Creating a Sitekey
A sitekey identifies your website in EU CAPTCHA. You need one sitekey per site (or per environment — staging, production, etc.).
From the dashboard
When you log in for the first time and have no sitekeys, the dashboard shows a Protect your first website modal automatically. Enter your domain and click Create & set up, or click Use a demo sitekey to create a demo sitekey without a real domain. See Dashboard Overview for details.
For subsequent sitekeys, go to the Dashboard and use the Protect your website form above the sitekey list.
Creation form
| Field | Required | Example | Notes |
|---|---|---|---|
| Domain | ✓ | example.com |
Hostname only, no https:// prefix |
| Label | — | Production - Login form |
Optional descriptive name |
Domain validation: The domain must be a valid hostname matching the pattern example.com or sub.example.com. Invalid formats (e.g. https://example.com, example) are rejected with the message: "Please enter a valid domain name (e.g. example.com)."
Click Create Sitekey. On success you see a "Sitekey created!" confirmation with the message "Now add it to your website — it only takes a minute." and a Set up integration button that takes you directly to the Integration tab.
After creation
Once created you are shown a link to the installation instructions for this sitekey. The sitekey detail page provides:
- Public Sitekey — use in the
data-sitekeyattribute of the widget (safe to include in frontend code) - Secret Key — use in server-side token verification; keep this private
Keep the secret key server-side only
Never include the secret key in frontend code, client-side JavaScript, or public repositories. Store it in an environment variable or secrets manager on your server.
Both values are available at any time in the sitekey configuration.
Next steps
- HTML Integration — embed the widget on your site
- Configuration — add more domains, adjust protection settings
- Permissions — share access with team members