Index
RecaptchaEnterpriseServiceV1Beta1(interface)AccountDefenderAssessment(message)AccountDefenderAssessment.AccountDefenderLabel(enum)AnnotateAssessmentRequest(message)AnnotateAssessmentRequest.Annotation(enum)AnnotateAssessmentRequest.Reason(enum)AnnotateAssessmentResponse(message)Assessment(message)Assessment.ClassificationReason(enum)CreateAssessmentRequest(message)Event(message)FraudPreventionAssessment(message)FraudPreventionAssessment.BehavioralTrustVerdict(message)FraudPreventionAssessment.CardTestingVerdict(message)FraudPreventionAssessment.StolenInstrumentVerdict(message)PasswordLeakVerification(message)TokenProperties(message)TokenProperties.InvalidReason(enum)TransactionData(message)TransactionData.Address(message)TransactionData.GatewayInfo(message)TransactionData.Item(message)TransactionData.User(message)TransactionEvent(message)TransactionEvent.TransactionEventType(enum)
RecaptchaEnterpriseServiceV1Beta1
Service to determine the likelihood an event is legitimate.
| AnnotateAssessment |
|---|
|
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fradulent.
|
| CreateAssessment |
|---|
|
Creates an Assessment of the likelihood an event is legitimate.
|
AccountDefenderAssessment
Account defender risk assessment.
| Fields | |
|---|---|
labels[] |
Labels for this request. |
AccountDefenderLabel
Labels returned by account defender for this request.
| Enums | |
|---|---|
ACCOUNT_DEFENDER_LABEL_UNSPECIFIED |
Default unspecified type. |
PROFILE_MATCH |
The request matches a known good profile for the user. |
SUSPICIOUS_LOGIN_ACTIVITY |
The request is potentially a suspicious login event and should be further verified either via multi-factor authentication or another system. |
SUSPICIOUS_ACCOUNT_CREATION |
The request matched a profile that previously had suspicious account creation behavior. This could mean this is a fake account. |
RELATED_ACCOUNTS_NUMBER_HIGH |
The account in the request has a high number of related accounts. It does not necessarily imply that the account is bad but could require investigating. |
AnnotateAssessmentRequest
The request message to annotate an Assessment.
| Fields | |
|---|---|
name |
Required. The resource name of the Assessment, in the format |
annotation |
Optional. The annotation that will be assigned to the Event. This field can be left empty to provide reasons that apply to an event without concluding whether the event is legitimate or fraudulent. |
reasons[] |
Optional. Reasons for the annotation that are assigned to the event. |
hashed_account_id |
Optional. Unique stable hashed user identifier to apply to the assessment. This is an alternative to setting the |
transaction_event |
Optional. If the assessment is part of a payment transaction, provide details on payment lifecycle events that occur in the transaction. |
Annotation
Enum that represents the types of annotations.
| Enums | |
|---|---|
ANNOTATION_UNSPECIFIED |
Default unspecified type. |
LEGITIMATE |
Provides information that the event turned out to be legitimate. |
FRAUDULENT |
Provides information that the event turned out to be fraudulent. |
PASSWORD_CORRECT |
Provides information that the event was related to a login event in which the user typed the correct password. Deprecated, prefer indicating CORRECT_PASSWORD through the reasons field instead. |
PASSWORD_INCORRECT |
Provides information that the event was related to a login event in which the user typed the incorrect password. Deprecated, prefer indicating INCORRECT_PASSWORD through the reasons field instead. |
Reason
Enum that represents potential reasons for annotating an assessment.
| Enums | |
|---|---|
REASON_UNSPECIFIED |
Default unspecified reason. |
CHARGEBACK |
Indicates that the transaction had a chargeback issued with no other details. When possible, specify the type by using CHARGEBACK_FRAUD or CHARGEBACK_DISPUTE instead. |
CHARGEBACK_FRAUD |
Indicates that the transaction had a chargeback issued related to an alleged unauthorized transaction from the cardholder's perspective (for example, the card number was stolen). |
CHARGEBACK_DISPUTE |
Indicates that the transaction had a chargeback issued related to the cardholder having provided their card details but allegedly not being satisfied with the purchase (for example, misrepresentation, attempted cancellation). |
REFUND |
Indicates that the completed payment transaction was refunded by the seller. |
REFUND_FRAUD |
Indicates that the completed payment transaction was determined to be fraudulent by the seller, and was cancelled and refunded as a result. |
TRANSACTION_ACCEPTED |
Indicates that the payment transaction was accepted, and the user was charged. |
TRANSACTION_DECLINED |
Indicates that the payment transaction was declined, for example due to invalid card details. |
PAYMENT_HEURISTICS |
Indicates the transaction associated with the assessment is suspected of being fraudulent based on the payment method, billing details, shipping address or other transaction information. |
INITIATED_TWO_FACTOR |
Indicates that the user was served a 2FA challenge. An old assessment with ENUM_VALUES.INITIATED_TWO_FACTOR reason that has not been overwritten with PASSED_TWO_FACTOR is treated as an abandoned 2FA flow. This is equivalent to FAILED_TWO_FACTOR. |
PASSED_TWO_FACTOR |
Indicates that the user passed a 2FA challenge. |
FAILED_TWO_FACTOR |
Indicates that the user failed a 2FA challenge. |
CORRECT_PASSWORD |
Indicates the user provided the correct password. |
INCORRECT_PASSWORD |
Indicates the user provided an incorrect password. |
SOCIAL_SPAM |
Indicates that the user sent unwanted and abusive messages to other users of the platform, such as spam, scams, phishing, or social engineering. |
AnnotateAssessmentResponse
This type has no fields.
Empty response for AnnotateAssessment.
Assessment
A reCAPTCHA Enterprise assessment resource.
| Fields | |
|---|---|
name |
Output only. The resource name for the Assessment in the format |
event |
The event being assessed. |
score |
Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic). |
token_properties |
Output only. Properties of the provided event token. |
reasons[] |
Output only. Reasons contributing to the risk analysis verdict. |
password_leak_verification |
Information about the user's credentials used to check for leaks. This feature is part of the Early Access Program (EAP). Exercise caution, and do not deploy integrations based on this feature in a production environment. |
account_defender_assessment |
Assessment returned by account defender when a hashed_account_id is provided. |
fraud_prevention_assessment |
Assessment returned by Fraud Prevention when TransactionData is provided. |
ClassificationReason
Reasons contributing to the risk analysis verdict.
| Enums | |
|---|---|
CLASSIFICATION_REASON_UNSPECIFIED |
Default unspecified type. |
AUTOMATION |
Interactions matched the behavior of an automated agent. |
UNEXPECTED_ENVIRONMENT |
The event originated from an illegitimate environment. |
TOO_MUCH_TRAFFIC |
Traffic volume from the event source is higher than normal. |
UNEXPECTED_USAGE_PATTERNS |
Interactions with the site were significantly different than expected patterns. |
LOW_CONFIDENCE_SCORE |
Too little traffic has been received from this site thus far to generate quality risk analysis. |
SUSPECTED_CARDING |
The request matches behavioral characteristics of a carding attack. |
SUSPECTED_CHARGEBACK |
The request matches behavioral characteristics of chargebacks for fraud. |
CreateAssessmentRequest
The create assessment request message.
| Fields | |
|---|---|
parent |
Required. The name of the project in which the assessment will be created, in the format |
assessment |
Required. The assessment details. |
Event
| Fields | |
|---|---|
token |
Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site. |
site_key |
Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token. |
user_agent |
Optional. The user agent present in the request from the user's device related to this event. |
user_ip_address |
Optional. The IP address in the request from the user's device related to this event. |
expected_action |
Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise. |
hashed_account_id |
Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret. |
transaction_data |
Optional. Data describing a payment transaction to be assessed. Sending this data enables reCAPTCHA Enterprise Fraud Prevention and the FraudPreventionAssessment component in the response. |
FraudPreventionAssessment
Assessment for Fraud Prevention.
| Fields | |
|---|---|
transaction_risk |
Probability (0-1) of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. |
stolen_instrument_verdict |
Assessment of this transaction for risk of a stolen instrument. |
card_testing_verdict |
Assessment of this transaction for risk of being part of a card testing attack. |
behavioral_trust_verdict |
Assessment of this transaction for behavioral trust. |
BehavioralTrustVerdict
Information about behavioral trust of the transaction.
| Fields | |
|---|---|
trust |
Probability (0-1) of this transaction attempt being executed in a behaviorally trustworthy way. |
CardTestingVerdict
Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details.
| Fields | |
|---|---|
risk |
Probability (0-1) of this transaction attempt being part of a card testing attack. |
StolenInstrumentVerdict
Information about stolen instrument fraud, where the user is not the legitimate owner of the instrument being used for the purchase.
| Fields | |
|---|---|
risk |
Probability (0-1) of this transaction being executed with a stolen instrument. |
PasswordLeakVerification
Password leak verification info.
| Fields | |
|---|---|
hashed_user_credentials |
Optional. Scrypt hash of the username+password that the customer wants to verify against a known password leak. |
credentials_leaked |
Output only. Whether or not the user's credentials are present in a known leak. |
canonicalized_username |
Optional. The username part of the user credentials for which we want to trigger a leak check in canonicalized form. This is the same data used to create the hashed_user_credentials on the customer side. |
TokenProperties
| Fields | |
|---|---|
valid |
Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment). |
invalid_reason |
Reason associated with the response when valid = false. |
create_time |
The timestamp corresponding to the generation of the token. |
hostname |
The hostname of the page on which the token was generated. |
action |
Action name provided at token generation. |
InvalidReason
Enum that represents the types of invalid token reasons.
| Enums | |
|---|---|
INVALID_REASON_UNSPECIFIED |
Default unspecified type. |
UNKNOWN_INVALID_REASON |
If the failure reason was not accounted for. |
MALFORMED |
The provided user verification token was malformed. |
EXPIRED |
The user verification token had expired. |
DUPE |
The user verification had already been seen. |
SITE_MISMATCH |
The user verification token did not match the provided site key. This may be a configuration error (for example, development keys used in production) or end users trying to use verification tokens from other sites. |
MISSING |
The user verification token was not present. It is a required input. |
BROWSER_ERROR |
A retriable error (such as network failure) occurred on the browser. Could easily be simulated by an attacker. |
TransactionData
Transaction data associated with a payment protected by reCAPTCHA Enterprise.
| Fields | |
|---|---|
payment_method |
The payment method for the transaction. The allowed values are:
|
card_bin |
The Bank Identification Number - generally the first 6 or 8 digits of the card. |
card_last_four |
The last four digits of the card. |
currency_code |
The currency code in ISO-4217 format. |
value |
The decimal value of the transaction in the specified currency. |
shipping_value |
The value of shipping in the specified currency. 0 for free or no shipping. |
shipping_address |
Destination address if this transaction involves shipping a physical item. |
billing_address |
Address associated with the payment method when applicable. |
user |
Information about the user paying/initiating the transaction. |
merchants[] |
Information about the user or users fulfilling the transaction. |
items[] |
Items purchased in this transaction. |
gateway_info |
Information about the payment gateway's response to the transaction. |
transaction_id |
Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id. |
Address
Structured address format for billing and shipping addresses.
| Fields | |
|---|---|
recipient |
The recipient name, potentially including information such as "care of". |
address[] |
The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number. |
locality |
The town/city of the address. |
administrative_area |
The state, province, or otherwise administrative area of the address. |
region_code |
The CLDR country/region of the address. |
postal_code |
The postal or ZIP code of the address. |
GatewayInfo
Details about the transaction from the gateway.
| Fields | |
|---|---|
name |
Name of the gateway service (for example, stripe, square, paypal). |
gateway_response_code |
Gateway response code describing the state of the transaction. |
avs_response_code |
AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization). |
cvv_response_code |
CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization). |
Item
Line items being purchased in this transaction.
| Fields | |
|---|---|
name |
The full name of the item. |
value |
The value per item that the user is paying, in the transaction currency, after discounts. |
quantity |
The quantity of this item that is being purchased. |
merchant_account_id |
When a merchant is specified, its corresponding account_id. Necessary to populate marketplace-style transactions. |
User
Details about a user's account involved in the transaction.
| Fields | |
|---|---|
account_id |
Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account. |
creation_ms |
The epoch milliseconds of the user's account creation. |
email |
The email address of the user. |
email_verified |
Whether the email has been verified to be accessible by the user (OTP or similar). |
phone_number |
The phone number of the user, with country code. |
phone_verified |
Whether the phone number has been verified to be accessible by the user (OTP or similar). |
TransactionEvent
Describes an event in the lifecycle of a payment transaction.
| Fields | |
|---|---|
event_type |
Optional. The type of this transaction event. |
reason |
Optional. The reason or standardized code that corresponds with this transaction event, if one exists. For example, a CHARGEBACK event with code 6005. |
value |
Optional. The value that corresponds with this transaction event, if one exists. For example, a refund event where $5.00 was refunded. Currency is obtained from the original transaction data. |
event_time |
Optional. Timestamp when this transaction event occurred; otherwise assumed to be the time of the API call. |
TransactionEventType
Enum that represents an event in the payment transaction lifecycle.
| Enums | |
|---|---|
TRANSACTION_EVENT_TYPE_UNSPECIFIED |
Default, unspecified event type. |
MERCHANT_APPROVE |
Indicates that the transaction is approved by the merchant. The accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'. |
MERCHANT_DENY |
Indicates that the transaction is denied and concluded due to risks detected by the merchant. The accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'. |
MANUAL_REVIEW |
Indicates that the transaction is being evaluated by a human, due to suspicion or risk. |
AUTHORIZATION |
Indicates that the authorization attempt with the card issuer succeeded. |
AUTHORIZATION_DECLINE |
Indicates that the authorization attempt with the card issuer failed. The accompanying reasons can include Visa's '54' indicating that the card is expired, or '82' indicating that the CVV is incorrect. |
PAYMENT_CAPTURE |
Indicates that the transaction is completed because the funds were settled. |
PAYMENT_CAPTURE_DECLINE |
Indicates that the transaction could not be completed because the funds were not settled. |
CANCEL |
Indicates that the transaction has been canceled. Specify the reason for the cancellation. For example, 'INSUFFICIENT_INVENTORY'. |
CHARGEBACK_INQUIRY |
Indicates that the merchant has received a chargeback inquiry due to fraud for the transaction, requesting additional information before a fraud chargeback is officially issued and a formal chargeback notification is sent. |
CHARGEBACK_ALERT |
Indicates that the merchant has received a chargeback alert due to fraud for the transaction. The process of resolving the dispute without involving the payment network is started. |
FRAUD_NOTIFICATION |
Indicates that a fraud notification is issued for the transaction, sent by the payment instrument's issuing bank because the transaction appears to be fraudulent. We recommend including TC40 or SAFE data in the reason field for this event type. For partial chargebacks, we recommend that you include an amount in the value field. |
CHARGEBACK |
Indicates that the merchant is informed by the payment network that the transaction has entered the chargeback process due to fraud. Reason code examples include Discover's '6005' and '6041'. For partial chargebacks, we recommend that you include an amount in the value field. |
CHARGEBACK_REPRESENTMENT |
Indicates that the transaction has entered the chargeback process due to fraud, and that the merchant has chosen to enter representment. Reason examples include Discover's '6005' and '6041'. For partial chargebacks, we recommend that you include an amount in the value field. |
CHARGEBACK_REVERSE |
Indicates that the transaction has had a fraud chargeback which was illegitimate and was reversed as a result. For partial chargebacks, we recommend that you include an amount in the value field. |
REFUND_REQUEST |
Indicates that the merchant has received a refund for a completed transaction. For partial refunds, we recommend that you include an amount in the value field. Reason example: 'TAX_EXEMPT' (partial refund of exempt tax) |
REFUND_DECLINE |
Indicates that the merchant has received a refund request for this transaction, but that they have declined it. For partial refunds, we recommend that you include an amount in the value field. Reason example: 'TAX_EXEMPT' (partial refund of exempt tax) |
REFUND |
Indicates that the completed transaction was refunded by the merchant. For partial refunds, we recommend that you include an amount in the value field. Reason example: 'TAX_EXEMPT' (partial refund of exempt tax) |
REFUND_REVERSE |
Indicates that the completed transaction was refunded by the merchant, and that this refund was reversed. For partial refunds, we recommend that you include an amount in the value field. |