annotate(name, body=None, x__xgafv=None)
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fraudulent.
Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates an Assessment of the likelihood an event is legitimate.
annotate(name, body=None, x__xgafv=None)
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fraudulent.
Args:
name: string, Required. The resource name of the Assessment, in the format `projects/{project}/assessments/{assessment}`. (required)
body: object, The request body.
The object takes the form of:
{ # The request message to annotate an Assessment.
"accountId": "A String", # Optional. A stable account identifier to apply to the assessment. This is an alternative to setting `account_id` in `CreateAssessment`, for example when a stable account identifier is not yet known in the initial request.
"annotation": "A String", # Optional. The annotation that will be assigned to the Event. This field can be left empty to provide reasons that apply to an event without concluding whether the event is legitimate or fraudulent.
"hashedAccountId": "A String", # Optional. A stable hashed account identifier to apply to the assessment. This is an alternative to setting `hashed_account_id` in `CreateAssessment`, for example when a stable account identifier is not yet known in the initial request.
"reasons": [ # Optional. Reasons for the annotation that are assigned to the event.
"A String",
],
"transactionEvent": { # Describes an event in the lifecycle of a payment transaction. # Optional. If the assessment is part of a payment transaction, provide details on payment lifecycle events that occur in the transaction.
"eventTime": "A String", # Optional. Timestamp when this transaction event occurred; otherwise assumed to be the time of the API call.
"eventType": "A String", # Optional. The type of this transaction event.
"reason": "A String", # Optional. The reason or standardized code that corresponds with this transaction event, if one exists. For example, a CHARGEBACK event with code 6005.
"value": 3.14, # Optional. The value that corresponds with this transaction event, if one exists. For example, a refund event where $5.00 was refunded. Currency is obtained from the original transaction data.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Empty response for AnnotateAssessment.
}
close()
Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates an Assessment of the likelihood an event is legitimate.
Args:
parent: string, Required. The name of the project in which the assessment will be created, in the format `projects/{project}`. (required)
body: object, The request body.
The object takes the form of:
{ # A reCAPTCHA Enterprise assessment resource.
"accountDefenderAssessment": { # Account defender risk assessment. # Output only. Assessment returned by account defender when an account identifier is provided.
"labels": [ # Output only. Labels for this request.
"A String",
],
},
"accountVerification": { # Information about account verification, used for identity verification. # Optional. Account verification information for identity verification. The assessment event must include a token and site key to use this feature.
"endpoints": [ # Optional. Endpoints that can be used for identity verification.
{ # Information about a verification endpoint that can be used for 2FA.
"emailAddress": "A String", # Email address for which to trigger a verification request.
"lastVerificationTime": "A String", # Output only. Timestamp of the last successful verification for the endpoint, if any.
"phoneNumber": "A String", # Phone number for which to trigger a verification request. Should be given in E.164 format.
"requestToken": "A String", # Output only. Token to provide to the client to trigger endpoint verification. It must be used within 15 minutes.
},
],
"languageCode": "A String", # Optional. Language code preference for the verification message, set as a IETF BCP 47 language code.
"latestVerificationResult": "A String", # Output only. Result of the latest account verification challenge.
"username": "A String", # Username of the account that is being verified. Deprecated. Customers should now provide the `account_id` field in `event.user_info`.
},
"event": { # The event being assessed. # Optional. The event being assessed.
"expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
"express": True or False, # Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS.
"firewallPolicyEvaluation": True or False, # Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response.
"fraudPrevention": "A String", # Optional. The Fraud Prevention setting for this assessment.
"hashedAccountId": "A String", # Optional. Deprecated: use `user_info.account_id` instead. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret.
"headers": [ # Optional. HTTP header information about the request.
"A String",
],
"ja3": "A String", # Optional. JA3 fingerprint for SSL clients.
"requestedUri": "A String", # Optional. The URI resource the user requested that triggered an assessment.
"siteKey": "A String", # Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token.
"token": "A String", # Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site.
"transactionData": { # Transaction data associated with a payment protected by reCAPTCHA Enterprise. # Optional. Data describing a payment transaction to be assessed. Sending this data enables reCAPTCHA Enterprise Fraud Prevention and the FraudPreventionAssessment component in the response.
"billingAddress": { # Structured address format for billing and shipping addresses. # Optional. Address associated with the payment method when applicable.
"address": [ # Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
"A String",
],
"administrativeArea": "A String", # Optional. The state, province, or otherwise administrative area of the address.
"locality": "A String", # Optional. The town/city of the address.
"postalCode": "A String", # Optional. The postal or ZIP code of the address.
"recipient": "A String", # Optional. The recipient name, potentially including information such as "care of".
"regionCode": "A String", # Optional. The CLDR country/region of the address.
},
"cardBin": "A String", # Optional. The Bank Identification Number - generally the first 6 or 8 digits of the card.
"cardLastFour": "A String", # Optional. The last four digits of the card.
"currencyCode": "A String", # Optional. The currency code in ISO-4217 format.
"gatewayInfo": { # Details about the transaction from the gateway. # Optional. Information about the payment gateway's response to the transaction.
"avsResponseCode": "A String", # Optional. AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
"cvvResponseCode": "A String", # Optional. CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
"gatewayResponseCode": "A String", # Optional. Gateway response code describing the state of the transaction.
"name": "A String", # Optional. Name of the gateway service (for example, stripe, square, paypal).
},
"items": [ # Optional. Items purchased in this transaction.
{ # Line items being purchased in this transaction.
"merchantAccountId": "A String", # Optional. When a merchant is specified, its corresponding account_id. Necessary to populate marketplace-style transactions.
"name": "A String", # Optional. The full name of the item.
"quantity": "A String", # Optional. The quantity of this item that is being purchased.
"value": 3.14, # Optional. The value per item that the user is paying, in the transaction currency, after discounts.
},
],
"merchants": [ # Optional. Information about the user or users fulfilling the transaction.
{ # Details about a user's account involved in the transaction.
"accountId": "A String", # Optional. Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account.
"creationMs": "A String", # Optional. The epoch milliseconds of the user's account creation.
"email": "A String", # Optional. The email address of the user.
"emailVerified": True or False, # Optional. Whether the email has been verified to be accessible by the user (OTP or similar).
"phoneNumber": "A String", # Optional. The phone number of the user, with country code.
"phoneVerified": True or False, # Optional. Whether the phone number has been verified to be accessible by the user (OTP or similar).
},
],
"paymentMethod": "A String", # Optional. The payment method for the transaction. The allowed values are: * credit-card * debit-card * gift-card * processor-{name} (If a third-party is used, for example, processor-paypal) * custom-{name} (If an alternative method is used, for example, custom-crypto)
"shippingAddress": { # Structured address format for billing and shipping addresses. # Optional. Destination address if this transaction involves shipping a physical item.
"address": [ # Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
"A String",
],
"administrativeArea": "A String", # Optional. The state, province, or otherwise administrative area of the address.
"locality": "A String", # Optional. The town/city of the address.
"postalCode": "A String", # Optional. The postal or ZIP code of the address.
"recipient": "A String", # Optional. The recipient name, potentially including information such as "care of".
"regionCode": "A String", # Optional. The CLDR country/region of the address.
},
"shippingValue": 3.14, # Optional. The value of shipping in the specified currency. 0 for free or no shipping.
"transactionId": "A String", # Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id.
"user": { # Details about a user's account involved in the transaction. # Optional. Information about the user paying/initiating the transaction.
"accountId": "A String", # Optional. Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account.
"creationMs": "A String", # Optional. The epoch milliseconds of the user's account creation.
"email": "A String", # Optional. The email address of the user.
"emailVerified": True or False, # Optional. Whether the email has been verified to be accessible by the user (OTP or similar).
"phoneNumber": "A String", # Optional. The phone number of the user, with country code.
"phoneVerified": True or False, # Optional. Whether the phone number has been verified to be accessible by the user (OTP or similar).
},
"value": 3.14, # Optional. The decimal value of the transaction in the specified currency.
},
"userAgent": "A String", # Optional. The user agent present in the request from the user's device related to this event.
"userInfo": { # User information associated with a request protected by reCAPTCHA Enterprise. # Optional. Information about the user that generates this event, when they can be identified. They are often identified through the use of an account for logged-in requests or login/registration requests, or by providing user identifiers for guest actions like checkout.
"accountId": "A String", # Optional. For logged-in requests or login/registration requests, the unique account identifier associated with this user. You can use the username if it is stable (meaning it is the same for every request associated with the same user), or any stable user ID of your choice. Leave blank for non logged-in actions or guest checkout.
"createAccountTime": "A String", # Optional. Creation time for this account associated with this user. Leave blank for non logged-in actions, guest checkout, or when there is no account associated with the current user.
"userIds": [ # Optional. Identifiers associated with this user or request.
{ # An identifier associated with a user.
"email": "A String", # Optional. An email address.
"phoneNumber": "A String", # Optional. A phone number. Should use the E.164 format.
"username": "A String", # Optional. A unique username, if different from all the other identifiers and `account_id` that are provided. Can be a unique login handle or display name for a user.
},
],
},
"userIpAddress": "A String", # Optional. The IP address in the request from the user's device related to this event.
"wafTokenAssessment": True or False, # Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key.
},
"firewallPolicyAssessment": { # Policy config assessment. # Output only. Assessment returned when firewall policies belonging to the project are evaluated using the field firewall_policy_evaluation.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. If the processing of a policy config fails, an error will be populated and the firewall_policy will be left empty.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"firewallPolicy": { # A FirewallPolicy represents a single matching pattern and resulting actions to take. # Output only. The policy that matched the request. If more than one policy may match, this is the first match. If no policy matches the incoming request, the policy field will be left empty.
"actions": [ # Optional. The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as `AllowAction`, `BlockAction` or `SubstituteAction`. Zero or more non-terminal actions such as `SetHeader` might be specified. A single policy can contain up to 16 actions.
{ # An individual action. Each action represents what to do if a policy matches.
"allow": { # An allow action continues processing a request unimpeded. # The user request did not match any policy and should be allowed access to the requested resource.
},
"block": { # A block action serves an HTTP error code a prevents the request from hitting the backend. # This action will deny access to a given page. The user will get an HTTP error code.
},
"includeRecaptchaScript": { # An include reCAPTCHA script action involves injecting reCAPTCHA JavaScript code into the HTML returned by the site backend. This reCAPTCHA script is tasked with collecting user signals on the requested web page, issuing tokens as a cookie within the site domain, and enabling their utilization in subsequent page requests. # This action will inject reCAPTCHA JavaScript code into the HTML page returned by the site backend.
},
"redirect": { # A redirect action returns a 307 (temporary redirect) response, pointing the user to a ReCaptcha interstitial page to attach a token. # This action will redirect the request to a ReCaptcha interstitial to attach a token.
},
"setHeader": { # A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend. # This action will set a custom header but allow the request to continue to the customer backend.
"key": "A String", # Optional. The header key to set in the request to the backend server.
"value": "A String", # Optional. The header value to set in the request to the backend server.
},
"substitute": { # A substitute action transparently serves a different page than the one requested. # This action will transparently serve a different page to an offending user.
"path": "A String", # Optional. The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html".
},
},
],
"condition": "A String", # Optional. A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the [CEL spec](https://github.com/google/cel-spec) and its [language definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md). A condition has a max length of 500 characters.
"description": "A String", # Optional. A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters.
"name": "A String", # Identifier. The resource name for the FirewallPolicy in the format `projects/{project}/firewallpolicies/{firewallpolicy}`.
"path": "A String", # Optional. The path for which this policy applies, specified as a glob pattern. For more information on glob, see the [manual page](https://man7.org/linux/man-pages/man7/glob.7.html). A path has a max length of 200 characters.
},
},
"fraudPreventionAssessment": { # Assessment for Fraud Prevention. # Output only. Assessment returned by Fraud Prevention when TransactionData is provided.
"behavioralTrustVerdict": { # Information about behavioral trust of the transaction. # Output only. Assessment of this transaction for behavioral trust.
"trust": 3.14, # Output only. Probability of this transaction attempt being executed in a behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0 (highest).
},
"cardTestingVerdict": { # Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details. # Output only. Assessment of this transaction for risk of being part of a card testing attack.
"risk": 3.14, # Output only. Probability of this transaction attempt being part of a card testing attack. Values are from 0.0 (lowest) to 1.0 (highest).
},
"stolenInstrumentVerdict": { # Information about stolen instrument fraud, where the user is not the legitimate owner of the instrument being used for the purchase. # Output only. Assessment of this transaction for risk of a stolen instrument.
"risk": 3.14, # Output only. Probability of this transaction being executed with a stolen instrument. Values are from 0.0 (lowest) to 1.0 (highest).
},
"transactionRisk": 3.14, # Output only. Probability of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. Values are from 0.0 (lowest) to 1.0 (highest).
},
"fraudSignals": { # Fraud signals describing users and cards involved in the transaction. # Output only. Fraud Signals specific to the users involved in a payment transaction.
"cardSignals": { # Signals describing the payment card used in this transaction. # Output only. Signals describing the payment card or cards used in this transaction.
"cardLabels": [ # Output only. The labels for the payment card in this transaction.
"A String",
],
},
"userSignals": { # Signals describing the user involved in this transaction. # Output only. Signals describing the end user in this transaction.
"activeDaysLowerBound": 42, # Output only. This user (based on email, phone, and other identifiers) has been seen on the internet for at least this number of days.
"syntheticRisk": 3.14, # Output only. Likelihood (from 0.0 to 1.0) this user includes synthetic components in their identity, such as a randomly generated email address, temporary phone number, or fake shipping address.
},
},
"name": "A String", # Output only. Identifier. The resource name for the Assessment in the format `projects/{project}/assessments/{assessment}`.
"privatePasswordLeakVerification": { # Private password leak verification info. # Optional. The private password leak verification field contains the parameters that are used to to check for leaks privately without sharing user credentials.
"encryptedLeakMatchPrefixes": [ # Output only. List of prefixes of the encrypted potential password leaks that matched the given parameters. They must be compared with the client-side decryption prefix of `reencrypted_user_credentials_hash`
"A String",
],
"encryptedUserCredentialsHash": "A String", # Optional. Encrypted Scrypt hash of the canonicalized username+password. It is re-encrypted by the server and returned through `reencrypted_user_credentials_hash`.
"lookupHashPrefix": "A String", # Required. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It is used to look up password leaks associated with that hash prefix.
"reencryptedUserCredentialsHash": "A String", # Output only. Corresponds to the re-encryption of the `encrypted_user_credentials_hash` field. It is used to match potential password leaks within `encrypted_leak_match_prefixes`.
},
"riskAnalysis": { # Risk analysis result for an event. # Output only. The risk analysis result for the event being assessed.
"extendedVerdictReasons": [ # Output only. Extended verdict reasons to be used for experimentation only. The set of possible reasons is subject to change.
"A String",
],
"reasons": [ # Output only. Reasons contributing to the risk analysis verdict.
"A String",
],
"score": 3.14, # Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic).
},
"tokenProperties": { # Properties of the provided event token. # Output only. Properties of the provided event token.
"action": "A String", # Output only. Action name provided at token generation.
"androidPackageName": "A String", # Output only. The name of the Android package with which the token was generated (Android keys only).
"createTime": "A String", # Output only. The timestamp corresponding to the generation of the token.
"hostname": "A String", # Output only. The hostname of the page on which the token was generated (Web keys only).
"invalidReason": "A String", # Output only. Reason associated with the response when valid = false.
"iosBundleId": "A String", # Output only. The ID of the iOS bundle with which the token was generated (iOS keys only).
"valid": True or False, # Output only. Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment).
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A reCAPTCHA Enterprise assessment resource.
"accountDefenderAssessment": { # Account defender risk assessment. # Output only. Assessment returned by account defender when an account identifier is provided.
"labels": [ # Output only. Labels for this request.
"A String",
],
},
"accountVerification": { # Information about account verification, used for identity verification. # Optional. Account verification information for identity verification. The assessment event must include a token and site key to use this feature.
"endpoints": [ # Optional. Endpoints that can be used for identity verification.
{ # Information about a verification endpoint that can be used for 2FA.
"emailAddress": "A String", # Email address for which to trigger a verification request.
"lastVerificationTime": "A String", # Output only. Timestamp of the last successful verification for the endpoint, if any.
"phoneNumber": "A String", # Phone number for which to trigger a verification request. Should be given in E.164 format.
"requestToken": "A String", # Output only. Token to provide to the client to trigger endpoint verification. It must be used within 15 minutes.
},
],
"languageCode": "A String", # Optional. Language code preference for the verification message, set as a IETF BCP 47 language code.
"latestVerificationResult": "A String", # Output only. Result of the latest account verification challenge.
"username": "A String", # Username of the account that is being verified. Deprecated. Customers should now provide the `account_id` field in `event.user_info`.
},
"event": { # The event being assessed. # Optional. The event being assessed.
"expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
"express": True or False, # Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS.
"firewallPolicyEvaluation": True or False, # Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response.
"fraudPrevention": "A String", # Optional. The Fraud Prevention setting for this assessment.
"hashedAccountId": "A String", # Optional. Deprecated: use `user_info.account_id` instead. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret.
"headers": [ # Optional. HTTP header information about the request.
"A String",
],
"ja3": "A String", # Optional. JA3 fingerprint for SSL clients.
"requestedUri": "A String", # Optional. The URI resource the user requested that triggered an assessment.
"siteKey": "A String", # Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token.
"token": "A String", # Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site.
"transactionData": { # Transaction data associated with a payment protected by reCAPTCHA Enterprise. # Optional. Data describing a payment transaction to be assessed. Sending this data enables reCAPTCHA Enterprise Fraud Prevention and the FraudPreventionAssessment component in the response.
"billingAddress": { # Structured address format for billing and shipping addresses. # Optional. Address associated with the payment method when applicable.
"address": [ # Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
"A String",
],
"administrativeArea": "A String", # Optional. The state, province, or otherwise administrative area of the address.
"locality": "A String", # Optional. The town/city of the address.
"postalCode": "A String", # Optional. The postal or ZIP code of the address.
"recipient": "A String", # Optional. The recipient name, potentially including information such as "care of".
"regionCode": "A String", # Optional. The CLDR country/region of the address.
},
"cardBin": "A String", # Optional. The Bank Identification Number - generally the first 6 or 8 digits of the card.
"cardLastFour": "A String", # Optional. The last four digits of the card.
"currencyCode": "A String", # Optional. The currency code in ISO-4217 format.
"gatewayInfo": { # Details about the transaction from the gateway. # Optional. Information about the payment gateway's response to the transaction.
"avsResponseCode": "A String", # Optional. AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
"cvvResponseCode": "A String", # Optional. CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
"gatewayResponseCode": "A String", # Optional. Gateway response code describing the state of the transaction.
"name": "A String", # Optional. Name of the gateway service (for example, stripe, square, paypal).
},
"items": [ # Optional. Items purchased in this transaction.
{ # Line items being purchased in this transaction.
"merchantAccountId": "A String", # Optional. When a merchant is specified, its corresponding account_id. Necessary to populate marketplace-style transactions.
"name": "A String", # Optional. The full name of the item.
"quantity": "A String", # Optional. The quantity of this item that is being purchased.
"value": 3.14, # Optional. The value per item that the user is paying, in the transaction currency, after discounts.
},
],
"merchants": [ # Optional. Information about the user or users fulfilling the transaction.
{ # Details about a user's account involved in the transaction.
"accountId": "A String", # Optional. Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account.
"creationMs": "A String", # Optional. The epoch milliseconds of the user's account creation.
"email": "A String", # Optional. The email address of the user.
"emailVerified": True or False, # Optional. Whether the email has been verified to be accessible by the user (OTP or similar).
"phoneNumber": "A String", # Optional. The phone number of the user, with country code.
"phoneVerified": True or False, # Optional. Whether the phone number has been verified to be accessible by the user (OTP or similar).
},
],
"paymentMethod": "A String", # Optional. The payment method for the transaction. The allowed values are: * credit-card * debit-card * gift-card * processor-{name} (If a third-party is used, for example, processor-paypal) * custom-{name} (If an alternative method is used, for example, custom-crypto)
"shippingAddress": { # Structured address format for billing and shipping addresses. # Optional. Destination address if this transaction involves shipping a physical item.
"address": [ # Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
"A String",
],
"administrativeArea": "A String", # Optional. The state, province, or otherwise administrative area of the address.
"locality": "A String", # Optional. The town/city of the address.
"postalCode": "A String", # Optional. The postal or ZIP code of the address.
"recipient": "A String", # Optional. The recipient name, potentially including information such as "care of".
"regionCode": "A String", # Optional. The CLDR country/region of the address.
},
"shippingValue": 3.14, # Optional. The value of shipping in the specified currency. 0 for free or no shipping.
"transactionId": "A String", # Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id.
"user": { # Details about a user's account involved in the transaction. # Optional. Information about the user paying/initiating the transaction.
"accountId": "A String", # Optional. Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account.
"creationMs": "A String", # Optional. The epoch milliseconds of the user's account creation.
"email": "A String", # Optional. The email address of the user.
"emailVerified": True or False, # Optional. Whether the email has been verified to be accessible by the user (OTP or similar).
"phoneNumber": "A String", # Optional. The phone number of the user, with country code.
"phoneVerified": True or False, # Optional. Whether the phone number has been verified to be accessible by the user (OTP or similar).
},
"value": 3.14, # Optional. The decimal value of the transaction in the specified currency.
},
"userAgent": "A String", # Optional. The user agent present in the request from the user's device related to this event.
"userInfo": { # User information associated with a request protected by reCAPTCHA Enterprise. # Optional. Information about the user that generates this event, when they can be identified. They are often identified through the use of an account for logged-in requests or login/registration requests, or by providing user identifiers for guest actions like checkout.
"accountId": "A String", # Optional. For logged-in requests or login/registration requests, the unique account identifier associated with this user. You can use the username if it is stable (meaning it is the same for every request associated with the same user), or any stable user ID of your choice. Leave blank for non logged-in actions or guest checkout.
"createAccountTime": "A String", # Optional. Creation time for this account associated with this user. Leave blank for non logged-in actions, guest checkout, or when there is no account associated with the current user.
"userIds": [ # Optional. Identifiers associated with this user or request.
{ # An identifier associated with a user.
"email": "A String", # Optional. An email address.
"phoneNumber": "A String", # Optional. A phone number. Should use the E.164 format.
"username": "A String", # Optional. A unique username, if different from all the other identifiers and `account_id` that are provided. Can be a unique login handle or display name for a user.
},
],
},
"userIpAddress": "A String", # Optional. The IP address in the request from the user's device related to this event.
"wafTokenAssessment": True or False, # Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key.
},
"firewallPolicyAssessment": { # Policy config assessment. # Output only. Assessment returned when firewall policies belonging to the project are evaluated using the field firewall_policy_evaluation.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. If the processing of a policy config fails, an error will be populated and the firewall_policy will be left empty.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"firewallPolicy": { # A FirewallPolicy represents a single matching pattern and resulting actions to take. # Output only. The policy that matched the request. If more than one policy may match, this is the first match. If no policy matches the incoming request, the policy field will be left empty.
"actions": [ # Optional. The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as `AllowAction`, `BlockAction` or `SubstituteAction`. Zero or more non-terminal actions such as `SetHeader` might be specified. A single policy can contain up to 16 actions.
{ # An individual action. Each action represents what to do if a policy matches.
"allow": { # An allow action continues processing a request unimpeded. # The user request did not match any policy and should be allowed access to the requested resource.
},
"block": { # A block action serves an HTTP error code a prevents the request from hitting the backend. # This action will deny access to a given page. The user will get an HTTP error code.
},
"includeRecaptchaScript": { # An include reCAPTCHA script action involves injecting reCAPTCHA JavaScript code into the HTML returned by the site backend. This reCAPTCHA script is tasked with collecting user signals on the requested web page, issuing tokens as a cookie within the site domain, and enabling their utilization in subsequent page requests. # This action will inject reCAPTCHA JavaScript code into the HTML page returned by the site backend.
},
"redirect": { # A redirect action returns a 307 (temporary redirect) response, pointing the user to a ReCaptcha interstitial page to attach a token. # This action will redirect the request to a ReCaptcha interstitial to attach a token.
},
"setHeader": { # A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend. # This action will set a custom header but allow the request to continue to the customer backend.
"key": "A String", # Optional. The header key to set in the request to the backend server.
"value": "A String", # Optional. The header value to set in the request to the backend server.
},
"substitute": { # A substitute action transparently serves a different page than the one requested. # This action will transparently serve a different page to an offending user.
"path": "A String", # Optional. The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html".
},
},
],
"condition": "A String", # Optional. A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the [CEL spec](https://github.com/google/cel-spec) and its [language definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md). A condition has a max length of 500 characters.
"description": "A String", # Optional. A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters.
"name": "A String", # Identifier. The resource name for the FirewallPolicy in the format `projects/{project}/firewallpolicies/{firewallpolicy}`.
"path": "A String", # Optional. The path for which this policy applies, specified as a glob pattern. For more information on glob, see the [manual page](https://man7.org/linux/man-pages/man7/glob.7.html). A path has a max length of 200 characters.
},
},
"fraudPreventionAssessment": { # Assessment for Fraud Prevention. # Output only. Assessment returned by Fraud Prevention when TransactionData is provided.
"behavioralTrustVerdict": { # Information about behavioral trust of the transaction. # Output only. Assessment of this transaction for behavioral trust.
"trust": 3.14, # Output only. Probability of this transaction attempt being executed in a behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0 (highest).
},
"cardTestingVerdict": { # Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details. # Output only. Assessment of this transaction for risk of being part of a card testing attack.
"risk": 3.14, # Output only. Probability of this transaction attempt being part of a card testing attack. Values are from 0.0 (lowest) to 1.0 (highest).
},
"stolenInstrumentVerdict": { # Information about stolen instrument fraud, where the user is not the legitimate owner of the instrument being used for the purchase. # Output only. Assessment of this transaction for risk of a stolen instrument.
"risk": 3.14, # Output only. Probability of this transaction being executed with a stolen instrument. Values are from 0.0 (lowest) to 1.0 (highest).
},
"transactionRisk": 3.14, # Output only. Probability of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. Values are from 0.0 (lowest) to 1.0 (highest).
},
"fraudSignals": { # Fraud signals describing users and cards involved in the transaction. # Output only. Fraud Signals specific to the users involved in a payment transaction.
"cardSignals": { # Signals describing the payment card used in this transaction. # Output only. Signals describing the payment card or cards used in this transaction.
"cardLabels": [ # Output only. The labels for the payment card in this transaction.
"A String",
],
},
"userSignals": { # Signals describing the user involved in this transaction. # Output only. Signals describing the end user in this transaction.
"activeDaysLowerBound": 42, # Output only. This user (based on email, phone, and other identifiers) has been seen on the internet for at least this number of days.
"syntheticRisk": 3.14, # Output only. Likelihood (from 0.0 to 1.0) this user includes synthetic components in their identity, such as a randomly generated email address, temporary phone number, or fake shipping address.
},
},
"name": "A String", # Output only. Identifier. The resource name for the Assessment in the format `projects/{project}/assessments/{assessment}`.
"privatePasswordLeakVerification": { # Private password leak verification info. # Optional. The private password leak verification field contains the parameters that are used to to check for leaks privately without sharing user credentials.
"encryptedLeakMatchPrefixes": [ # Output only. List of prefixes of the encrypted potential password leaks that matched the given parameters. They must be compared with the client-side decryption prefix of `reencrypted_user_credentials_hash`
"A String",
],
"encryptedUserCredentialsHash": "A String", # Optional. Encrypted Scrypt hash of the canonicalized username+password. It is re-encrypted by the server and returned through `reencrypted_user_credentials_hash`.
"lookupHashPrefix": "A String", # Required. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It is used to look up password leaks associated with that hash prefix.
"reencryptedUserCredentialsHash": "A String", # Output only. Corresponds to the re-encryption of the `encrypted_user_credentials_hash` field. It is used to match potential password leaks within `encrypted_leak_match_prefixes`.
},
"riskAnalysis": { # Risk analysis result for an event. # Output only. The risk analysis result for the event being assessed.
"extendedVerdictReasons": [ # Output only. Extended verdict reasons to be used for experimentation only. The set of possible reasons is subject to change.
"A String",
],
"reasons": [ # Output only. Reasons contributing to the risk analysis verdict.
"A String",
],
"score": 3.14, # Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic).
},
"tokenProperties": { # Properties of the provided event token. # Output only. Properties of the provided event token.
"action": "A String", # Output only. Action name provided at token generation.
"androidPackageName": "A String", # Output only. The name of the Android package with which the token was generated (Android keys only).
"createTime": "A String", # Output only. The timestamp corresponding to the generation of the token.
"hostname": "A String", # Output only. The hostname of the page on which the token was generated (Web keys only).
"invalidReason": "A String", # Output only. Reason associated with the response when valid = false.
"iosBundleId": "A String", # Output only. The ID of the iOS bundle with which the token was generated (iOS keys only).
"valid": True or False, # Output only. Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment).
},
}