Security
These fields are security related and allow you to add elements such as CAPTCHA verification or password reset functions, as well as specific permissions to your form.
Note that only the field-specific parameters will be listed below. Please see here for a list of common parameters to all fields and here for the common configuration elements to all fields.
CAPTCHA
Allows you to add a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) verification code to your form.
- Specific Parameters:
| Field | Description and information |
|---|---|
| Display on One Line | Checkbox; if active, the CAPTCHA control will display the image and the input box on same line. |
| Show Refresh Button | Checkbox; if active, displays a refresh button that allows the user to refresh the CAPTCHA image. Each refresh triggers a server request to get a new image and encryption key. |
| Save to Report | Checking this box automatically saves the value from this Field into the database, under the avtActionForm_Reports table. |
Device Fingerprint
A device fingerprint is a unique code that is generated by using different methods in order to uniquely identify the digital signature of a device when it is using a website. You can use this field if you want a extra layer of security for your device.
- Specific Parameters:
| Field | Description and information |
|---|---|
| Fingerprint Options | By default, all the options are activated and you can exclude one or more if you want to get less information from the device. More information about each option can be found here. |
| Save to Report | Checking this box automatically saves the value from this Field into the database, under the avtActionForm_Reports table. |
Password
This field allows to re/set a password.
- Specific Parameters:
| Field | Description and information |
|---|---|
| Initial Value | Define the initial value with which the field will be loaded; it can be the old password or a default password for example. |
| Confirmation Of | You can use two "Password" fields in order to confirm a set password. This parameter will automatically compare the two. Simply choose the field to compare against from the drop-down list. |
| Display Show/Hide Password Control | Checking this option allows the form user to see the password in clear txt by clicking a button - "👁". |
| Save to Report | Checking this box automatically saves the value from this Field into the database, under the avtActionForm_Reports table. |
Permission Grid
Allows you to define custom, Form-specific roles and permissions.
- Specific Parameters:
| Field | Description and information |
|---|---|
| Roles | Define one role name or ID per line. Special roles "All Users" and "Unauthenticated Users" are also supported. This field supports contextual tokens, such as [RoleName] and Custom Tokens. |
| Permissions | Define one permission name per line. Note that these Permissions do not need to be mapped to anything from the Plant an App site at this stage. The Permissions defined here are given a meaning later, depending on the context in which they are used. |
| Load Permissions | Allows you to load permissions from tokens. The first column (Permission Key) defines VIEW, EDIT, or other permission that you want to load. The second column (Roles) is a comma delimited list of role IDs or role names. It can also be permissions loaded with a LoadPage or LoadModule action. Supports contextual tokens such as [Roles] and Custom Tokens. |
| Save to Report | Checking this box automatically saves the value from this Field into the database, under the avtActionForm_Reports table. |
How to quickly create a Permission Grid for your Form:
- Add a "Permission Grid" field
- Set the Roles (for example:
Registered Users,Subscribers) - Set the Permissions (for example:
View,Edit) - Set Load Permissions (for example:
View for Key,[ViewToken] for Roles) - Add a button with an "
Update Page" action and set similar permissions on the action, just like on the previous step.
reCAPTCHA
Use Google's "reCAPTCHA" in order to detect abusive traffic on your website and prevent spam form submissions from being executed by bots.
Note that you will need to sign up for an API key pair for your site in order to be able to use it.
- Specific Parameters:
| Field | Description and information |
|---|---|
| Invisible Recaptcha | Check to make the reCAPTCHA invisible for human form users. Note that the Secret key and Site key (see below) are different for invisible reCAPTCHA. |
| API Site Key | Provided by Google upon signing up. Please see here for more information. |
| API Secret Key | Provided by Google upon signing up. Please see here for more information. |
reCAPTCHA V3
The reCAPTCHA V3 action integrates Google reCAPTCHA to help you detect abusive traffic on your forms without user friction. Unlike traditional CAPTCHAs, reCAPTCHA V3 works in the background and provides a score that informs you of the likelihood that the form submission was generated by a bot.
Typical Use Cases
- Automatically identify and block suspected bot traffic.
- Monitor form submissions to identify suspicious patterns while allowing most users to submit without friction.
- Implement additional security measures based on the likelihood calculated by reCAPTCHA V3 scores.
Input Parameter Reference
| Parameter | Description | Supports Tokens | Default | Required |
|---|---|---|---|---|
| API Site Key | This is the public Google API Site Key assigned to your site. | No | None | Yes |
| API Secret Key | This is the private key to validate with Google reCAPTCHA. | No | None | Yes |
| Module Language Code | Localization for the reCAPTCHA module. If empty, the current portal culture is used. | Yes | None | No |
Output Parameters Reference
| Parameter | Description |
|---|---|
| <FieldName> | Contains the reCAPTCHA submission token. |
| <FieldName>:Score | A value between 0.0 and 1.0 indicating the likelihood of the submission being from a human. |
| <FieldName>:Action | Always returns submit and is reserved for future development. |
Typical reCAPTCHA v3 Score Ranges
- 0.9 – 1.0 (Very likely human): Safe to allow submissions without any additional friction.
- 0.7 – 0.89 (Likely human): Still very safe; typically allowed silently and monitored lightly.
- 0.5 – 0.69 (Uncertain/mixed signals): Could be a rushed human or suspicious activity; consider extra validation.
- 0.3 – 0.49 (Suspicious): Strong bot-like patterns; consider blocking or requiring fallback CAPTCHA.
- 0.0 – 0.29 (Very likely bot): Almost always blocked outright due to reliable bot detection.
Integration with Forms
It is crucial to understand that reCAPTCHA V3 does not automatically prevent form submission. Instead, it provides a score that indicates the probability of a bot submission. The responsibility to use this score to decide whether to accept, challenge, or deny submissions falls upon the developer.
Developer Responsibility
Developers should evaluate the score provided and decide on the course of action, such as logging suspicious activities, triggering additional validations for uncertain scores, or outright blocking submissions with low scores.
Revised 02/06/2026