- Resource: Assessment
- Event
- TokenProperties
- InvalidReason
- ClassificationReason
- PasswordLeakVerification
- AccountDefenderAssessment
- AccountDefenderLabel
- Methods
Resource: Assessment
A recaptcha assessment resource.
JSON representation |
---|
{ "name": string, "event": { object ( |
Fields | |
---|---|
name |
Output only. The resource name for the Assessment in the format "projects/{project_number}/assessments/{assessment_id}". |
event |
The event being assessed. |
score |
Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic). |
tokenProperties |
Output only. Properties of the provided event token. |
reasons[] |
Output only. Reasons contributing to the risk analysis verdict. |
passwordLeakVerification |
Information about the user's credentials used to check for leaks. This feature is part of the Early Access Program (EAP). Exercise caution, and do not deploy integrations based on this feature in a production environment. |
accountDefenderAssessment |
Assessment returned by account defender when a hashedAccountId is provided. |
Event
JSON representation |
---|
{ "token": string, "siteKey": string, "userAgent": string, "userIpAddress": string, "expectedAction": string, "hashedAccountId": string } |
Fields | |
---|---|
token |
Optional. The user response token provided by the reCAPTCHA client-side integration on your site. |
siteKey |
Optional. The site key that was used to invoke reCAPTCHA on your site and generate the token. |
userAgent |
Optional. The user agent present in the request from the user's device related to this event. |
userIpAddress |
Optional. The IP address in the request from the user's device related to this event. |
expectedAction |
Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise. |
hashedAccountId |
Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret. A base64-encoded string. |
TokenProperties
JSON representation |
---|
{
"valid": boolean,
"invalidReason": enum ( |
Fields | |
---|---|
valid |
Whether the provided user response token is valid. When valid = false, the reason could be specified in invalidReason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment). |
invalidReason |
Reason associated with the response when valid = false. |
createTime |
The timestamp corresponding to the generation of the token. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
hostname |
The hostname of the page on which the token was generated. |
action |
Action name provided at token generation. |
InvalidReason
Enum that represents the types of invalid token reasons.
Enums | |
---|---|
INVALID_REASON_UNSPECIFIED |
Default unspecified type. |
UNKNOWN_INVALID_REASON |
If the failure reason was not accounted for. |
MALFORMED |
The provided user verification token was malformed. |
EXPIRED |
The user verification token had expired. |
DUPE |
The user verification had already been seen. |
SITE_MISMATCH |
The user verification token did not match the provided site key. This may be a configuration error (e.g. development keys used in production) or end users trying to use verification tokens from other sites. |
MISSING |
The user verification token was not present. It is a required input. |
BROWSER_ERROR |
A retriable error (such as network failure) occurred on the browser. Could easily be simulated by an attacker. |
ClassificationReason
Reasons contributing to the risk analysis verdict.
Enums | |
---|---|
CLASSIFICATION_REASON_UNSPECIFIED |
Default unspecified type. |
AUTOMATION |
Interactions matched the behavior of an automated agent. |
UNEXPECTED_ENVIRONMENT |
The event originated from an illegitimate environment. |
TOO_MUCH_TRAFFIC |
Traffic volume from the event source is higher than normal. |
UNEXPECTED_USAGE_PATTERNS |
Interactions with the site were significantly different than expected patterns. |
LOW_CONFIDENCE_SCORE |
Too little traffic has been received from this site thus far to generate quality risk analysis. |
PasswordLeakVerification
Password leak verification info.
JSON representation |
---|
{ "hashedUserCredentials": string, "credentialsLeaked": boolean, "canonicalizedUsername": string } |
Fields | |
---|---|
hashedUserCredentials |
Optional. Scrypt hash of the username+password that the customer wants to verify against a known password leak. A base64-encoded string. |
credentialsLeaked |
Output only. Whether or not the user's credentials are present in a known leak. |
canonicalizedUsername |
Optional. The username part of the user credentials for which we want to trigger a leak check in canonicalized form. This is the same data used to create the hashedUserCredentials on the customer side. |
AccountDefenderAssessment
Account defender risk assessment.
JSON representation |
---|
{
"labels": [
enum ( |
Fields | |
---|---|
labels[] |
Labels for this request. |
AccountDefenderLabel
Labels returned by account defender for this request.
Enums | |
---|---|
ACCOUNT_DEFENDER_LABEL_UNSPECIFIED |
Default unspecified type. |
PROFILE_MATCH |
The request matches a known good profile for the user. |
SUSPICIOUS_LOGIN_ACTIVITY |
The request is potentially a suspicious login event and should be further verified either via multi-factor authentication or another system. |
SUSPICIOUS_ACCOUNT_CREATION |
The request matched a profile that previously had suspicious account creation behavior. This could mean this is a fake account. |
RELATED_ACCOUNTS_NUMBER_HIGH |
The account in the request has a high number of related accounts. It does not necessarily imply that the account is bad but could require investigating. |
Methods |
|
---|---|
|
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fradulent. |
|
Creates an Assessment of the likelihood an event is legitimate. |