Package google.cloud.recaptchaenterprise.v1beta1

Index

RecaptchaEnterpriseServiceV1Beta1

Service to determine the likelihood an event is legitimate.

AnnotateAssessment

rpc AnnotateAssessment(AnnotateAssessmentRequest) returns (AnnotateAssessmentResponse)

Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fradulent.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateAssessment

rpc CreateAssessment(CreateAssessmentRequest) returns (Assessment)

Creates an Assessment of the likelihood an event is legitimate.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

AccountDefenderAssessment

Account defender risk assessment.

Fields
labels[]

AccountDefenderLabel

Labels for this request.

AccountDefenderLabel

Labels returned by account defender for this request.

Enums
ACCOUNT_DEFENDER_LABEL_UNSPECIFIED Default unspecified type.
PROFILE_MATCH The request matches a known good profile for the user.
SUSPICIOUS_LOGIN_ACTIVITY The request is potentially a suspicious login event and should be further verified either via multi-factor authentication or another system.
SUSPICIOUS_ACCOUNT_CREATION The request matched a profile that previously had suspicious account creation behavior. This could mean this is a fake account.
RELATED_ACCOUNTS_NUMBER_HIGH The account in the request has a high number of related accounts. It does not necessarily imply that the account is bad but could require investigating.

AnnotateAssessmentRequest

The request message to annotate an Assessment.

Fields
name

string

Required. The resource name of the Assessment, in the format projects/{project_number}/assessments/{assessment_id}.

annotation

Annotation

Optional. The annotation that will be assigned to the Event. This field can be left empty to provide reasons that apply to an event without concluding whether the event is legitimate or fraudulent.

reasons[]

Reason

Optional. Reasons for the annotation that are assigned to the event.

hashed_account_id

bytes

Optional. Unique stable hashed user identifier to apply to the assessment. This is an alternative to setting the hashed_account_id in CreateAssessment, for example, when the account identifier is not yet known in the initial request. It is recommended that the identifier is hashed using hmac-sha256 with stable secret.

transaction_event

TransactionEvent

Optional. If the assessment is part of a payment transaction, provide details on payment lifecycle events that occur in the transaction.

Annotation

Enum that represents the types of annotations.

Enums
ANNOTATION_UNSPECIFIED Default unspecified type.
LEGITIMATE Provides information that the event turned out to be legitimate.
FRAUDULENT Provides information that the event turned out to be fraudulent.
PASSWORD_CORRECT

Provides information that the event was related to a login event in which the user typed the correct password. Deprecated, prefer indicating CORRECT_PASSWORD through the reasons field instead.

PASSWORD_INCORRECT

Provides information that the event was related to a login event in which the user typed the incorrect password. Deprecated, prefer indicating INCORRECT_PASSWORD through the reasons field instead.

Reason

Enum that represents potential reasons for annotating an assessment.

Enums
REASON_UNSPECIFIED Default unspecified reason.
CHARGEBACK Indicates that the transaction had a chargeback issued with no other details. When possible, specify the type by using CHARGEBACK_FRAUD or CHARGEBACK_DISPUTE instead.
CHARGEBACK_FRAUD Indicates that the transaction had a chargeback issued related to an alleged unauthorized transaction from the cardholder's perspective (for example, the card number was stolen).
CHARGEBACK_DISPUTE Indicates that the transaction had a chargeback issued related to the cardholder having provided their card details but allegedly not being satisfied with the purchase (for example, misrepresentation, attempted cancellation).
REFUND Indicates that the completed payment transaction was refunded by the seller.
REFUND_FRAUD Indicates that the completed payment transaction was determined to be fraudulent by the seller, and was cancelled and refunded as a result.
TRANSACTION_ACCEPTED Indicates that the payment transaction was accepted, and the user was charged.
TRANSACTION_DECLINED Indicates that the payment transaction was declined, for example due to invalid card details.
PAYMENT_HEURISTICS Indicates the transaction associated with the assessment is suspected of being fraudulent based on the payment method, billing details, shipping address or other transaction information.
INITIATED_TWO_FACTOR Indicates that the user was served a 2FA challenge. An old assessment with ENUM_VALUES.INITIATED_TWO_FACTOR reason that has not been overwritten with PASSED_TWO_FACTOR is treated as an abandoned 2FA flow. This is equivalent to FAILED_TWO_FACTOR.
PASSED_TWO_FACTOR Indicates that the user passed a 2FA challenge.
FAILED_TWO_FACTOR Indicates that the user failed a 2FA challenge.
CORRECT_PASSWORD Indicates the user provided the correct password.
INCORRECT_PASSWORD Indicates the user provided an incorrect password.
SOCIAL_SPAM Indicates that the user sent unwanted and abusive messages to other users of the platform, such as spam, scams, phishing, or social engineering.

AnnotateAssessmentResponse

This type has no fields.

Empty response for AnnotateAssessment.

Assessment

A reCAPTCHA Enterprise assessment resource.

Fields
name

string

Output only. The resource name for the Assessment in the format projects/{project_number}/assessments/{assessment_id}.

event

Event

The event being assessed.

score

float

Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic).

token_properties

TokenProperties

Output only. Properties of the provided event token.

reasons[]

ClassificationReason

Output only. Reasons contributing to the risk analysis verdict.

password_leak_verification

PasswordLeakVerification

Information about the user's credentials used to check for leaks. This feature is part of the Early Access Program (EAP). Exercise caution, and do not deploy integrations based on this feature in a production environment.

account_defender_assessment

AccountDefenderAssessment

Assessment returned by account defender when a hashed_account_id is provided.

fraud_prevention_assessment

FraudPreventionAssessment

Assessment returned by Fraud Prevention when TransactionData is provided.

ClassificationReason

Reasons contributing to the risk analysis verdict.

Enums
CLASSIFICATION_REASON_UNSPECIFIED Default unspecified type.
AUTOMATION Interactions matched the behavior of an automated agent.
UNEXPECTED_ENVIRONMENT The event originated from an illegitimate environment.
TOO_MUCH_TRAFFIC Traffic volume from the event source is higher than normal.
UNEXPECTED_USAGE_PATTERNS Interactions with the site were significantly different than expected patterns.
LOW_CONFIDENCE_SCORE Too little traffic has been received from this site thus far to generate quality risk analysis.
SUSPECTED_CARDING The request matches behavioral characteristics of a carding attack.
SUSPECTED_CHARGEBACK The request matches behavioral characteristics of chargebacks for fraud.

CreateAssessmentRequest

The create assessment request message.

Fields
parent

string

Required. The name of the project in which the assessment will be created, in the format projects/{project_number}.

assessment

Assessment

Required. The assessment details.

Event

Fields
token

string

Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site.

site_key

string

Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token.

user_agent

string

Optional. The user agent present in the request from the user's device related to this event.

user_ip_address

string

Optional. The IP address in the request from the user's device related to this event.

expected_action

string

Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.

hashed_account_id

bytes

Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret.

transaction_data

TransactionData

Optional. Data describing a payment transaction to be assessed. Sending this data enables reCAPTCHA Enterprise Fraud Prevention and the FraudPreventionAssessment component in the response.

fraud_prevention

FraudPrevention

Optional. The Fraud Prevention setting for this Assessment.

FraudPrevention

Setting that controls Fraud Prevention assessments.

Enums
FRAUD_PREVENTION_UNSPECIFIED Default, unspecified setting. If opted in for automatic detection, fraud_prevention_assessment is returned based on the request. Otherwise, fraud_prevention_assessment is returned if transaction_data is present in the Event and Fraud Prevention is enabled in the Google Cloud console.
ENABLED Enable Fraud Prevention for this assessment, if Fraud Prevention is enabled in the Google Cloud console.
DISABLED Disable Fraud Prevention for this assessment, regardless of opt-in status or the Google Cloud console settings.

FraudPreventionAssessment

Assessment for Fraud Prevention.

Fields
transaction_risk

float

Probability (0-1) of this transaction being fraudulent. Summarizes the combined risk of attack vectors below.

stolen_instrument_verdict

StolenInstrumentVerdict

Assessment of this transaction for risk of a stolen instrument.

card_testing_verdict

CardTestingVerdict

Assessment of this transaction for risk of being part of a card testing attack.

behavioral_trust_verdict

BehavioralTrustVerdict

Assessment of this transaction for behavioral trust.

BehavioralTrustVerdict

Information about behavioral trust of the transaction.

Fields
trust

float

Probability (0-1) of this transaction attempt being executed in a behaviorally trustworthy way.

CardTestingVerdict

Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details.

Fields
risk

float

Probability (0-1) of this transaction attempt being part of a card testing attack.

StolenInstrumentVerdict

Information about stolen instrument fraud, where the user is not the legitimate owner of the instrument being used for the purchase.

Fields
risk

float

Probability (0-1) of this transaction being executed with a stolen instrument.

PasswordLeakVerification

Password leak verification info.

Fields
hashed_user_credentials

bytes

Optional. Scrypt hash of the username+password that the customer wants to verify against a known password leak.

credentials_leaked

bool

Output only. Whether or not the user's credentials are present in a known leak.

canonicalized_username

string

Optional. The username part of the user credentials for which we want to trigger a leak check in canonicalized form. This is the same data used to create the hashed_user_credentials on the customer side.

TokenProperties

Fields
valid

bool

Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment).

invalid_reason

InvalidReason

Reason associated with the response when valid = false.

create_time

Timestamp

The timestamp corresponding to the generation of the token.

hostname

string

The hostname of the page on which the token was generated.

action

string

Action name provided at token generation.

InvalidReason

Enum that represents the types of invalid token reasons.

Enums
INVALID_REASON_UNSPECIFIED Default unspecified type.
UNKNOWN_INVALID_REASON If the failure reason was not accounted for.
MALFORMED The provided user verification token was malformed.
EXPIRED The user verification token had expired.
DUPE The user verification had already been seen.
SITE_MISMATCH

The user verification token did not match the provided site key. This may be a configuration error (for example, development keys used in production) or end users trying to use verification tokens from other sites.

MISSING The user verification token was not present. It is a required input.
BROWSER_ERROR A retriable error (such as network failure) occurred on the browser. Could easily be simulated by an attacker.

TransactionData

Transaction data associated with a payment protected by reCAPTCHA Enterprise.

Fields
payment_method

string

The payment method for the transaction. The allowed values are:

  • credit-card
  • debit-card
  • gift-card
  • processor-{name} (If a third-party is used, for example, processor-paypal)
  • custom-{name} (If an alternative method is used, for example, custom-crypto)
card_bin

string

The Bank Identification Number - generally the first 6 or 8 digits of the card.

card_last_four

string

The last four digits of the card.

currency_code

string

The currency code in ISO-4217 format.

value

double

The decimal value of the transaction in the specified currency.

shipping_value

double

The value of shipping in the specified currency. 0 for free or no shipping.

shipping_address

Address

Destination address if this transaction involves shipping a physical item.

billing_address

Address

Address associated with the payment method when applicable.

user

User

Information about the user paying/initiating the transaction.

merchants[]

User

Information about the user or users fulfilling the transaction.

items[]

Item

Items purchased in this transaction.

gateway_info

GatewayInfo

Information about the payment gateway's response to the transaction.

transaction_id

string

Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id.

Address

Structured address format for billing and shipping addresses.

Fields
recipient

string

The recipient name, potentially including information such as "care of".

address[]

string

The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.

locality

string

The town/city of the address.

administrative_area

string

The state, province, or otherwise administrative area of the address.

region_code

string

The CLDR country/region of the address.

postal_code

string

The postal or ZIP code of the address.

GatewayInfo

Details about the transaction from the gateway.

Fields
name

string

Name of the gateway service (for example, stripe, square, paypal).

gateway_response_code

string

Gateway response code describing the state of the transaction.

avs_response_code

string

AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).

cvv_response_code

string

CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).

Item

Line items being purchased in this transaction.

Fields
name

string

The full name of the item.

value

double

The value per item that the user is paying, in the transaction currency, after discounts.

quantity

int64

The quantity of this item that is being purchased.

merchant_account_id

string

When a merchant is specified, its corresponding account_id. Necessary to populate marketplace-style transactions.

User

Details about a user's account involved in the transaction.

Fields
account_id

string

Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account.

creation_ms

int64

The epoch milliseconds of the user's account creation.

email

string

The email address of the user.

email_verified

bool

Whether the email has been verified to be accessible by the user (OTP or similar).

phone_number

string

The phone number of the user, with country code.

phone_verified

bool

Whether the phone number has been verified to be accessible by the user (OTP or similar).

TransactionEvent

Describes an event in the lifecycle of a payment transaction.

Fields
event_type

TransactionEventType

Optional. The type of this transaction event.

reason

string

Optional. The reason or standardized code that corresponds with this transaction event, if one exists. For example, a CHARGEBACK event with code 6005.

value

double

Optional. The value that corresponds with this transaction event, if one exists. For example, a refund event where $5.00 was refunded. Currency is obtained from the original transaction data.

event_time

Timestamp

Optional. Timestamp when this transaction event occurred; otherwise assumed to be the time of the API call.

TransactionEventType

Enum that represents an event in the payment transaction lifecycle.

Enums
TRANSACTION_EVENT_TYPE_UNSPECIFIED Default, unspecified event type.
MERCHANT_APPROVE Indicates that the transaction is approved by the merchant. The accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'.
MERCHANT_DENY Indicates that the transaction is denied and concluded due to risks detected by the merchant. The accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'.
MANUAL_REVIEW Indicates that the transaction is being evaluated by a human, due to suspicion or risk.
AUTHORIZATION Indicates that the authorization attempt with the card issuer succeeded.
AUTHORIZATION_DECLINE Indicates that the authorization attempt with the card issuer failed. The accompanying reasons can include Visa's '54' indicating that the card is expired, or '82' indicating that the CVV is incorrect.
PAYMENT_CAPTURE Indicates that the transaction is completed because the funds were settled.
PAYMENT_CAPTURE_DECLINE Indicates that the transaction could not be completed because the funds were not settled.
CANCEL Indicates that the transaction has been canceled. Specify the reason for the cancellation. For example, 'INSUFFICIENT_INVENTORY'.
CHARGEBACK_INQUIRY Indicates that the merchant has received a chargeback inquiry due to fraud for the transaction, requesting additional information before a fraud chargeback is officially issued and a formal chargeback notification is sent.
CHARGEBACK_ALERT Indicates that the merchant has received a chargeback alert due to fraud for the transaction. The process of resolving the dispute without involving the payment network is started.
FRAUD_NOTIFICATION Indicates that a fraud notification is issued for the transaction, sent by the payment instrument's issuing bank because the transaction appears to be fraudulent. We recommend including TC40 or SAFE data in the reason field for this event type. For partial chargebacks, we recommend that you include an amount in the value field.
CHARGEBACK Indicates that the merchant is informed by the payment network that the transaction has entered the chargeback process due to fraud. Reason code examples include Discover's '6005' and '6041'. For partial chargebacks, we recommend that you include an amount in the value field.
CHARGEBACK_REPRESENTMENT Indicates that the transaction has entered the chargeback process due to fraud, and that the merchant has chosen to enter representment. Reason examples include Discover's '6005' and '6041'. For partial chargebacks, we recommend that you include an amount in the value field.
CHARGEBACK_REVERSE Indicates that the transaction has had a fraud chargeback which was illegitimate and was reversed as a result. For partial chargebacks, we recommend that you include an amount in the value field.
REFUND_REQUEST Indicates that the merchant has received a refund for a completed transaction. For partial refunds, we recommend that you include an amount in the value field. Reason example: 'TAX_EXEMPT' (partial refund of exempt tax)
REFUND_DECLINE Indicates that the merchant has received a refund request for this transaction, but that they have declined it. For partial refunds, we recommend that you include an amount in the value field. Reason example: 'TAX_EXEMPT' (partial refund of exempt tax)
REFUND Indicates that the completed transaction was refunded by the merchant. For partial refunds, we recommend that you include an amount in the value field. Reason example: 'TAX_EXEMPT' (partial refund of exempt tax)
REFUND_REVERSE Indicates that the completed transaction was refunded by the merchant, and that this refund was reversed. For partial refunds, we recommend that you include an amount in the value field.