Index
RecaptchaEnterpriseServiceV1Beta1(interface)AccountDefenderAssessment(message)AccountDefenderAssessment.AccountDefenderLabel(enum)AnnotateAssessmentRequest(message)AnnotateAssessmentRequest.Annotation(enum)AnnotateAssessmentRequest.Reason(enum)AnnotateAssessmentResponse(message)Assessment(message)Assessment.ClassificationReason(enum)CreateAssessmentRequest(message)Event(message)PasswordLeakVerification(message)TokenProperties(message)TokenProperties.InvalidReason(enum)
RecaptchaEnterpriseServiceV1Beta1
Service to determine the likelihood an event is legitimate.
| AnnotateAssessment |
|---|
|
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fradulent.
|
| CreateAssessment |
|---|
|
Creates an Assessment of the likelihood an event is legitimate.
|
AccountDefenderAssessment
Account defender risk assessment.
| Fields | |
|---|---|
labels[] |
Labels for this request. |
AccountDefenderLabel
Labels returned by account defender for this request.
| Enums | |
|---|---|
ACCOUNT_DEFENDER_LABEL_UNSPECIFIED |
Default unspecified type. |
PROFILE_MATCH |
The request matches a known good profile for the user. |
SUSPICIOUS_LOGIN_ACTIVITY |
The request is potentially a suspicious login event and should be further verified either via multi-factor authentication or another system. |
SUSPICIOUS_ACCOUNT_CREATION |
The request matched a profile that previously had suspicious account creation behavior. This could mean this is a fake account. |
RELATED_ACCOUNTS_NUMBER_HIGH |
The account in the request has a high number of related accounts. It does not necessarily imply that the account is bad but could require investigating. |
AnnotateAssessmentRequest
The request message to annotate an Assessment.
| Fields | |
|---|---|
name |
Required. The resource name of the Assessment, in the format "projects/{project_number}/assessments/{assessment_id}". |
annotation |
Optional. The annotation that will be assigned to the Event. This field can be left empty to provide reasons that apply to an event without concluding whether the event is legitimate or fraudulent. |
reasons[] |
Optional. Optional reasons for the annotation that will be assigned to the Event. |
hashed_account_id |
Optional. Optional unique stable hashed user identifier to apply to the assessment. This is an alternative to setting the hashed_account_id in CreateAssessment, for example when the account identifier is not yet known in the initial request. It is recommended that the identifier is hashed using hmac-sha256 with stable secret. |
Annotation
Enum that represents the types of annotations.
| Enums | |
|---|---|
ANNOTATION_UNSPECIFIED |
Default unspecified type. |
LEGITIMATE |
Provides information that the event turned out to be legitimate. |
FRAUDULENT |
Provides information that the event turned out to be fraudulent. |
PASSWORD_CORRECT |
Provides information that the event was related to a login event in which the user typed the correct password. Deprecated, prefer indicating CORRECT_PASSWORD through the reasons field instead. |
PASSWORD_INCORRECT |
Provides information that the event was related to a login event in which the user typed the incorrect password. Deprecated, prefer indicating INCORRECT_PASSWORD through the reasons field instead. |
Reason
Enum that represents potential reasons for annotating an assessment.
| Enums | |
|---|---|
REASON_UNSPECIFIED |
Default unspecified reason. |
CHARGEBACK |
Indicates that the transaction had a chargeback issued with no other details. When possible, specify the type by using CHARGEBACK_FRAUD or CHARGEBACK_DISPUTE instead. |
CHARGEBACK_FRAUD |
Indicates that the transaction had a chargeback issued related to an alleged unauthorized transaction from the cardholder's perspective (for example, the card number was stolen). |
CHARGEBACK_DISPUTE |
Indicates that the transaction had a chargeback issued related to the cardholder having provided their card details but allegedly not being satisfied with the purchase (for example, misrepresentation, attempted cancellation). |
REFUND |
Indicates that the completed payment transaction was refunded by the seller. |
REFUND_FRAUD |
Indicates that the completed payment transaction was determined to be fraudulent by the seller, and was cancelled and refunded as a result. |
TRANSACTION_ACCEPTED |
Indicates that the payment transaction was accepted, and the user was charged. |
TRANSACTION_DECLINED |
Indicates that the payment transaction was declined, for example due to invalid card details. |
PAYMENT_HEURISTICS |
Indicates the transaction associated with the assessment is suspected of being fraudulent based on the payment method, billing details, shipping address or other transaction information. |
INITIATED_TWO_FACTOR |
Indicates that the user was served a 2FA challenge. An old assessment with ENUM_VALUES.INITIATED_TWO_FACTOR reason that has not been overwritten with PASSED_TWO_FACTOR is treated as an abandoned 2FA flow. This is equivalent to FAILED_TWO_FACTOR. |
PASSED_TWO_FACTOR |
Indicates that the user passed a 2FA challenge. |
FAILED_TWO_FACTOR |
Indicates that the user failed a 2FA challenge. |
CORRECT_PASSWORD |
Indicates the user provided the correct password. |
INCORRECT_PASSWORD |
Indicates the user provided an incorrect password. |
AnnotateAssessmentResponse
Empty response for AnnotateAssessment.
Assessment
A recaptcha assessment resource.
| Fields | |
|---|---|
name |
Output only. The resource name for the Assessment in the format "projects/{project_number}/assessments/{assessment_id}". |
event |
The event being assessed. |
score |
Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic). |
token_properties |
Output only. Properties of the provided event token. |
reasons[] |
Output only. Reasons contributing to the risk analysis verdict. |
password_leak_verification |
Information about the user's credentials used to check for leaks. This feature is part of the Early Access Program (EAP). Exercise caution, and do not deploy integrations based on this feature in a production environment. |
account_defender_assessment |
Assessment returned by account defender when a hashed_account_id is provided. |
ClassificationReason
Reasons contributing to the risk analysis verdict.
| Enums | |
|---|---|
CLASSIFICATION_REASON_UNSPECIFIED |
Default unspecified type. |
AUTOMATION |
Interactions matched the behavior of an automated agent. |
UNEXPECTED_ENVIRONMENT |
The event originated from an illegitimate environment. |
TOO_MUCH_TRAFFIC |
Traffic volume from the event source is higher than normal. |
UNEXPECTED_USAGE_PATTERNS |
Interactions with the site were significantly different than expected patterns. |
LOW_CONFIDENCE_SCORE |
Too little traffic has been received from this site thus far to generate quality risk analysis. |
CreateAssessmentRequest
The create assessment request message.
| Fields | |
|---|---|
parent |
Required. The name of the project in which the assessment will be created, in the format "projects/{project_number}". |
assessment |
Required. The assessment details. |
Event
| Fields | |
|---|---|
token |
Optional. The user response token provided by the reCAPTCHA client-side integration on your site. |
site_key |
Optional. The site key that was used to invoke reCAPTCHA on your site and generate the token. |
user_agent |
Optional. The user agent present in the request from the user's device related to this event. |
user_ip_address |
Optional. The IP address in the request from the user's device related to this event. |
expected_action |
Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise. |
hashed_account_id |
Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret. |
PasswordLeakVerification
Password leak verification info.
| Fields | |
|---|---|
hashed_user_credentials |
Optional. Scrypt hash of the username+password that the customer wants to verify against a known password leak. |
credentials_leaked |
Output only. Whether or not the user's credentials are present in a known leak. |
canonicalized_username |
Optional. The username part of the user credentials for which we want to trigger a leak check in canonicalized form. This is the same data used to create the hashed_user_credentials on the customer side. |
TokenProperties
| Fields | |
|---|---|
valid |
Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment). |
invalid_reason |
Reason associated with the response when valid = false. |
create_time |
The timestamp corresponding to the generation of the token. |
hostname |
The hostname of the page on which the token was generated. |
action |
Action name provided at token generation. |
InvalidReason
Enum that represents the types of invalid token reasons.
| Enums | |
|---|---|
INVALID_REASON_UNSPECIFIED |
Default unspecified type. |
UNKNOWN_INVALID_REASON |
If the failure reason was not accounted for. |
MALFORMED |
The provided user verification token was malformed. |
EXPIRED |
The user verification token had expired. |
DUPE |
The user verification had already been seen. |
SITE_MISMATCH |
The user verification token did not match the provided site key. This may be a configuration error (e.g. development keys used in production) or end users trying to use verification tokens from other sites. |
MISSING |
The user verification token was not present. It is a required input. |
BROWSER_ERROR |
A retriable error (such as network failure) occurred on the browser. Could easily be simulated by an attacker. |