annotate(name, body=None, x__xgafv=None)
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fraudulent.
Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates an Assessment of the likelihood an event is legitimate.
annotate(name, body=None, x__xgafv=None)
Annotates a previously created Assessment to provide additional information on whether the event turned out to be authentic or fraudulent. Args: name: string, Required. The resource name of the Assessment, in the format "projects/{project}/assessments/{assessment}". (required) body: object, The request body. The object takes the form of: { # The request message to annotate an Assessment. "annotation": "A String", # Optional. The annotation that will be assigned to the Event. This field can be left empty to provide reasons that apply to an event without concluding whether the event is legitimate or fraudulent. "hashedAccountId": "A String", # Optional. Unique stable hashed user identifier to apply to the assessment. This is an alternative to setting the hashed_account_id in CreateAssessment, for example when the account identifier is not yet known in the initial request. It is recommended that the identifier is hashed using hmac-sha256 with stable secret. "reasons": [ # Optional. Optional reasons for the annotation that will be assigned to the Event. "A String", ], "transactionEvent": { # Describes an event in the lifecycle of a payment transaction. # Optional. If the assessment is part of a payment transaction, provide details on payment lifecycle events that occur in the transaction. "eventTime": "A String", # Optional. Timestamp when this transaction event occurred; otherwise assumed to be the time of the API call. "eventType": "A String", # Optional. The type of this transaction event. "reason": "A String", # Optional. The reason or standardized code that corresponds with this transaction event, if one exists. For example, a CHARGEBACK event with code 6005. "value": 3.14, # Optional. The value that corresponds with this transaction event, if one exists. For example, a refund event where $5.00 was refunded. Currency is obtained from the original transaction data. }, } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Empty response for AnnotateAssessment. }
close()
Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates an Assessment of the likelihood an event is legitimate. Args: parent: string, Required. The name of the project in which the assessment will be created, in the format "projects/{project}". (required) body: object, The request body. The object takes the form of: { # A reCAPTCHA Enterprise assessment resource. "accountDefenderAssessment": { # Account defender risk assessment. # Assessment returned by account defender when a hashed_account_id is provided. "labels": [ # Labels for this request. "A String", ], }, "accountVerification": { # Information about account verification, used for identity verification. # Account verification information for identity verification. The assessment event must include a token and site key to use this feature. "endpoints": [ # Endpoints that can be used for identity verification. { # Information about a verification endpoint that can be used for 2FA. "emailAddress": "A String", # Email address for which to trigger a verification request. "lastVerificationTime": "A String", # Output only. Timestamp of the last successful verification for the endpoint, if any. "phoneNumber": "A String", # Phone number for which to trigger a verification request. Should be given in E.164 format. "requestToken": "A String", # Output only. Token to provide to the client to trigger endpoint verification. It must be used within 15 minutes. }, ], "languageCode": "A String", # Language code preference for the verification message, set as a IETF BCP 47 language code. "latestVerificationResult": "A String", # Output only. Result of the latest account verification challenge. "username": "A String", # Username of the account that is being verified. Deprecated. Customers should now provide the hashed account ID field in Event. }, "event": { # The event being assessed. # The event being assessed. "expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise. "express": True or False, # Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS. "firewallPolicyEvaluation": True or False, # Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response. "hashedAccountId": "A String", # Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret. "headers": [ # Optional. HTTP header information about the request. "A String", ], "ja3": "A String", # Optional. Optional JA3 fingerprint for SSL clients. "requestedUri": "A String", # Optional. The URI resource the user requested that triggered an assessment. "siteKey": "A String", # Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token. "token": "A String", # Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site. "transactionData": { # Transaction data associated with a payment protected by reCAPTCHA Enterprise. All fields are optional. # Optional. Data describing a payment transaction to be assessed. Sending this data enables reCAPTCHA Enterprise Fraud Prevention and the FraudPreventionAssessment component in the response. "billingAddress": { # Structured address format for billing and shipping addresses. # Address associated with the payment method when applicable. "address": [ # The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number. "A String", ], "administrativeArea": "A String", # The state, province, or otherwise administrative area of the address. "locality": "A String", # The town/city of the address. "postalCode": "A String", # The postal or ZIP code of the address. "recipient": "A String", # The recipient name, potentially including information such as "care of". "regionCode": "A String", # The CLDR country/region of the address. }, "cardBin": "A String", # The Bank Identification Number - generally the first 6 or 8 digits of the card. "cardLastFour": "A String", # The last four digits of the card. "currencyCode": "A String", # The currency code in ISO-4217 format. "gatewayInfo": { # Details about the transaction from the gateway. # Information about the payment gateway's response to the transaction. "avsResponseCode": "A String", # AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization). "cvvResponseCode": "A String", # CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization). "gatewayResponseCode": "A String", # Gateway response code describing the state of the transaction. "name": "A String", # Name of the gateway service (for example, stripe, square, paypal). }, "items": [ # Items purchased in this transaction. { # Line items being purchased in this transaction. "merchantAccountId": "A String", # When a merchant is specified, its corresponding account_id. Necessary to populate marketplace-style transactions. "name": "A String", # The full name of the item. "quantity": "A String", # The quantity of this item that is being purchased. "value": 3.14, # The value per item that the user is paying, in the transaction currency, after discounts. }, ], "merchants": [ # Information about the user or users fulfilling the transaction. { # Details about a user's account involved in the transaction. "accountId": "A String", # Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account. "creationMs": "A String", # The epoch milliseconds of the user's account creation. "email": "A String", # The email address of the user. "emailVerified": True or False, # Whether the email has been verified to be accessible by the user (OTP or similar). "phoneNumber": "A String", # The phone number of the user, with country code. "phoneVerified": True or False, # Whether the phone number has been verified to be accessible by the user (OTP or similar). }, ], "paymentMethod": "A String", # The payment method for the transaction. The allowed values are: * credit-card * debit-card * gift-card * processor-{name} (If a third-party is used, for example, processor-paypal) * custom-{name} (If an alternative method is used, for example, custom-crypto) "shippingAddress": { # Structured address format for billing and shipping addresses. # Destination address if this transaction involves shipping a physical item. "address": [ # The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number. "A String", ], "administrativeArea": "A String", # The state, province, or otherwise administrative area of the address. "locality": "A String", # The town/city of the address. "postalCode": "A String", # The postal or ZIP code of the address. "recipient": "A String", # The recipient name, potentially including information such as "care of". "regionCode": "A String", # The CLDR country/region of the address. }, "shippingValue": 3.14, # The value of shipping in the specified currency. 0 for free or no shipping. "transactionId": "A String", # Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id. "user": { # Details about a user's account involved in the transaction. # Information about the user paying/initiating the transaction. "accountId": "A String", # Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account. "creationMs": "A String", # The epoch milliseconds of the user's account creation. "email": "A String", # The email address of the user. "emailVerified": True or False, # Whether the email has been verified to be accessible by the user (OTP or similar). "phoneNumber": "A String", # The phone number of the user, with country code. "phoneVerified": True or False, # Whether the phone number has been verified to be accessible by the user (OTP or similar). }, "value": 3.14, # The decimal value of the transaction in the specified currency. }, "userAgent": "A String", # Optional. The user agent present in the request from the user's device related to this event. "userIpAddress": "A String", # Optional. The IP address in the request from the user's device related to this event. "wafTokenAssessment": True or False, # Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key. }, "firewallPolicyAssessment": { # Policy config assessment. # Assessment returned when firewall policies belonging to the project are evaluated using the field firewall_policy_evaluation. "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # If the processing of a policy config fails, an error will be populated and the firewall_policy will be left empty. "code": 42, # The status code, which should be an enum value of google.rpc.Code. "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use. { "a_key": "", # Properties of the object. Contains field @type with type URL. }, ], "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. }, "firewallPolicy": { # A FirewallPolicy represents a single matching pattern and resulting actions to take. # Output only. The policy that matched the request. If more than one policy may match, this is the first match. If no policy matches the incoming request, the policy field will be left empty. "actions": [ # The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as AllowAction, BlockAction or SubstituteAction. Zero or more non-terminal actions such as SetHeader might be specified. A single policy can contain up to 16 actions. { # An individual action. Each action represents what to do if a policy matches. "allow": { # An allow action continues processing a request unimpeded. # The user request did not match any policy and should be allowed access to the requested resource. }, "block": { # A block action serves an HTTP error code a prevents the request from hitting the backend. # This action will deny access to a given page. The user will get an HTTP error code. }, "redirect": { # A redirect action returns a 307 (temporary redirect) response, pointing the user to a ReCaptcha interstitial page to attach a token. # This action will redirect the request to a ReCaptcha interstitial to attach a token. }, "setHeader": { # A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend. # This action will set a custom header but allow the request to continue to the customer backend. "key": "A String", # The header key to set in the request to the backend server. "value": "A String", # The header value to set in the request to the backend server. }, "substitute": { # A substitute action transparently serves a different page than the one requested. # This action will transparently serve a different page to an offending user. "path": "A String", # The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html". }, }, ], "condition": "A String", # A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the [CEL spec](https://github.com/google/cel-spec) and its [language definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md). A condition has a max length of 500 characters. "description": "A String", # A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters. "name": "A String", # The resource name for the FirewallPolicy in the format "projects/{project}/firewallpolicies/{firewallpolicy}". "path": "A String", # The path for which this policy applies, specified as a glob pattern. For more information on glob, see the [manual page](https://man7.org/linux/man-pages/man7/glob.7.html). A path has a max length of 200 characters. }, }, "fraudPreventionAssessment": { # Assessment for Fraud Prevention. # Assessment returned by Fraud Prevention when TransactionData is provided. "behavioralTrustVerdict": { # Information about behavioral trust of the transaction. # Assessment of this transaction for behavioral trust. "trust": 3.14, # Probability of this transaction attempt being executed in a behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0 (highest). }, "cardTestingVerdict": { # Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details. # Assessment of this transaction for risk of being part of a card testing attack. "risk": 3.14, # Probability of this transaction attempt being part of a card testing attack. Values are from 0.0 (lowest) to 1.0 (highest). }, "stolenInstrumentVerdict": { # Information about stolen instrument fraud, where the user is not the legitimate owner of the instrument being used for the purchase. # Assessment of this transaction for risk of a stolen instrument. "risk": 3.14, # Probability of this transaction being executed with a stolen instrument. Values are from 0.0 (lowest) to 1.0 (highest). }, "transactionRisk": 3.14, # Probability of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. Values are from 0.0 (lowest) to 1.0 (highest). }, "name": "A String", # Output only. The resource name for the Assessment in the format "projects/{project}/assessments/{assessment}". "privatePasswordLeakVerification": { # Private password leak verification info. # The private password leak verification field contains the parameters that are used to to check for leaks privately without sharing user credentials. "encryptedLeakMatchPrefixes": [ # Output only. List of prefixes of the encrypted potential password leaks that matched the given parameters. They must be compared with the client-side decryption prefix of `reencrypted_user_credentials_hash` "A String", ], "encryptedUserCredentialsHash": "A String", # Optional. Encrypted Scrypt hash of the canonicalized username+password. It is re-encrypted by the server and returned through `reencrypted_user_credentials_hash`. "lookupHashPrefix": "A String", # Optional. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It is used to look up password leaks associated with that hash prefix. "reencryptedUserCredentialsHash": "A String", # Output only. Corresponds to the re-encryption of the `encrypted_user_credentials_hash` field. It is used to match potential password leaks within `encrypted_leak_match_prefixes`. }, "riskAnalysis": { # Risk analysis result for an event. # Output only. The risk analysis result for the event being assessed. "extendedVerdictReasons": [ # Extended verdict reasons to be used for experimentation only. The set of possible reasons is subject to change. "A String", ], "reasons": [ # Reasons contributing to the risk analysis verdict. "A String", ], "score": 3.14, # Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic). }, "tokenProperties": { # Properties of the provided event token. # Output only. Properties of the provided event token. "action": "A String", # Action name provided at token generation. "androidPackageName": "A String", # The name of the Android package with which the token was generated (Android keys only). "createTime": "A String", # The timestamp corresponding to the generation of the token. "hostname": "A String", # The hostname of the page on which the token was generated (Web keys only). "invalidReason": "A String", # Reason associated with the response when valid = false. "iosBundleId": "A String", # The ID of the iOS bundle with which the token was generated (iOS keys only). "valid": True or False, # Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment). }, } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A reCAPTCHA Enterprise assessment resource. "accountDefenderAssessment": { # Account defender risk assessment. # Assessment returned by account defender when a hashed_account_id is provided. "labels": [ # Labels for this request. "A String", ], }, "accountVerification": { # Information about account verification, used for identity verification. # Account verification information for identity verification. The assessment event must include a token and site key to use this feature. "endpoints": [ # Endpoints that can be used for identity verification. { # Information about a verification endpoint that can be used for 2FA. "emailAddress": "A String", # Email address for which to trigger a verification request. "lastVerificationTime": "A String", # Output only. Timestamp of the last successful verification for the endpoint, if any. "phoneNumber": "A String", # Phone number for which to trigger a verification request. Should be given in E.164 format. "requestToken": "A String", # Output only. Token to provide to the client to trigger endpoint verification. It must be used within 15 minutes. }, ], "languageCode": "A String", # Language code preference for the verification message, set as a IETF BCP 47 language code. "latestVerificationResult": "A String", # Output only. Result of the latest account verification challenge. "username": "A String", # Username of the account that is being verified. Deprecated. Customers should now provide the hashed account ID field in Event. }, "event": { # The event being assessed. # The event being assessed. "expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise. "express": True or False, # Optional. Flag for a reCAPTCHA express request for an assessment without a token. If enabled, `site_key` must reference a SCORE key with WAF feature set to EXPRESS. "firewallPolicyEvaluation": True or False, # Optional. Flag for enabling firewall policy config assessment. If this flag is enabled, the firewall policy will be evaluated and a suggested firewall action will be returned in the response. "hashedAccountId": "A String", # Optional. Unique stable hashed user identifier for the request. The identifier must be hashed using hmac-sha256 with stable secret. "headers": [ # Optional. HTTP header information about the request. "A String", ], "ja3": "A String", # Optional. Optional JA3 fingerprint for SSL clients. "requestedUri": "A String", # Optional. The URI resource the user requested that triggered an assessment. "siteKey": "A String", # Optional. The site key that was used to invoke reCAPTCHA Enterprise on your site and generate the token. "token": "A String", # Optional. The user response token provided by the reCAPTCHA Enterprise client-side integration on your site. "transactionData": { # Transaction data associated with a payment protected by reCAPTCHA Enterprise. All fields are optional. # Optional. Data describing a payment transaction to be assessed. Sending this data enables reCAPTCHA Enterprise Fraud Prevention and the FraudPreventionAssessment component in the response. "billingAddress": { # Structured address format for billing and shipping addresses. # Address associated with the payment method when applicable. "address": [ # The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number. "A String", ], "administrativeArea": "A String", # The state, province, or otherwise administrative area of the address. "locality": "A String", # The town/city of the address. "postalCode": "A String", # The postal or ZIP code of the address. "recipient": "A String", # The recipient name, potentially including information such as "care of". "regionCode": "A String", # The CLDR country/region of the address. }, "cardBin": "A String", # The Bank Identification Number - generally the first 6 or 8 digits of the card. "cardLastFour": "A String", # The last four digits of the card. "currencyCode": "A String", # The currency code in ISO-4217 format. "gatewayInfo": { # Details about the transaction from the gateway. # Information about the payment gateway's response to the transaction. "avsResponseCode": "A String", # AVS response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization). "cvvResponseCode": "A String", # CVV response code from the gateway (available only when reCAPTCHA Enterprise is called after authorization). "gatewayResponseCode": "A String", # Gateway response code describing the state of the transaction. "name": "A String", # Name of the gateway service (for example, stripe, square, paypal). }, "items": [ # Items purchased in this transaction. { # Line items being purchased in this transaction. "merchantAccountId": "A String", # When a merchant is specified, its corresponding account_id. Necessary to populate marketplace-style transactions. "name": "A String", # The full name of the item. "quantity": "A String", # The quantity of this item that is being purchased. "value": 3.14, # The value per item that the user is paying, in the transaction currency, after discounts. }, ], "merchants": [ # Information about the user or users fulfilling the transaction. { # Details about a user's account involved in the transaction. "accountId": "A String", # Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account. "creationMs": "A String", # The epoch milliseconds of the user's account creation. "email": "A String", # The email address of the user. "emailVerified": True or False, # Whether the email has been verified to be accessible by the user (OTP or similar). "phoneNumber": "A String", # The phone number of the user, with country code. "phoneVerified": True or False, # Whether the phone number has been verified to be accessible by the user (OTP or similar). }, ], "paymentMethod": "A String", # The payment method for the transaction. The allowed values are: * credit-card * debit-card * gift-card * processor-{name} (If a third-party is used, for example, processor-paypal) * custom-{name} (If an alternative method is used, for example, custom-crypto) "shippingAddress": { # Structured address format for billing and shipping addresses. # Destination address if this transaction involves shipping a physical item. "address": [ # The first lines of the address. The first line generally contains the street name and number, and further lines may include information such as an apartment number. "A String", ], "administrativeArea": "A String", # The state, province, or otherwise administrative area of the address. "locality": "A String", # The town/city of the address. "postalCode": "A String", # The postal or ZIP code of the address. "recipient": "A String", # The recipient name, potentially including information such as "care of". "regionCode": "A String", # The CLDR country/region of the address. }, "shippingValue": 3.14, # The value of shipping in the specified currency. 0 for free or no shipping. "transactionId": "A String", # Unique identifier for the transaction. This custom identifier can be used to reference this transaction in the future, for example, labeling a refund or chargeback event. Two attempts at the same transaction should use the same transaction id. "user": { # Details about a user's account involved in the transaction. # Information about the user paying/initiating the transaction. "accountId": "A String", # Unique account identifier for this user. If using account defender, this should match the hashed_account_id field. Otherwise, a unique and persistent identifier for this account. "creationMs": "A String", # The epoch milliseconds of the user's account creation. "email": "A String", # The email address of the user. "emailVerified": True or False, # Whether the email has been verified to be accessible by the user (OTP or similar). "phoneNumber": "A String", # The phone number of the user, with country code. "phoneVerified": True or False, # Whether the phone number has been verified to be accessible by the user (OTP or similar). }, "value": 3.14, # The decimal value of the transaction in the specified currency. }, "userAgent": "A String", # Optional. The user agent present in the request from the user's device related to this event. "userIpAddress": "A String", # Optional. The IP address in the request from the user's device related to this event. "wafTokenAssessment": True or False, # Optional. Flag for running WAF token assessment. If enabled, the token must be specified, and have been created by a WAF-enabled key. }, "firewallPolicyAssessment": { # Policy config assessment. # Assessment returned when firewall policies belonging to the project are evaluated using the field firewall_policy_evaluation. "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # If the processing of a policy config fails, an error will be populated and the firewall_policy will be left empty. "code": 42, # The status code, which should be an enum value of google.rpc.Code. "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use. { "a_key": "", # Properties of the object. Contains field @type with type URL. }, ], "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. }, "firewallPolicy": { # A FirewallPolicy represents a single matching pattern and resulting actions to take. # Output only. The policy that matched the request. If more than one policy may match, this is the first match. If no policy matches the incoming request, the policy field will be left empty. "actions": [ # The actions that the caller should take regarding user access. There should be at most one terminal action. A terminal action is any action that forces a response, such as AllowAction, BlockAction or SubstituteAction. Zero or more non-terminal actions such as SetHeader might be specified. A single policy can contain up to 16 actions. { # An individual action. Each action represents what to do if a policy matches. "allow": { # An allow action continues processing a request unimpeded. # The user request did not match any policy and should be allowed access to the requested resource. }, "block": { # A block action serves an HTTP error code a prevents the request from hitting the backend. # This action will deny access to a given page. The user will get an HTTP error code. }, "redirect": { # A redirect action returns a 307 (temporary redirect) response, pointing the user to a ReCaptcha interstitial page to attach a token. # This action will redirect the request to a ReCaptcha interstitial to attach a token. }, "setHeader": { # A set header action sets a header and forwards the request to the backend. This can be used to trigger custom protection implemented on the backend. # This action will set a custom header but allow the request to continue to the customer backend. "key": "A String", # The header key to set in the request to the backend server. "value": "A String", # The header value to set in the request to the backend server. }, "substitute": { # A substitute action transparently serves a different page than the one requested. # This action will transparently serve a different page to an offending user. "path": "A String", # The address to redirect to. The target is a relative path in the current host. Example: "/blog/404.html". }, }, ], "condition": "A String", # A CEL (Common Expression Language) conditional expression that specifies if this policy applies to an incoming user request. If this condition evaluates to true and the requested path matched the path pattern, the associated actions should be executed by the caller. The condition string is checked for CEL syntax correctness on creation. For more information, see the [CEL spec](https://github.com/google/cel-spec) and its [language definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md). A condition has a max length of 500 characters. "description": "A String", # A description of what this policy aims to achieve, for convenience purposes. The description can at most include 256 UTF-8 characters. "name": "A String", # The resource name for the FirewallPolicy in the format "projects/{project}/firewallpolicies/{firewallpolicy}". "path": "A String", # The path for which this policy applies, specified as a glob pattern. For more information on glob, see the [manual page](https://man7.org/linux/man-pages/man7/glob.7.html). A path has a max length of 200 characters. }, }, "fraudPreventionAssessment": { # Assessment for Fraud Prevention. # Assessment returned by Fraud Prevention when TransactionData is provided. "behavioralTrustVerdict": { # Information about behavioral trust of the transaction. # Assessment of this transaction for behavioral trust. "trust": 3.14, # Probability of this transaction attempt being executed in a behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0 (highest). }, "cardTestingVerdict": { # Information about card testing fraud, where an adversary is testing fraudulently obtained cards or brute forcing their details. # Assessment of this transaction for risk of being part of a card testing attack. "risk": 3.14, # Probability of this transaction attempt being part of a card testing attack. Values are from 0.0 (lowest) to 1.0 (highest). }, "stolenInstrumentVerdict": { # Information about stolen instrument fraud, where the user is not the legitimate owner of the instrument being used for the purchase. # Assessment of this transaction for risk of a stolen instrument. "risk": 3.14, # Probability of this transaction being executed with a stolen instrument. Values are from 0.0 (lowest) to 1.0 (highest). }, "transactionRisk": 3.14, # Probability of this transaction being fraudulent. Summarizes the combined risk of attack vectors below. Values are from 0.0 (lowest) to 1.0 (highest). }, "name": "A String", # Output only. The resource name for the Assessment in the format "projects/{project}/assessments/{assessment}". "privatePasswordLeakVerification": { # Private password leak verification info. # The private password leak verification field contains the parameters that are used to to check for leaks privately without sharing user credentials. "encryptedLeakMatchPrefixes": [ # Output only. List of prefixes of the encrypted potential password leaks that matched the given parameters. They must be compared with the client-side decryption prefix of `reencrypted_user_credentials_hash` "A String", ], "encryptedUserCredentialsHash": "A String", # Optional. Encrypted Scrypt hash of the canonicalized username+password. It is re-encrypted by the server and returned through `reencrypted_user_credentials_hash`. "lookupHashPrefix": "A String", # Optional. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It is used to look up password leaks associated with that hash prefix. "reencryptedUserCredentialsHash": "A String", # Output only. Corresponds to the re-encryption of the `encrypted_user_credentials_hash` field. It is used to match potential password leaks within `encrypted_leak_match_prefixes`. }, "riskAnalysis": { # Risk analysis result for an event. # Output only. The risk analysis result for the event being assessed. "extendedVerdictReasons": [ # Extended verdict reasons to be used for experimentation only. The set of possible reasons is subject to change. "A String", ], "reasons": [ # Reasons contributing to the risk analysis verdict. "A String", ], "score": 3.14, # Legitimate event score from 0.0 to 1.0. (1.0 means very likely legitimate traffic while 0.0 means very likely non-legitimate traffic). }, "tokenProperties": { # Properties of the provided event token. # Output only. Properties of the provided event token. "action": "A String", # Action name provided at token generation. "androidPackageName": "A String", # The name of the Android package with which the token was generated (Android keys only). "createTime": "A String", # The timestamp corresponding to the generation of the token. "hostname": "A String", # The hostname of the page on which the token was generated (Web keys only). "invalidReason": "A String", # Reason associated with the response when valid = false. "iosBundleId": "A String", # The ID of the iOS bundle with which the token was generated (iOS keys only). "valid": True or False, # Whether the provided user response token is valid. When valid = false, the reason could be specified in invalid_reason or it could also be due to a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey used to generate the token was different than the one specified in the assessment). }, }