How to : Configure reCAPTCHA Enforcement on Swift and Admin Pages

How to : Configure reCAPTCHA Enforcement on Swift and Admin Pages

Overview

CAPTCHA is used on Swift Pages to protect the platform from heavy or abnormal traffic.
It helps ensure fair usage of NitroAPI while allowing real users to continue after verification.

NotesCAPTCHA may appear on the
Swift: Result, Detail and content pages.
Search Form: All Search form (Cruise, Hotel and Air) and Fast Sell

Why CAPTCHA Is Triggered

It triggered only during high-traffic periods to protect system performance. Genuine users solve the CAPTCHA once, and the backend verifies it so they can continue normally. Suspicious or abnormal traffic is forced to complete CAPTCHA before requests are processed, reducing abuse and overload.

Site-Preference: SwiftRateLimitConfig

This will impact on both B2B and B2C.
This configuration controls how and when to show CAPTCHA on Swift Pages (Results and Details).
SwiftRateLimitConfig
Info
{
  "captchaType": "recaptcha | turnstile",
  "tokenExpirationInMinutes": 10,
  "captchaSiteKey": "<frontend-key>",
  "captchaChallengeRetries": 2,
  "unblockCaptchaChallengeAfterMins": 5,
  "captchaActivationThresholdPercentage": 70
}

Configuration Explanation 

Setting Name
Setting Name
Explanation
captchaType
CAPTCHA provider used
Defines which CAPTCHA service is shown: Google reCAPTCHA or Cloudflare Turnstile
tokenExpirationInMinutesCAPTCHA trust durationAfter solving CAPTCHA, the user is trusted for 10 minutes and won’t see it again during this time
captchaSiteKey
Frontend display key
Required to show CAPTCHA on the page; without this, CAPTCHA will not appear
captchaChallengeRetriesAllowed failed attemptsUser can fail CAPTCHA up to 2 times before the page is temporarily blocked
unblockCaptchaChallengeAfterMins
Cooldown period
After being blocked, the user must wait 5 minutes (or refresh) to try again
captchaActivationThresholdPercentage
Traffic trigger point
CAPTCHA starts appearing when traffic reaches 70% of the allowed limit
Notes
The CAPTCHA secret key provided by the client and configured in the site preference SwiftRateLimitCaptchaSecretKey

Admin Swift Search Form / OVExplore Search Forms: 

For admin swift search form, no need to set any configuration related to swift rate limit because it directly reads setup from preference SwiftRateLimitConfigB2C.

For B2C Setup of Swift Search Forms / OVExplore Search Forms:

OVExplore configuration should be done by the client in their setup refer B2C setup below.
Notes
window.OVExplore = {
            /*'OVExplore' name should be match with your tag's search-form-settings property. i.e. <ody-search-form search-form-settings="OVExplore"></ody-search-form> */
            preferences: {
                languageId: "1", // Set your Language Id. Default Value : 1
                siteItemId: "41152", // Replace your SIID here.
                sid1: "", // External ref 1
                sid2: "", // External ref 2
                referrer: "",
        SwiftRateLimitConfig: {
          "captchaType": "",
          "captchaSiteKey": ""
      }
            },
            siteSettings: {
                productType: "cruise",
                domain: "ui.odysol.com", // Replace your domain name here.
                numberOfCols: 6 /* This will dynamically divide column based on the passed value & cannot be used with themes. Default value: 3 Min value: 2 Max value: 6*/,
                themeColor: "#FFF|#1b63af|#000|#fff", // specifies primary | secondary| text color | button text color for search form Default value:#0978bd|#8eccf3|#fff|#fff
            },
        };