google · rowan-m · Mar 19, 2026 · Dec 19, 2022 · Mar 19, 2026
diff --git a/README.md b/README.md
@@ -70,7 +70,7 @@ This library comes in when you need to verify the user's response. On the PHP
 side you need the response from the reCAPTCHA service and secret key from your
 credentials. Instantiate the `ReCaptcha` class with your secret key, specify any
 additional validation rules, and then call `verify()` with the reCAPTCHA
-response (usually in `$_POST['g-recaptcha-response']` or the response from
+response (usually in `$_POST[\ReCaptcha\ReCaptcha::USER_TOKEN_PARAMETER]` or the response from
 `grecaptcha.execute()` in JS which is in `$gRecaptchaResponse` in the example)
 and user's IP address. For example:
 

diff --git a/examples/config.php.dist b/examples/config.php.dist
@@ -1,8 +1,11 @@
 <?php
+
 /**
- * BSD 3-Clause License
+ * BSD 3-Clause License.
+ *
  * @copyright (c) 2019, Google Inc.
- * @link https://www.google.com/recaptcha
+ *
+ * @see https://www.google.com/recaptcha
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31,16 +34,16 @@
  */
 
 return [
-  'v2-standard' => [
-    'site' => '',
-    'secret' => '',
-  ],
-  'v2-invisible' => [
-    'site' => '',
-    'secret' => '',
-  ],
-  'v3' => [
-    'site' => '',
-    'secret' => '',
-  ],
+    'v2-standard' => [
+        'site' => '',
+        'secret' => '',
+    ],
+    'v2-invisible' => [
+        'site' => '',
+        'secret' => '',
+    ],
+    'v3' => [
+        'site' => '',
+        'secret' => '',
+    ],
 ];
diff --git a/examples/recaptcha-v2-checkbox-explicit.php b/examples/recaptcha-v2-checkbox-explicit.php
@@ -82,7 +82,7 @@
     <h2>Add your keys</h2>
     <p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in the <kbd>config.php</kbd> file or directly to <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
     <?php
-} elseif (isset($_POST['g-recaptcha-response'])) {
+} elseif (isset($_POST[ReCaptcha::RESPONSE_KEY])) {
     // The POST data here is unfiltered because this is an example.
     // In production, *always* sanitise and validate your input'
     ?>
@@ -99,7 +99,7 @@
     //  $recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
     // Make the call to verify the response and also pass the user's IP address
     $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-        ->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR'])
+        ->verify($_POST[ReCaptcha::RESPONSE_KEY], $_SERVER['REMOTE_ADDR'])
     ;
 
     if ($resp->isSuccess()) {

diff --git a/examples/recaptcha-v2-checkbox.php b/examples/recaptcha-v2-checkbox.php
@@ -82,7 +82,7 @@
     <h2>Add your keys</h2>
     <p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in the <kbd>config.php</kbd> file or directly to <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
     <?php
-} elseif (!empty($_POST['g-recaptcha-response'])) {
+} elseif (!empty($_POST[ReCaptcha::RESPONSE_KEY])) {
     // The POST data here is unfiltered because this is an example.
     // In production, *always* sanitise and validate your input'
     ?>
@@ -100,7 +100,7 @@
 
     // Make the call to verify the response and also pass the user's IP address
     $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-        ->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR'])
+        ->verify($_POST[ReCaptcha::RESPONSE_KEY], $_SERVER['REMOTE_ADDR'])
     ;
     if ($resp->isSuccess()) {
         // If the response is a success, that's it!

diff --git a/examples/recaptcha-v2-invisible.php b/examples/recaptcha-v2-invisible.php
@@ -82,7 +82,7 @@
     <h2>Add your keys</h2>
     <p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
     <?php
-} elseif (isset($_POST['g-recaptcha-response'])) {
+} elseif (isset($_POST[ReCaptcha::RESPONSE_KEY])) {
     // The POST data here is unfiltered because this is an example.
     // In production, *always* sanitise and validate your input'
     ?>
@@ -100,7 +100,7 @@
 
     // Make the call to verify the response and also pass the user's IP address
     $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-        ->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR'])
+        ->verify($_POST[ReCaptcha::RESPONSE_KEY], $_SERVER['REMOTE_ADDR'])
     ;
     if ($resp->isSuccess()) {
         // If the response is a success, that's it!

diff --git a/src/ReCaptcha/ReCaptcha.php b/src/ReCaptcha/ReCaptcha.php
@@ -56,6 +56,13 @@ class ReCaptcha
      */
     public const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
 
+    /**
+     * User response token parameter name.
+     *
+     * @var string
+     */
+    public const RESPONSE_KEY = 'g-recaptcha-response';
+
     /**
      * Invalid JSON received.
      *