Creates an Assessment of the likelihood an event is legitimate.
Scopes
You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call.
If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform.
You can set the scope for this method like this: recaptchaenterprise1 --scope <scope> projects assessments-create ...
Required Scalar Argument
- <parent> (string)
- Required. The name of the project in which the assessment will be created, in the format
projects/{project}
.
- Required. The name of the project in which the assessment will be created, in the format
Required Request Value
The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely.
For example, a structure like this:
GoogleCloudRecaptchaenterpriseV1Assessment:
account-defender-assessment:
labels: [string]
account-verification:
language-code: string
latest-verification-result: string
username: string
event:
expected-action: string
express: boolean
firewall-policy-evaluation: boolean
hashed-account-id: string
headers: [string]
ja3: string
requested-uri: string
site-key: string
token: string
transaction-data:
billing-address:
address: [string]
administrative-area: string
locality: string
postal-code: string
recipient: string
region-code: string
card-bin: string
card-last-four: string
currency-code: string
gateway-info:
avs-response-code: string
cvv-response-code: string
gateway-response-code: string
name: string
payment-method: string
shipping-address:
address: [string]
administrative-area: string
locality: string
postal-code: string
recipient: string
region-code: string
shipping-value: number
transaction-id: string
user:
account-id: string
creation-ms: string
email: string
email-verified: boolean
phone-number: string
phone-verified: boolean
value: number
user-agent: string
user-info:
account-id: string
create-account-time: string
user-ip-address: string
waf-token-assessment: boolean
firewall-policy-assessment:
error:
code: integer
message: string
firewall-policy:
condition: string
description: string
name: string
path: string
fraud-prevention-assessment:
behavioral-trust-verdict:
trust: number
card-testing-verdict:
risk: number
stolen-instrument-verdict:
risk: number
transaction-risk: number
fraud-signals:
card-signals:
card-labels: [string]
user-signals:
active-days-lower-bound: integer
synthetic-risk: number
name: string
private-password-leak-verification:
encrypted-leak-match-prefixes: [string]
encrypted-user-credentials-hash: string
lookup-hash-prefix: string
reencrypted-user-credentials-hash: string
risk-analysis:
extended-verdict-reasons: [string]
reasons: [string]
score: number
token-properties:
action: string
android-package-name: string
create-time: string
hostname: string
invalid-reason: string
ios-bundle-id: string
valid: boolean
can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.
-
-r .account-defender-assessment labels=takimata
- Output only. Labels for this request.
- Each invocation of this argument appends the given value to the array.
-
..account-verification language-code=amet.
- Optional. Language code preference for the verification message, set as a IETF BCP 47 language code.
latest-verification-result=duo
- Output only. Result of the latest account verification challenge.
-
username=ipsum
- Username of the account that is being verified. Deprecated. Customers should now provide the
account_id
field inevent.user_info
.
- Username of the account that is being verified. Deprecated. Customers should now provide the
-
..event expected-action=gubergren
- Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
express=true
- Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled,
site_key
must reference a SCORE key with WAF feature set to EXPRESS.
- Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled,
firewall-policy-evaluation=false
- Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response.
hashed-account-id=dolor
- Optional. Deprecated: use
user_info.account_id
instead. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret.
- Optional. Deprecated: use
headers=ea
- Optional. HTTP header information about the request.
- Each invocation of this argument appends the given value to the array.
ja3=ipsum
- Optional. JA3 fingerprint for SSL clients.
requested-uri=invidunt
- Optional. The URI resource the user requested that triggered an assessment.
site-key=amet
- Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token.
token=duo
- Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site.
transaction-data.billing-address address=ipsum
- Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
- Each invocation of this argument appends the given value to the array.
administrative-area=sed
- Optional. The state, province, or otherwise administrative area of the address.
locality=ut
- Optional. The town/city of the address.
postal-code=gubergren
- Optional. The postal or ZIP code of the address.
recipient=rebum.
- Optional. The recipient name, potentially including information such as "care of".
-
region-code=est
- Optional. The CLDR country/region of the address.
-
.. card-bin=ipsum
- Optional. The Bank Identification Number - generally the first 6 or 8 digits of the card.
card-last-four=ipsum
- Optional. The last four digits of the card.
currency-code=est
- Optional. The currency code in ISO-4217 format.
gateway-info avs-response-code=gubergren
- Optional. AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
cvv-response-code=ea
- Optional. CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
gateway-response-code=dolor
- Optional. Gateway response code describing the state of the transaction.
-
name=lorem
- Optional. Name of the gateway service (for example, stripe, square, paypal).
-
.. payment-method=eos
- Optional. The payment method for the transaction. The allowed values are: * credit-card * debit-card * gift-card * processor-{name} (If a third-party is used, for example, processor-paypal) * custom-{name} (If an alternative method is used, for example, custom-crypto)
shipping-address address=labore
- Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
- Each invocation of this argument appends the given value to the array.
administrative-area=sed
- Optional. The state, province, or otherwise administrative area of the address.
locality=duo
- Optional. The town/city of the address.
postal-code=sed
- Optional. The postal or ZIP code of the address.
recipient=no
- Optional. The recipient name, potentially including information such as "care of".
-
region-code=stet
- Optional. The CLDR country/region of the address.
-
.. shipping-value=0.6905413711203235
- Optional. The value of shipping in the specified currency. 0 for free or no shipping.
transaction-id=et
- Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id.
user account-id=sed
- Optional. Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account.
creation-ms=et
- Optional. The epoch milliseconds of the user's account creation.
email=et
- Optional. The email address of the user.
email-verified=false
- Optional. Whether the email has been verified to be accessible by the user (OTP or similar).
phone-number=erat
- Optional. The phone number of the user, with country code.
-
phone-verified=false
- Optional. Whether the phone number has been verified to be accessible by the user (OTP or similar).
-
.. value=0.6383502522516505
- Optional. The decimal value of the transaction in the specified currency.
-
.. user-agent=et
- Optional. The user agent present in the request from the user's device related to this event.
user-info account-id=voluptua.
- Optional. For logged-in requests or login/registration requests, the unique account identifier associated with this user. You can use the username if it is stable (meaning it is the same for every request associated with the same user), or any stable user ID of your choice. Leave blank for non logged-in actions or guest checkout.
-
create-account-time=amet.
- Optional. Creation time for this account associated with this user. Leave blank for non logged-in actions, guest checkout, or when there is no account associated with the current user.
-
.. user-ip-address=consetetur
- Optional. The IP address in the request from the user's device related to this event.
-
waf-token-assessment=false
- Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key.
-
..firewall-policy-assessment.error code=52
- The status code, which should be an enum value of google.rpc.Code.
-
message=et
- A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
-
..firewall-policy condition=et
- Optional. A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the CEL spec and its language definition. A condition has a max length of 500 characters.
description=sadipscing
- Optional. A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters.
name=stet
- Identifier. The resource name for the FirewallPolicy in the format
projects/{project}/firewallpolicies/{firewallpolicy}
.
- Identifier. The resource name for the FirewallPolicy in the format
-
path=dolor
- Optional. The path for which this policy applies, specified as a glob pattern. For more information on glob, see the manual page. A path has a max length of 200 characters.
-
...fraud-prevention-assessment.behavioral-trust-verdict trust=0.6349978834153693
- Output only. Probability of this transaction attempt being executed in a behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0 (highest).
-
..card-testing-verdict risk=0.1970220513983837
- Output only. Probability of this transaction attempt being part of a card testing attack. Values are from 0.0 (lowest) to 1.0 (highest).
-
..stolen-instrument-verdict risk=0.28492583480905564
- Output only. Probability of this transaction being executed with a stolen instrument. Values are from 0.0 (lowest) to 1.0 (highest).
-
.. transaction-risk=0.4523282032393763
- Output only. Probability of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. Values are from 0.0 (lowest) to 1.0 (highest).
-
..fraud-signals.card-signals card-labels=diam
- Output only. The labels for the payment card in this transaction.
- Each invocation of this argument appends the given value to the array.
-
..user-signals active-days-lower-bound=40
- Output only. This user (based on email, phone, and other identifiers) has been seen on the internet for at least this number of days.
-
synthetic-risk=0.012465497817154336
- Output only. Likelihood (from 0.0 to 1.0) this user includes synthetic components in their identity, such as a randomly generated email address, temporary phone number, or fake shipping address.
-
... name=accusam
- Output only. Identifier. The resource name for the Assessment in the format
projects/{project}/assessments/{assessment}
.
- Output only. Identifier. The resource name for the Assessment in the format
private-password-leak-verification encrypted-leak-match-prefixes=takimata
- Output only. List of prefixes of the encrypted potential password leaks that matched the given parameters. They must be compared with the client-side decryption prefix of
reencrypted_user_credentials_hash
- Each invocation of this argument appends the given value to the array.
- Output only. List of prefixes of the encrypted potential password leaks that matched the given parameters. They must be compared with the client-side decryption prefix of
encrypted-user-credentials-hash=consetetur
- Optional. Encrypted Scrypt hash of the canonicalized username+password. It is re-encrypted by the server and returned through
reencrypted_user_credentials_hash
.
- Optional. Encrypted Scrypt hash of the canonicalized username+password. It is re-encrypted by the server and returned through
lookup-hash-prefix=voluptua.
- Required. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It is used to look up password leaks associated with that hash prefix.
-
reencrypted-user-credentials-hash=et
- Output only. Corresponds to the re-encryption of the
encrypted_user_credentials_hash
field. It is used to match potential password leaks withinencrypted_leak_match_prefixes
.
- Output only. Corresponds to the re-encryption of the
-
..risk-analysis extended-verdict-reasons=erat
- Output only. Extended verdict reasons to be used for experimentation only. The set of possible reasons is subject to change.
- Each invocation of this argument appends the given value to the array.
reasons=consetetur
- Output only. Reasons contributing to the risk analysis verdict.
- Each invocation of this argument appends the given value to the array.
-
score=0.7759968264300798
- Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic).
-
..token-properties action=sed
- Output only. Action name provided at token generation.
android-package-name=takimata
- Output only. The name of the Android package with which the token was generated (Android keys only).
create-time=dolores
- Output only. The timestamp corresponding to the generation of the token.
hostname=gubergren
- Output only. The hostname of the page on which the token was generated (Web keys only).
invalid-reason=et
- Output only. Reason associated with the response when valid = false.
ios-bundle-id=accusam
- Output only. The ID of the iOS bundle with which the token was generated (iOS keys only).
valid=false
- Output only. Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment).
About Cursors
The cursor position is key to comfortably set complex nested structures. The following rules apply:
- The cursor position is always set relative to the current one, unless the field name starts with the
.
character. Fields can be nested such as in-r f.s.o
. - The cursor position is set relative to the top-level structure if it starts with
.
, e.g.-r .s.s
- You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify
-r struct.sub_struct=bar
. - You can move the cursor one level up by using
..
. Each additional.
moves it up one additional level. E.g....
would go three levels up.
Optional Output Flags
The method's return value a JSON encoded structure, which will be written to standard output by default.
- -o out
- out specifies the destination to which to write the server's result to.
It will be a JSON-encoded structure.
The destination may be
-
to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.
- out specifies the destination to which to write the server's result to.
It will be a JSON-encoded structure.
The destination may be
Optional General Properties
The following properties can configure any call, and are not specific to this method.
-
-p $-xgafv=string
- V1 error format.
-
-p access-token=string
- OAuth access token.
-
-p alt=string
- Data format for response.
-
-p callback=string
- JSONP
-
-p fields=string
- Selector specifying which fields to include in a partial response.
-
-p key=string
- API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
-
-p oauth-token=string
- OAuth 2.0 token for the current user.
-
-p pretty-print=boolean
- Returns response with indentations and line breaks.
-
-p quota-user=string
- Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
-
-p upload-type=string
- Legacy upload protocol for media (e.g. "media", "multipart").
-
-p upload-protocol=string
- Upload protocol for media (e.g. "raw", "multipart").