is inclusive, meaning requests with a score at or above your threshold will be allowed
Behavior by value:
0 → All requests pass (equivalent to not using Google™ reCAPTCHA)
1 → Only perfect scores pass (all others fail)
0.5 → Google™’s recommended starting point, balancing security with accessibility
For more information on interpreting risk scores and assessments, please refer to this article
Test the integration
To test the integration:
Navigate to your organization’s online booking flow (Client View)
Complete the booking workflow, verifying that the Google™ reCAPTCHA icon displays in the bottom right of the page when at the stage of the booking process when you enter your client details
If the appointment saves, Google™ reCAPTCHA is successfully integrated
Unsuccessful integration
If there is an error with Google™ reCAPTCHA configuration, a notification displays on the Your Details step of the client booking flow and the user is unable to successfully book the appointment
Successful integration
The Google™ reCAPTCHA icon displays on the Your Details step of the client booking flow when successfully integrated
Troubleshoot errors
Here are some errors a user may encounter when using Google™ reCAPTCHA:
“Oops! Something went wrong on our end. Please try again later”
This error occurs when there is something wrong on Coconut's end, or when an unexpected error has occurred.
“Unfortunately you cannot book an appointment right now. Please check and try again later”
This error occurs when there is an error with your organization's Google™ reCAPTCHA credentials.
“We've detected unusual activity. Please try again”
This error occurs when Google™ reCAPTCHA thinks that the request is potentially fraudulent/may be a bot. These are the steps involved in this process:
When a user performs a relevant action, Coconut makes a call to Google™ reCAPTCHA
Google™ reCAPTCHA returns a 'risk score' of a value between 0-1 which identifies Google™ reCAPTCHA's confidence level against the user being a bot/malicious
Coconut gives your organization the ability to set a minimum score threshold, which is the minimum risk score that is accepted as valid
If the risk score returned is below this threshold, Coconut returns this error
You can choose to lower this threshold
For more information on Google™ reCAPTCHA, please refer to this Google documentation.
A note on access and visibility
Once enabled, admins can configure Google™ reCAPTCHA by accessing Settings.