Server endpoints can be used as REST API endpoints to run functions such as authentications, database access, and verifications without exposing sensitive data to the client.
In this recipe, an API route is used to verify Google reCAPTCHA v3 without exposing the secret to clients.
- A project with SSR (
output: 'server') enabled
POST endpoint that accepts recaptcha data, then verifies it with reCAPTCHA’s API. Here, you can safely define secret values or read environment variables.
Access your endpoint using
fetch from a client script: