REST Resource: projects.assessments

Resource: Assessment

A recaptcha assessment resource.

JSON representation 
{
  "name": string,
  "event": {
    object (Event)
  },
  "score": number,
  "tokenProperties": {
    object (TokenProperties)
  },
  "reasons": [
    enum (ClassificationReason)
  ],
  "passwordLeakVerification": {
    object (PasswordLeakVerification)
  }
}
Fields
name

string

Output only. The resource name for the Assessment in the format "projects/{project_number}/assessments/{assessment_id}".
event

object (Event)

The event being assessed.
score

number

Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic).
tokenProperties

object (TokenProperties)

Output only. Properties of the provided event token.
reasons[]

enum (ClassificationReason)

Output only. Reasons contributing to the risk analysis verdict.
passwordLeakVerification

object (PasswordLeakVerification)

Information about the user's credentials used to check for leaks. This feature is part of the Early Access Program (EAP). Exercise caution, and do not deploy integrations based on this feature in a production environment.

Event

JSON representation 
{
  "token": string,
  "siteKey": string,
  "userAgent": string,
  "userIpAddress": string,
  "expectedAction": string
}
Fields
token

string

Optional. The user response token provided by the reCAPTCHA client-side integration on your site.
siteKey

string

Optional. The site key that was used to invoke reCAPTCHA on your site and generate the token.
userAgent

string

Optional. The user agent present in the request from the user's device related to this event.
userIpAddress

string

Optional. The IP address in the request from the user's device related to this event.
expectedAction

string

Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.

TokenProperties

JSON representation 
{
  "valid": boolean,
  "invalidReason": enum (InvalidReason),
  "createTime": string,
  "hostname": string,
  "action": string
}
Fields
valid

boolean

Whether the provided user response token is valid. When valid = false, the reason could be specified in invalidReason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment).
invalidReason

enum (InvalidReason)

Reason associated with the response when valid = false.
createTime

string (Timestamp format)

The timestamp corresponding to the generation of the token.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
hostname

string

The hostname of the page on which the token was generated.
action

string

Action name provided at token generation.

InvalidReason

LINT.IfChange Enum that represents the types of invalid token reasons.

Enums
INVALID_REASON_UNSPECIFIED Default unspecified type.
UNKNOWN_INVALID_REASON If the failure reason was not accounted for.
MALFORMED The provided user verification token was malformed.
EXPIRED The user verification token had expired.
DUPE The user verification had already been seen.
SITE_MISMATCH

The user verification token did not match the provided site key. This may be a configuration error (e.g. development keys used in production) or end users trying to use verification tokens from other sites.
MISSING The user verification token was not present. It is a required input.
BROWSER_ERROR A retriable error (such as network failure) occurred on the browser. Could easily be simulated by an attacker.

ClassificationReason

LINT.IfChange(classification_reason) Reasons contributing to the risk analysis verdict.

Enums
CLASSIFICATION_REASON_UNSPECIFIED Default unspecified type.
AUTOMATION Interactions matched the behavior of an automated agent.
UNEXPECTED_ENVIRONMENT The event originated from an illegitimate environment.
TOO_MUCH_TRAFFIC Traffic volume from the event source is higher than normal.
UNEXPECTED_USAGE_PATTERNS Interactions with the site were significantly different than expected patterns.
LOW_CONFIDENCE_SCORE Too little traffic has been received from this site thus far to generate quality risk analysis.

PasswordLeakVerification

Password leak verification info.

JSON representation 
{
  "hashedUserCredentials": string,
  "credentialsLeaked": boolean,
  "canonicalizedUsername": string
}
Fields
hashedUserCredentials

string (bytes format)

Optional. Scrypt hash of the username+password that the customer wants to verify against a known password leak.

A base64-encoded string.
credentialsLeaked

boolean

Output only. Whether or not the user's credentials are present in a known leak.
canonicalizedUsername

string

Optional. The username part of the user credentials for which we want to trigger a leak check in canonicalized form. This is the same data used to create the hashedUserCredentials on the customer side.

Methods

annotate

 Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fradulent.

create

 Creates an Assessment of the likelihood an event is legitimate.