You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/recaptchaenterprise_v1.projects.assessments.html
+76-4
Original file line number
Diff line number
Diff line change
@@ -154,9 +154,10 @@ <h3>Method Details</h3>
154
154
},
155
155
"event": { # The event being assessed. # The event being assessed.
156
156
"expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
157
-
"express": True or False, # Optional. Optional flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS.
157
+
"express": True or False, # Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS.
158
+
"firewallPolicyEvaluation": True or False, # Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response.
158
159
"hashedAccountId": "A String", # Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret.
159
-
"headers": [ # Optional. Optional HTTP header information about the request.
160
+
"headers": [ # Optional. HTTP header information about the request.
"userAgent": "A String", # Optional. The user agent present in the request from the user's device related to this event.
228
229
"userIpAddress": "A String", # Optional. The IP address in the request from the user's device related to this event.
230
+
"wafTokenAssessment": True or False, # Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key.
231
+
},
232
+
"firewallPolicyAssessment": { # Policy config assessment. # Assessment returned when firewall policies belonging to the project are evaluated using the field firewall_policy_evaluation.
233
+
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # If the processing of a policy config fails, an error will be populated and the firewall_policy will be left empty.
234
+
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
235
+
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
236
+
{
237
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
238
+
},
239
+
],
240
+
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
241
+
},
242
+
"firewallPolicy": { # A FirewallPolicy represents a single matching pattern and resulting actions to take. # Output only. The policy that matched the request. If more than one policy may match, this is the first match. If no policy matches the incoming request, the policy field will be left empty.
243
+
"actions": [ # The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as AllowAction, BlockAction or SubstituteAction. Zero or more non-terminal actions such as SetHeader might be specified. A single policy can contain up to 16 actions.
244
+
{ # An individual action. Each action represents what to do if a policy matches.
245
+
"allow": { # An allow action continues processing a request unimpeded. # The user request did not match any policy and should be allowed access to the requested resource.
246
+
},
247
+
"block": { # A block action serves an HTTP error code a prevents the request from hitting the backend. # This action will deny access to a given page. The user will get an HTTP error code.
248
+
},
249
+
"redirect": { # A redirect action returns a 307 (temporary redirect) response, pointing the user to a ReCaptcha interstitial page to attach a token. # This action will redirect the request to a ReCaptcha interstitial to attach a token.
250
+
},
251
+
"setHeader": { # A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend. # This action will set a custom header but allow the request to continue to the customer backend.
252
+
"key": "A String", # The header key to set in the request to the backend server.
253
+
"value": "A String", # The header value to set in the request to the backend server.
254
+
},
255
+
"substitute": { # A substitute action transparently serves a different page than the one requested. # This action will transparently serve a different page to an offending user.
256
+
"path": "A String", # The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html".
257
+
},
258
+
},
259
+
],
260
+
"condition": "A String", # A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the [CEL spec](https://github.com/google/cel-spec) and its [language definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md). A condition has a max length of 500 characters.
261
+
"description": "A String", # A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters.
262
+
"name": "A String", # The resource name for the FirewallPolicy in the format "projects/{project}/firewallpolicies/{firewallpolicy}".
263
+
"path": "A String", # The path for which this policy applies, specified as a glob pattern. For more information on glob, see the [manual page](https://man7.org/linux/man-pages/man7/glob.7.html). A path has a max length of 200 characters.
264
+
},
229
265
},
230
266
"fraudPreventionAssessment": { # Assessment for Fraud Prevention. # Assessment returned by Fraud Prevention when TransactionData is provided.
231
267
"cardTestingVerdict": { # Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details. # Assessment of this transaction for risk of being part of a card testing attack.
@@ -291,9 +327,10 @@ <h3>Method Details</h3>
291
327
},
292
328
"event": { # The event being assessed. # The event being assessed.
293
329
"expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
294
-
"express": True or False, # Optional. Optional flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS.
330
+
"express": True or False, # Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS.
331
+
"firewallPolicyEvaluation": True or False, # Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response.
295
332
"hashedAccountId": "A String", # Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret.
296
-
"headers": [ # Optional. Optional HTTP header information about the request.
333
+
"headers": [ # Optional. HTTP header information about the request.
"userAgent": "A String", # Optional. The user agent present in the request from the user's device related to this event.
365
402
"userIpAddress": "A String", # Optional. The IP address in the request from the user's device related to this event.
403
+
"wafTokenAssessment": True or False, # Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key.
404
+
},
405
+
"firewallPolicyAssessment": { # Policy config assessment. # Assessment returned when firewall policies belonging to the project are evaluated using the field firewall_policy_evaluation.
406
+
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # If the processing of a policy config fails, an error will be populated and the firewall_policy will be left empty.
407
+
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
408
+
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
409
+
{
410
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
411
+
},
412
+
],
413
+
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
414
+
},
415
+
"firewallPolicy": { # A FirewallPolicy represents a single matching pattern and resulting actions to take. # Output only. The policy that matched the request. If more than one policy may match, this is the first match. If no policy matches the incoming request, the policy field will be left empty.
416
+
"actions": [ # The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as AllowAction, BlockAction or SubstituteAction. Zero or more non-terminal actions such as SetHeader might be specified. A single policy can contain up to 16 actions.
417
+
{ # An individual action. Each action represents what to do if a policy matches.
418
+
"allow": { # An allow action continues processing a request unimpeded. # The user request did not match any policy and should be allowed access to the requested resource.
419
+
},
420
+
"block": { # A block action serves an HTTP error code a prevents the request from hitting the backend. # This action will deny access to a given page. The user will get an HTTP error code.
421
+
},
422
+
"redirect": { # A redirect action returns a 307 (temporary redirect) response, pointing the user to a ReCaptcha interstitial page to attach a token. # This action will redirect the request to a ReCaptcha interstitial to attach a token.
423
+
},
424
+
"setHeader": { # A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend. # This action will set a custom header but allow the request to continue to the customer backend.
425
+
"key": "A String", # The header key to set in the request to the backend server.
426
+
"value": "A String", # The header value to set in the request to the backend server.
427
+
},
428
+
"substitute": { # A substitute action transparently serves a different page than the one requested. # This action will transparently serve a different page to an offending user.
429
+
"path": "A String", # The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html".
430
+
},
431
+
},
432
+
],
433
+
"condition": "A String", # A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the [CEL spec](https://github.com/google/cel-spec) and its [language definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md). A condition has a max length of 500 characters.
434
+
"description": "A String", # A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters.
435
+
"name": "A String", # The resource name for the FirewallPolicy in the format "projects/{project}/firewallpolicies/{firewallpolicy}".
436
+
"path": "A String", # The path for which this policy applies, specified as a glob pattern. For more information on glob, see the [manual page](https://man7.org/linux/man-pages/man7/glob.7.html). A path has a max length of 200 characters.
437
+
},
366
438
},
367
439
"fraudPreventionAssessment": { # Assessment for Fraud Prevention. # Assessment returned by Fraud Prevention when TransactionData is provided.
368
440
"cardTestingVerdict": { # Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details. # Assessment of this transaction for risk of being part of a card testing attack.
0 commit comments