- Resource: Assessment
- Event
- TransactionData
- Address
- User
- Item
- GatewayInfo
- FraudPrevention
- TokenProperties
- InvalidReason
- ClassificationReason
- PasswordLeakVerification
- AccountDefenderAssessment
- AccountDefenderLabel
- FraudPreventionAssessment
- StolenInstrumentVerdict
- CardTestingVerdict
- BehavioralTrustVerdict
- Methods
Resource: Assessment
A reCAPTCHA Enterprise assessment resource.
JSON representation |
---|
{ "name": string, "event": { object ( |
Fields | |
---|---|
name |
Output only. The resource name for the Assessment in the format |
event |
The event being assessed. |
score |
Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic). |
token |
Output only. Properties of the provided event token. |
reasons[] |
Output only. Reasons contributing to the risk analysis verdict. |
password |
Information about the user's credentials used to check for leaks. This feature is part of the Early Access Program (EAP). Exercise caution, and do not deploy integrations based on this feature in a production environment. |
account |
Assessment returned by account defender when a hashedAccountId is provided. |
fraud |
Assessment returned by Fraud Prevention when TransactionData is provided. |
Event
JSON representation |
---|
{ "token": string, "siteKey": string, "userAgent": string, "userIpAddress": string, "expectedAction": string, "hashedAccountId": string, "transactionData": { object ( |
Fields | |
---|---|
token |
Optional. The user response token provided by the reCAPTCHA client-side integration on your site. |
site |
Optional. The site key that was used to invoke reCAPTCHA on your site and generate the token. |
user |
Optional. The user agent present in the request from the user's device related to this event. |
user |
Optional. The IP address in the request from the user's device related to this event. |
expected |
Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with reCAPTCHA. |
hashed |
Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret. A base64-encoded string. |
transaction |
Optional. Data describing a payment transaction to be assessed. Sending this data enables reCAPTCHA Fraud Prevention and the FraudPreventionAssessment component in the response. |
fraud |
Optional. The Fraud Prevention setting for this Assessment. |
TransactionData
Transaction data associated with a payment protected by reCAPTCHA.
JSON representation |
---|
{ "paymentMethod": string, "cardBin": string, "cardLastFour": string, "currencyCode": string, "value": number, "shippingValue": number, "shippingAddress": { object ( |
Fields | |
---|---|
payment |
The payment method for the transaction. The allowed values are:
|
card |
The Bank Identification Number - generally the first 6 or 8 digits of the card. |
card |
The last four digits of the card. |
currency |
The currency code in ISO-4217 format. |
value |
The decimal value of the transaction in the specified currency. |
shipping |
The value of shipping in the specified currency. 0 for free or no shipping. |
shipping |
Destination address if this transaction involves shipping a physical item. |
billing |
Address associated with the payment method when applicable. |
user |
Information about the user paying/initiating the transaction. |
merchants[] |
Information about the user or users fulfilling the transaction. |
items[] |
Items purchased in this transaction. |
gateway |
Information about the payment gateway's response to the transaction. |
transaction |
Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id. |
Address
Structured address format for billing and shipping addresses.
JSON representation |
---|
{ "recipient": string, "address": [ string ], "locality": string, "administrativeArea": string, "regionCode": string, "postalCode": string } |
Fields | |
---|---|
recipient |
The recipient name, potentially including information such as "care of". |
address[] |
The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number. |
locality |
The town/city of the address. |
administrative |
The state, province, or otherwise administrative area of the address. |
region |
The CLDR country/region of the address. |
postal |
The postal or ZIP code of the address. |
User
Details about a user's account involved in the transaction.
JSON representation |
---|
{ "accountId": string, "creationMs": string, "email": string, "emailVerified": boolean, "phoneNumber": string, "phoneVerified": boolean } |
Fields | |
---|---|
account |
Unique account identifier for this user. If using account defender, this should match the hashedAccountId field. Otherwise, a unique and persistent identifier for this account. |
creation |
The epoch milliseconds of the user's account creation. |
email |
The email address of the user. |
email |
Whether the email has been verified to be accessible by the user (OTP or similar). |
phone |
The phone number of the user, with country code. |
phone |
Whether the phone number has been verified to be accessible by the user (OTP or similar). |
Item
Line items being purchased in this transaction.
JSON representation |
---|
{ "name": string, "value": number, "quantity": string, "merchantAccountId": string } |
Fields | |
---|---|
name |
The full name of the item. |
value |
The value per item that the user is paying, in the transaction currency, after discounts. |
quantity |
The quantity of this item that is being purchased. |
merchant |
When a merchant is specified, its corresponding accountId. Necessary to populate marketplace-style transactions. |
GatewayInfo
Details about the transaction from the gateway.
JSON representation |
---|
{ "name": string, "gatewayResponseCode": string, "avsResponseCode": string, "cvvResponseCode": string } |
Fields | |
---|---|
name |
Name of the gateway service (for example, stripe, square, paypal). |
gateway |
Gateway response code describing the state of the transaction. |
avs |
AVS response code from the gateway (available only when reCAPTCHA is called after authorization). |
cvv |
CVV response code from the gateway (available only when reCAPTCHA is called after authorization). |
FraudPrevention
Setting that controls Fraud Prevention assessments.
Enums | |
---|---|
FRAUD_PREVENTION_UNSPECIFIED |
Default, unspecified setting. fraudPreventionAssessment is returned if transactionData is present in Event and Fraud Prevention is enabled in the Google Cloud console. |
ENABLED |
Enable Fraud Prevention for this assessment, if Fraud Prevention is enabled in the Google Cloud console. |
DISABLED |
Disable Fraud Prevention for this assessment, regardless of Google Cloud console settings. |
TokenProperties
JSON representation |
---|
{
"valid": boolean,
"invalidReason": enum ( |
Fields | |
---|---|
valid |
Whether the provided user response token is valid. When valid = false, the reason could be specified in invalidReason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment). |
invalid |
Reason associated with the response when valid = false. |
create |
The timestamp corresponding to the generation of the token. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
hostname |
The hostname of the page on which the token was generated. |
action |
Action name provided at token generation. |
InvalidReason
Enum that represents the types of invalid token reasons.
Enums | |
---|---|
INVALID_REASON_UNSPECIFIED |
Default unspecified type. |
UNKNOWN_INVALID_REASON |
If the failure reason was not accounted for. |
MALFORMED |
The provided user verification token was malformed. |
EXPIRED |
The user verification token had expired. |
DUPE |
The user verification had already been seen. |
SITE_MISMATCH |
The user verification token did not match the provided site key. This may be a configuration error (for example, development keys used in production) or end users trying to use verification tokens from other sites. |
MISSING |
The user verification token was not present. It is a required input. |
BROWSER_ERROR |
A retriable error (such as network failure) occurred on the browser. Could easily be simulated by an attacker. |
ClassificationReason
Reasons contributing to the risk analysis verdict.
Enums | |
---|---|
CLASSIFICATION_REASON_UNSPECIFIED |
Default unspecified type. |
AUTOMATION |
Interactions matched the behavior of an automated agent. |
UNEXPECTED_ENVIRONMENT |
The event originated from an illegitimate environment. |
TOO_MUCH_TRAFFIC |
Traffic volume from the event source is higher than normal. |
UNEXPECTED_USAGE_PATTERNS |
Interactions with the site were significantly different than expected patterns. |
LOW_CONFIDENCE_SCORE |
Too little traffic has been received from this site thus far to generate quality risk analysis. |
SUSPECTED_CARDING |
The request matches behavioral characteristics of a carding attack. |
SUSPECTED_CHARGEBACK |
The request matches behavioral characteristics of chargebacks for fraud. |
PasswordLeakVerification
Password leak verification info.
JSON representation |
---|
{ "hashedUserCredentials": string, "credentialsLeaked": boolean, "canonicalizedUsername": string } |
Fields | |
---|---|
hashed |
Optional. Scrypt hash of the username+password that the customer wants to verify against a known password leak. A base64-encoded string. |
credentials |
Output only. Whether or not the user's credentials are present in a known leak. |
canonicalized |
Optional. The username part of the user credentials for which we want to trigger a leak check in canonicalized form. This is the same data used to create the hashedUserCredentials on the customer side. |
AccountDefenderAssessment
Account defender risk assessment.
JSON representation |
---|
{
"labels": [
enum ( |
Fields | |
---|---|
labels[] |
Labels for this request. |
AccountDefenderLabel
Labels returned by account defender for this request.
Enums | |
---|---|
ACCOUNT_DEFENDER_LABEL_UNSPECIFIED |
Default unspecified type. |
PROFILE_MATCH |
The request matches a known good profile for the user. |
SUSPICIOUS_LOGIN_ACTIVITY |
The request is potentially a suspicious login event and should be further verified either via multi-factor authentication or another system. |
SUSPICIOUS_ACCOUNT_CREATION |
The request matched a profile that previously had suspicious account creation behavior. This could mean this is a fake account. |
RELATED_ACCOUNTS_NUMBER_HIGH |
The account in the request has a high number of related accounts. It does not necessarily imply that the account is bad but could require investigating. |
FraudPreventionAssessment
Assessment for Fraud Prevention.
JSON representation |
---|
{ "transactionRisk": number, "stolenInstrumentVerdict": { object ( |
Fields | |
---|---|
transaction |
Probability (0-1) of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. |
stolen |
Assessment of this transaction for risk of a stolen instrument. |
card |
Assessment of this transaction for risk of being part of a card testing attack. |
behavioral |
Assessment of this transaction for behavioral trust. |
StolenInstrumentVerdict
Information about stolen instrument fraud, where the user is not the legitimate owner of the instrument being used for the purchase.
JSON representation |
---|
{ "risk": number } |
Fields | |
---|---|
risk |
Probability (0-1) of this transaction being executed with a stolen instrument. |
CardTestingVerdict
Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details.
JSON representation |
---|
{ "risk": number } |
Fields | |
---|---|
risk |
Probability (0-1) of this transaction attempt being part of a card testing attack. |
BehavioralTrustVerdict
Information about behavioral trust of the transaction.
JSON representation |
---|
{ "trust": number } |
Fields | |
---|---|
trust |
Probability (0-1) of this transaction attempt being executed in a behaviorally trustworthy way. |
Methods |
|
---|---|
|
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fradulent. |
|
Creates an Assessment of the likelihood an event is legitimate. |