Creates an Assessment of the likelihood an event is legitimate.

Scopes

You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call.

If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform. You can set the scope for this method like this: recaptchaenterprise1 --scope <scope> projects assessments-create ...

Required Scalar Argument

  • <parent> (string)
    • Required. The name of the project in which the assessment will be created, in the format projects/{project}.

Required Request Value

The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely.

For example, a structure like this:

GoogleCloudRecaptchaenterpriseV1Assessment:
  account-defender-assessment:
    labels: [string]
  account-verification:
    language-code: string
    latest-verification-result: string
    username: string
  event:
    expected-action: string
    express: boolean
    firewall-policy-evaluation: boolean
    hashed-account-id: string
    headers: [string]
    ja3: string
    requested-uri: string
    site-key: string
    token: string
    transaction-data:
      billing-address:
        address: [string]
        administrative-area: string
        locality: string
        postal-code: string
        recipient: string
        region-code: string
      card-bin: string
      card-last-four: string
      currency-code: string
      gateway-info:
        avs-response-code: string
        cvv-response-code: string
        gateway-response-code: string
        name: string
      payment-method: string
      shipping-address:
        address: [string]
        administrative-area: string
        locality: string
        postal-code: string
        recipient: string
        region-code: string
      shipping-value: number
      transaction-id: string
      user:
        account-id: string
        creation-ms: string
        email: string
        email-verified: boolean
        phone-number: string
        phone-verified: boolean
      value: number
    user-agent: string
    user-info:
      account-id: string
      create-account-time: string
    user-ip-address: string
    waf-token-assessment: boolean
  firewall-policy-assessment:
    error:
      code: integer
      message: string
    firewall-policy:
      condition: string
      description: string
      name: string
      path: string
  fraud-prevention-assessment:
    behavioral-trust-verdict:
      trust: number
    card-testing-verdict:
      risk: number
    stolen-instrument-verdict:
      risk: number
    transaction-risk: number
  fraud-signals:
    card-signals:
      card-labels: [string]
    user-signals:
      active-days-lower-bound: integer
      synthetic-risk: number
  name: string
  private-password-leak-verification:
    encrypted-leak-match-prefixes: [string]
    encrypted-user-credentials-hash: string
    lookup-hash-prefix: string
    reencrypted-user-credentials-hash: string
  risk-analysis:
    extended-verdict-reasons: [string]
    reasons: [string]
    score: number
  token-properties:
    action: string
    android-package-name: string
    create-time: string
    hostname: string
    invalid-reason: string
    ios-bundle-id: string
    valid: boolean

can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.

  • -r .account-defender-assessment labels=takimata

    • Output only. Labels for this request.
    • Each invocation of this argument appends the given value to the array.

  • ..account-verification language-code=amet.

    • Optional. Language code preference for the verification message, set as a IETF BCP 47 language code.
  • latest-verification-result=duo
    • Output only. Result of the latest account verification challenge.

  • username=ipsum

    • Username of the account that is being verified. Deprecated. Customers should now provide the account_id field in event.user_info.

  • ..event expected-action=gubergren

    • Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
  • express=true
    • Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled, site_key must reference a SCORE key with WAF feature set to EXPRESS.
  • firewall-policy-evaluation=false
    • Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response.
  • hashed-account-id=dolor
    • Optional. Deprecated: use user_info.account_id instead. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret.
  • headers=ea
    • Optional. HTTP header information about the request.
    • Each invocation of this argument appends the given value to the array.
  • ja3=ipsum
    • Optional. JA3 fingerprint for SSL clients.
  • requested-uri=invidunt
    • Optional. The URI resource the user requested that triggered an assessment.
  • site-key=amet
    • Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token.
  • token=duo
    • Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site.
  • transaction-data.billing-address address=ipsum
    • Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
    • Each invocation of this argument appends the given value to the array.
  • administrative-area=sed
    • Optional. The state, province, or otherwise administrative area of the address.
  • locality=ut
    • Optional. The town/city of the address.
  • postal-code=gubergren
    • Optional. The postal or ZIP code of the address.
  • recipient=rebum.
    • Optional. The recipient name, potentially including information such as "care of".

  • region-code=est

    • Optional. The CLDR country/region of the address.

  • .. card-bin=ipsum

    • Optional. The Bank Identification Number - generally the first 6 or 8 digits of the card.
  • card-last-four=ipsum
    • Optional. The last four digits of the card.
  • currency-code=est
    • Optional. The currency code in ISO-4217 format.
  • gateway-info avs-response-code=gubergren
    • Optional. AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
  • cvv-response-code=ea
    • Optional. CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization).
  • gateway-response-code=dolor
    • Optional. Gateway response code describing the state of the transaction.

  • name=lorem

    • Optional. Name of the gateway service (for example, stripe, square, paypal).

  • .. payment-method=eos

    • Optional. The payment method for the transaction. The allowed values are: * credit-card * debit-card * gift-card * processor-{name} (If a third-party is used, for example, processor-paypal) * custom-{name} (If an alternative method is used, for example, custom-crypto)
  • shipping-address address=labore
    • Optional. The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number.
    • Each invocation of this argument appends the given value to the array.
  • administrative-area=sed
    • Optional. The state, province, or otherwise administrative area of the address.
  • locality=duo
    • Optional. The town/city of the address.
  • postal-code=sed
    • Optional. The postal or ZIP code of the address.
  • recipient=no
    • Optional. The recipient name, potentially including information such as "care of".

  • region-code=stet

    • Optional. The CLDR country/region of the address.

  • .. shipping-value=0.6905413711203235

    • Optional. The value of shipping in the specified currency. 0 for free or no shipping.
  • transaction-id=et
    • Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id.
  • user account-id=sed
    • Optional. Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account.
  • creation-ms=et
    • Optional. The epoch milliseconds of the user's account creation.
  • email=et
    • Optional. The email address of the user.
  • email-verified=false
    • Optional. Whether the email has been verified to be accessible by the user (OTP or similar).
  • phone-number=erat
    • Optional. The phone number of the user, with country code.

  • phone-verified=false

    • Optional. Whether the phone number has been verified to be accessible by the user (OTP or similar).

  • .. value=0.6383502522516505

    • Optional. The decimal value of the transaction in the specified currency.

  • .. user-agent=et

    • Optional. The user agent present in the request from the user's device related to this event.
  • user-info account-id=voluptua.
    • Optional. For logged-in requests or login/registration requests, the unique account identifier associated with this user. You can use the username if it is stable (meaning it is the same for every request associated with the same user), or any stable user ID of your choice. Leave blank for non logged-in actions or guest checkout.

  • create-account-time=amet.

    • Optional. Creation time for this account associated with this user. Leave blank for non logged-in actions, guest checkout, or when there is no account associated with the current user.

  • .. user-ip-address=consetetur

    • Optional. The IP address in the request from the user's device related to this event.

  • waf-token-assessment=false

    • Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key.

  • ..firewall-policy-assessment.error code=52

    • The status code, which should be an enum value of google.rpc.Code.

  • message=et

    • A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.

  • ..firewall-policy condition=et

    • Optional. A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the CEL spec and its language definition. A condition has a max length of 500 characters.
  • description=sadipscing
    • Optional. A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters.
  • name=stet
    • Identifier. The resource name for the FirewallPolicy in the format projects/{project}/firewallpolicies/{firewallpolicy}.

  • path=dolor

    • Optional. The path for which this policy applies, specified as a glob pattern. For more information on glob, see the manual page. A path has a max length of 200 characters.

  • ...fraud-prevention-assessment.behavioral-trust-verdict trust=0.6349978834153693

    • Output only. Probability of this transaction attempt being executed in a behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0 (highest).

  • ..card-testing-verdict risk=0.1970220513983837

    • Output only. Probability of this transaction attempt being part of a card testing attack. Values are from 0.0 (lowest) to 1.0 (highest).

  • ..stolen-instrument-verdict risk=0.28492583480905564

    • Output only. Probability of this transaction being executed with a stolen instrument. Values are from 0.0 (lowest) to 1.0 (highest).

  • .. transaction-risk=0.4523282032393763

    • Output only. Probability of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. Values are from 0.0 (lowest) to 1.0 (highest).

  • ..fraud-signals.card-signals card-labels=diam

    • Output only. The labels for the payment card in this transaction.
    • Each invocation of this argument appends the given value to the array.

  • ..user-signals active-days-lower-bound=40

    • Output only. This user (based on email, phone, and other identifiers) has been seen on the internet for at least this number of days.

  • synthetic-risk=0.012465497817154336

    • Output only. Likelihood (from 0.0 to 1.0) this user includes synthetic components in their identity, such as a randomly generated email address, temporary phone number, or fake shipping address.

  • ... name=accusam

    • Output only. Identifier. The resource name for the Assessment in the format projects/{project}/assessments/{assessment}.
  • private-password-leak-verification encrypted-leak-match-prefixes=takimata
    • Output only. List of prefixes of the encrypted potential password leaks that matched the given parameters. They must be compared with the client-side decryption prefix of reencrypted_user_credentials_hash
    • Each invocation of this argument appends the given value to the array.
  • encrypted-user-credentials-hash=consetetur
    • Optional. Encrypted Scrypt hash of the canonicalized username+password. It is re-encrypted by the server and returned through reencrypted_user_credentials_hash.
  • lookup-hash-prefix=voluptua.
    • Required. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It is used to look up password leaks associated with that hash prefix.

  • reencrypted-user-credentials-hash=et

    • Output only. Corresponds to the re-encryption of the encrypted_user_credentials_hash field. It is used to match potential password leaks within encrypted_leak_match_prefixes.

  • ..risk-analysis extended-verdict-reasons=erat

    • Output only. Extended verdict reasons to be used for experimentation only. The set of possible reasons is subject to change.
    • Each invocation of this argument appends the given value to the array.
  • reasons=consetetur
    • Output only. Reasons contributing to the risk analysis verdict.
    • Each invocation of this argument appends the given value to the array.

  • score=0.7759968264300798

    • Output only. Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic).

  • ..token-properties action=sed

    • Output only. Action name provided at token generation.
  • android-package-name=takimata
    • Output only. The name of the Android package with which the token was generated (Android keys only).
  • create-time=dolores
    • Output only. The timestamp corresponding to the generation of the token.
  • hostname=gubergren
    • Output only. The hostname of the page on which the token was generated (Web keys only).
  • invalid-reason=et
    • Output only. Reason associated with the response when valid = false.
  • ios-bundle-id=accusam
    • Output only. The ID of the iOS bundle with which the token was generated (iOS keys only).
  • valid=false
    • Output only. Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment).

About Cursors

The cursor position is key to comfortably set complex nested structures. The following rules apply:

  • The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o .
  • The cursor position is set relative to the top-level structure if it starts with ., e.g. -r .s.s
  • You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar.
  • You can move the cursor one level up by using ... Each additional . moves it up one additional level. E.g. ... would go three levels up.

Optional Output Flags

The method's return value a JSON encoded structure, which will be written to standard output by default.

  • -o out
    • out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.

Optional General Properties

The following properties can configure any call, and are not specific to this method.

  • -p $-xgafv=string

    • V1 error format.

  • -p access-token=string

    • OAuth access token.

  • -p alt=string

    • Data format for response.

  • -p callback=string

    • JSONP

  • -p fields=string

    • Selector specifying which fields to include in a partial response.

  • -p key=string

    • API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

  • -p oauth-token=string

    • OAuth 2.0 token for the current user.

  • -p pretty-print=boolean

    • Returns response with indentations and line breaks.

  • -p quota-user=string

    • Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • -p upload-type=string

    • Legacy upload protocol for media (e.g. "media", "multipart").

  • -p upload-protocol=string

    • Upload protocol for media (e.g. "raw", "multipart").