In the IBM APl Connect Developer Portal there are multiple features to manage the security of your developer portal. One of them is using CAPTCHA to add a challenge to certain forms the aim of which is to prevent robots from auto-submitting forms and be able to determine whether a human or robot script is interacting with the developer portal. By default, this is enabled for the forms for the user registration, forgot password and consumer organization invitation and resend invitation forms.
The settings for CAPTCHA can be configured further – by default the challenge is only shown once per session for each configured form. If you want to prompt each time then this can be done in the module settings. Instructions are in the IBM Documentation here https://www.ibm.com/docs/en/api-connect/10.0.x?topic=security-configuring-captcha. Another setting is one where the captcha is added to every form that a user could submit. These kinds of challenges, whilst a fairly effective bot protection device, can be intrusive and can compromise usability. To fine tune the forms which have CAPTCHA enabled further CAPTCHA points can be configured for forms for which security is considered a priority.
In this example I will show you how to add points to enable CAPTCHA on creation of an application.
Configuring CAPTCHA for create application forms.
Applications are created by one of two forms in the developer portal. The first form is one accessed from the Applications view. The second way is a modal form in the plans subscription wizard, which is accessed from selecting the subscribe button on a product plan. A Captcha point will need to be enabled for each.
You need to be logged in as admin or as user with site administration privileges.
Create application form
1. As admin Manage, Configuration, People, CAPTCHA settings.
2. Select the Captcha Points tab.
3. Click “+ Add Captcha Point” button. Enter “application_create_form”, select Challenge type, if using default keep it set as Image. Click Save.
4. Captcha Point form ID “application_create_form” is added and enabled.
5. As a consumer org user, Apps, Create new app
Create application form in the subscription wizard
Repeat above steps but use form ID “modal_application_create_form” for the Captcha Point.
This article is using CAPTCHA as the challenge type, but can equally apply to using a reCAPTCHA challenge – to configure this you need to sign up for a Google API key. If you have such an API Key you can enable that and switch to it.
There is a Captcha Point form id for node_application_form – ignore this it will not enable CAPTCHA for the application create forms.
API Connect Developer Portal Security features https://community.ibm.com/community/user/integration/blogs/chris-dudley1/2022/03/11/api-connect-developer-portal-security-features