1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.recaptchaenterprise.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/field_info.proto"; 23import "google/api/resource.proto"; 24import "google/protobuf/empty.proto"; 25import "google/protobuf/field_mask.proto"; 26import "google/protobuf/timestamp.proto"; 27import "google/rpc/status.proto"; 28 29option csharp_namespace = "Google.Cloud.RecaptchaEnterprise.V1"; 30option go_package = "cloud.google.com/go/recaptchaenterprise/v2/apiv1/recaptchaenterprisepb;recaptchaenterprisepb"; 31option java_multiple_files = true; 32option java_outer_classname = "RecaptchaEnterpriseProto"; 33option java_package = "com.google.recaptchaenterprise.v1"; 34option objc_class_prefix = "GCRE"; 35option php_namespace = "Google\\Cloud\\RecaptchaEnterprise\\V1"; 36option ruby_package = "Google::Cloud::RecaptchaEnterprise::V1"; 37 38// Service to determine the likelihood an event is legitimate. 39service RecaptchaEnterpriseService { 40 option (google.api.default_host) = "recaptchaenterprise.googleapis.com"; 41 option (google.api.oauth_scopes) = 42 "https://www.googleapis.com/auth/cloud-platform"; 43 44 // Creates an Assessment of the likelihood an event is legitimate. 45 rpc CreateAssessment(CreateAssessmentRequest) returns (Assessment) { 46 option (google.api.http) = { 47 post: "/v1/{parent=projects/*}/assessments" 48 body: "assessment" 49 }; 50 option (google.api.method_signature) = "parent,assessment"; 51 } 52 53 // Annotates a previously created Assessment to provide additional information 54 // on whether the event turned out to be authentic or fraudulent. 55 rpc AnnotateAssessment(AnnotateAssessmentRequest) 56 returns (AnnotateAssessmentResponse) { 57 option (google.api.http) = { 58 post: "/v1/{name=projects/*/assessments/*}:annotate" 59 body: "*" 60 }; 61 option (google.api.method_signature) = "name,annotation"; 62 } 63 64 // Creates a new reCAPTCHA Enterprise key. 65 rpc CreateKey(CreateKeyRequest) returns (Key) { 66 option (google.api.http) = { 67 post: "/v1/{parent=projects/*}/keys" 68 body: "key" 69 }; 70 option (google.api.method_signature) = "parent,key"; 71 } 72 73 // Returns the list of all keys that belong to a project. 74 rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) { 75 option (google.api.http) = { 76 get: "/v1/{parent=projects/*}/keys" 77 }; 78 option (google.api.method_signature) = "parent"; 79 } 80 81 // Returns the secret key related to the specified public key. 82 // You must use the legacy secret key only in a 3rd party integration with 83 // legacy reCAPTCHA. 84 rpc RetrieveLegacySecretKey(RetrieveLegacySecretKeyRequest) 85 returns (RetrieveLegacySecretKeyResponse) { 86 option (google.api.http) = { 87 get: "/v1/{key=projects/*/keys/*}:retrieveLegacySecretKey" 88 }; 89 option (google.api.method_signature) = "key"; 90 } 91 92 // Returns the specified key. 93 rpc GetKey(GetKeyRequest) returns (Key) { 94 option (google.api.http) = { 95 get: "/v1/{name=projects/*/keys/*}" 96 }; 97 option (google.api.method_signature) = "name"; 98 } 99 100 // Updates the specified key. 101 rpc UpdateKey(UpdateKeyRequest) returns (Key) { 102 option (google.api.http) = { 103 patch: "/v1/{key.name=projects/*/keys/*}" 104 body: "key" 105 }; 106 option (google.api.method_signature) = "key,update_mask"; 107 } 108 109 // Deletes the specified key. 110 rpc DeleteKey(DeleteKeyRequest) returns (google.protobuf.Empty) { 111 option (google.api.http) = { 112 delete: "/v1/{name=projects/*/keys/*}" 113 }; 114 option (google.api.method_signature) = "name"; 115 } 116 117 // Migrates an existing key from reCAPTCHA to reCAPTCHA Enterprise. 118 // Once a key is migrated, it can be used from either product. SiteVerify 119 // requests are billed as CreateAssessment calls. You must be 120 // authenticated as one of the current owners of the reCAPTCHA Key, and 121 // your user must have the reCAPTCHA Enterprise Admin IAM role in the 122 // destination project. 123 rpc MigrateKey(MigrateKeyRequest) returns (Key) { 124 option (google.api.http) = { 125 post: "/v1/{name=projects/*/keys/*}:migrate" 126 body: "*" 127 }; 128 } 129 130 // Get some aggregated metrics for a Key. This data can be used to build 131 // dashboards. 132 rpc GetMetrics(GetMetricsRequest) returns (Metrics) { 133 option (google.api.http) = { 134 get: "/v1/{name=projects/*/keys/*/metrics}" 135 }; 136 option (google.api.method_signature) = "name"; 137 } 138 139 // Creates a new FirewallPolicy, specifying conditions at which reCAPTCHA 140 // Enterprise actions can be executed. 141 // A project may have a maximum of 1000 policies. 142 rpc CreateFirewallPolicy(CreateFirewallPolicyRequest) 143 returns (FirewallPolicy) { 144 option (google.api.http) = { 145 post: "/v1/{parent=projects/*}/firewallpolicies" 146 body: "firewall_policy" 147 }; 148 option (google.api.method_signature) = "parent,firewall_policy"; 149 } 150 151 // Returns the list of all firewall policies that belong to a project. 152 rpc ListFirewallPolicies(ListFirewallPoliciesRequest) 153 returns (ListFirewallPoliciesResponse) { 154 option (google.api.http) = { 155 get: "/v1/{parent=projects/*}/firewallpolicies" 156 }; 157 option (google.api.method_signature) = "parent"; 158 } 159 160 // Returns the specified firewall policy. 161 rpc GetFirewallPolicy(GetFirewallPolicyRequest) returns (FirewallPolicy) { 162 option (google.api.http) = { 163 get: "/v1/{name=projects/*/firewallpolicies/*}" 164 }; 165 option (google.api.method_signature) = "name"; 166 } 167 168 // Updates the specified firewall policy. 169 rpc UpdateFirewallPolicy(UpdateFirewallPolicyRequest) 170 returns (FirewallPolicy) { 171 option (google.api.http) = { 172 patch: "/v1/{firewall_policy.name=projects/*/firewallpolicies/*}" 173 body: "firewall_policy" 174 }; 175 option (google.api.method_signature) = "firewall_policy,update_mask"; 176 } 177 178 // Deletes the specified firewall policy. 179 rpc DeleteFirewallPolicy(DeleteFirewallPolicyRequest) 180 returns (google.protobuf.Empty) { 181 option (google.api.http) = { 182 delete: "/v1/{name=projects/*/firewallpolicies/*}" 183 }; 184 option (google.api.method_signature) = "name"; 185 } 186 187 // Reorders all firewall policies. 188 rpc ReorderFirewallPolicies(ReorderFirewallPoliciesRequest) 189 returns (ReorderFirewallPoliciesResponse) { 190 option (google.api.http) = { 191 post: "/v1/{parent=projects/*}/firewallpolicies:reorder" 192 body: "*" 193 }; 194 option (google.api.method_signature) = "parent,names"; 195 } 196 197 // List groups of related accounts. 198 rpc ListRelatedAccountGroups(ListRelatedAccountGroupsRequest) 199 returns (ListRelatedAccountGroupsResponse) { 200 option (google.api.http) = { 201 get: "/v1/{parent=projects/*}/relatedaccountgroups" 202 }; 203 option (google.api.method_signature) = "parent"; 204 } 205 206 // Get memberships in a group of related accounts. 207 rpc ListRelatedAccountGroupMemberships( 208 ListRelatedAccountGroupMembershipsRequest) 209 returns (ListRelatedAccountGroupMembershipsResponse) { 210 option (google.api.http) = { 211 get: "/v1/{parent=projects/*/relatedaccountgroups/*}/memberships" 212 }; 213 option (google.api.method_signature) = "parent"; 214 } 215 216 // Search group memberships related to a given account. 217 rpc SearchRelatedAccountGroupMemberships( 218 SearchRelatedAccountGroupMembershipsRequest) 219 returns (SearchRelatedAccountGroupMembershipsResponse) { 220 option (google.api.http) = { 221 post: "/v1/{project=projects/*}/relatedaccountgroupmemberships:search" 222 body: "*" 223 }; 224 option (google.api.method_signature) = "project,hashed_account_id"; 225 } 226} 227 228// The create assessment request message. 229message CreateAssessmentRequest { 230 // Required. The name of the project in which the assessment will be created, 231 // in the format `projects/{project}`. 232 string parent = 1 [ 233 (google.api.field_behavior) = REQUIRED, 234 (google.api.resource_reference) = { 235 type: "cloudresourcemanager.googleapis.com/Project" 236 } 237 ]; 238 239 // Required. The assessment details. 240 Assessment assessment = 2 [(google.api.field_behavior) = REQUIRED]; 241} 242 243// Describes an event in the lifecycle of a payment transaction. 244message TransactionEvent { 245 // Enum that represents an event in the payment transaction lifecycle. 246 enum TransactionEventType { 247 // Default, unspecified event type. 248 TRANSACTION_EVENT_TYPE_UNSPECIFIED = 0; 249 250 // Indicates that the transaction is approved by the merchant. The 251 // accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 252 // 'CYBERSOURCE', or 'MANUAL_REVIEW'. 253 MERCHANT_APPROVE = 1; 254 255 // Indicates that the transaction is denied and concluded due to risks 256 // detected by the merchant. The accompanying reasons can include terms such 257 // as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'. 258 MERCHANT_DENY = 2; 259 260 // Indicates that the transaction is being evaluated by a human, due to 261 // suspicion or risk. 262 MANUAL_REVIEW = 3; 263 264 // Indicates that the authorization attempt with the card issuer succeeded. 265 AUTHORIZATION = 4; 266 267 // Indicates that the authorization attempt with the card issuer failed. 268 // The accompanying reasons can include Visa's '54' indicating that the card 269 // is expired, or '82' indicating that the CVV is incorrect. 270 AUTHORIZATION_DECLINE = 5; 271 272 // Indicates that the transaction is completed because the funds were 273 // settled. 274 PAYMENT_CAPTURE = 6; 275 276 // Indicates that the transaction could not be completed because the funds 277 // were not settled. 278 PAYMENT_CAPTURE_DECLINE = 7; 279 280 // Indicates that the transaction has been canceled. Specify the reason 281 // for the cancellation. For example, 'INSUFFICIENT_INVENTORY'. 282 CANCEL = 8; 283 284 // Indicates that the merchant has received a chargeback inquiry due to 285 // fraud for the transaction, requesting additional information before a 286 // fraud chargeback is officially issued and a formal chargeback 287 // notification is sent. 288 CHARGEBACK_INQUIRY = 9; 289 290 // Indicates that the merchant has received a chargeback alert due to fraud 291 // for the transaction. The process of resolving the dispute without 292 // involving the payment network is started. 293 CHARGEBACK_ALERT = 10; 294 295 // Indicates that a fraud notification is issued for the transaction, sent 296 // by the payment instrument's issuing bank because the transaction appears 297 // to be fraudulent. We recommend including TC40 or SAFE data in the 298 // `reason` field for this event type. For partial chargebacks, we recommend 299 // that you include an amount in the `value` field. 300 FRAUD_NOTIFICATION = 11; 301 302 // Indicates that the merchant is informed by the payment network that the 303 // transaction has entered the chargeback process due to fraud. Reason code 304 // examples include Discover's '6005' and '6041'. For partial chargebacks, 305 // we recommend that you include an amount in the `value` field. 306 CHARGEBACK = 12; 307 308 // Indicates that the transaction has entered the chargeback process due to 309 // fraud, and that the merchant has chosen to enter representment. Reason 310 // examples include Discover's '6005' and '6041'. For partial chargebacks, 311 // we recommend that you include an amount in the `value` field. 312 CHARGEBACK_REPRESENTMENT = 13; 313 314 // Indicates that the transaction has had a fraud chargeback which was 315 // illegitimate and was reversed as a result. For partial chargebacks, we 316 // recommend that you include an amount in the `value` field. 317 CHARGEBACK_REVERSE = 14; 318 319 // Indicates that the merchant has received a refund for a completed 320 // transaction. For partial refunds, we recommend that you include an amount 321 // in the `value` field. Reason example: 'TAX_EXEMPT' (partial refund of 322 // exempt tax) 323 REFUND_REQUEST = 15; 324 325 // Indicates that the merchant has received a refund request for this 326 // transaction, but that they have declined it. For partial refunds, we 327 // recommend that you include an amount in the `value` field. Reason 328 // example: 'TAX_EXEMPT' (partial refund of exempt tax) 329 REFUND_DECLINE = 16; 330 331 // Indicates that the completed transaction was refunded by the merchant. 332 // For partial refunds, we recommend that you include an amount in the 333 // `value` field. Reason example: 'TAX_EXEMPT' (partial refund of exempt 334 // tax) 335 REFUND = 17; 336 337 // Indicates that the completed transaction was refunded by the merchant, 338 // and that this refund was reversed. For partial refunds, we recommend that 339 // you include an amount in the `value` field. 340 REFUND_REVERSE = 18; 341 } 342 343 // Optional. The type of this transaction event. 344 TransactionEventType event_type = 1 [(google.api.field_behavior) = OPTIONAL]; 345 346 // Optional. The reason or standardized code that corresponds with this 347 // transaction event, if one exists. For example, a CHARGEBACK event with code 348 // 6005. 349 string reason = 2 [(google.api.field_behavior) = OPTIONAL]; 350 351 // Optional. The value that corresponds with this transaction event, if one 352 // exists. For example, a refund event where $5.00 was refunded. Currency is 353 // obtained from the original transaction data. 354 double value = 3 [(google.api.field_behavior) = OPTIONAL]; 355 356 // Optional. Timestamp when this transaction event occurred; otherwise assumed 357 // to be the time of the API call. 358 google.protobuf.Timestamp event_time = 4 359 [(google.api.field_behavior) = OPTIONAL]; 360} 361 362// The request message to annotate an Assessment. 363message AnnotateAssessmentRequest { 364 // Enum that represents the types of annotations. 365 enum Annotation { 366 // Default unspecified type. 367 ANNOTATION_UNSPECIFIED = 0; 368 369 // Provides information that the event turned out to be legitimate. 370 LEGITIMATE = 1; 371 372 // Provides information that the event turned out to be fraudulent. 373 FRAUDULENT = 2; 374 375 // Provides information that the event was related to a login event in which 376 // the user typed the correct password. Deprecated, prefer indicating 377 // CORRECT_PASSWORD through the reasons field instead. 378 PASSWORD_CORRECT = 3 [deprecated = true]; 379 380 // Provides information that the event was related to a login event in which 381 // the user typed the incorrect password. Deprecated, prefer indicating 382 // INCORRECT_PASSWORD through the reasons field instead. 383 PASSWORD_INCORRECT = 4 [deprecated = true]; 384 } 385 386 // Enum that represents potential reasons for annotating an assessment. 387 enum Reason { 388 // Default unspecified reason. 389 REASON_UNSPECIFIED = 0; 390 391 // Indicates that the transaction had a chargeback issued with no other 392 // details. When possible, specify the type by using CHARGEBACK_FRAUD or 393 // CHARGEBACK_DISPUTE instead. 394 CHARGEBACK = 1; 395 396 // Indicates that the transaction had a chargeback issued related to an 397 // alleged unauthorized transaction from the cardholder's perspective (for 398 // example, the card number was stolen). 399 CHARGEBACK_FRAUD = 8; 400 401 // Indicates that the transaction had a chargeback issued related to the 402 // cardholder having provided their card details but allegedly not being 403 // satisfied with the purchase (for example, misrepresentation, attempted 404 // cancellation). 405 CHARGEBACK_DISPUTE = 9; 406 407 // Indicates that the completed payment transaction was refunded by the 408 // seller. 409 REFUND = 10; 410 411 // Indicates that the completed payment transaction was determined to be 412 // fraudulent by the seller, and was cancelled and refunded as a result. 413 REFUND_FRAUD = 11; 414 415 // Indicates that the payment transaction was accepted, and the user was 416 // charged. 417 TRANSACTION_ACCEPTED = 12; 418 419 // Indicates that the payment transaction was declined, for example due to 420 // invalid card details. 421 TRANSACTION_DECLINED = 13; 422 423 // Indicates the transaction associated with the assessment is suspected of 424 // being fraudulent based on the payment method, billing details, shipping 425 // address or other transaction information. 426 PAYMENT_HEURISTICS = 2; 427 428 // Indicates that the user was served a 2FA challenge. An old assessment 429 // with `ENUM_VALUES.INITIATED_TWO_FACTOR` reason that has not been 430 // overwritten with `PASSED_TWO_FACTOR` is treated as an abandoned 2FA flow. 431 // This is equivalent to `FAILED_TWO_FACTOR`. 432 INITIATED_TWO_FACTOR = 7; 433 434 // Indicates that the user passed a 2FA challenge. 435 PASSED_TWO_FACTOR = 3; 436 437 // Indicates that the user failed a 2FA challenge. 438 FAILED_TWO_FACTOR = 4; 439 440 // Indicates the user provided the correct password. 441 CORRECT_PASSWORD = 5; 442 443 // Indicates the user provided an incorrect password. 444 INCORRECT_PASSWORD = 6; 445 446 // Indicates that the user sent unwanted and abusive messages to other users 447 // of the platform, such as spam, scams, phishing, or social engineering. 448 SOCIAL_SPAM = 14; 449 } 450 451 // Required. The resource name of the Assessment, in the format 452 // `projects/{project}/assessments/{assessment}`. 453 string name = 1 [ 454 (google.api.field_behavior) = REQUIRED, 455 (google.api.resource_reference) = { 456 type: "recaptchaenterprise.googleapis.com/Assessment" 457 } 458 ]; 459 460 // Optional. The annotation that will be assigned to the Event. This field can 461 // be left empty to provide reasons that apply to an event without concluding 462 // whether the event is legitimate or fraudulent. 463 Annotation annotation = 2 [(google.api.field_behavior) = OPTIONAL]; 464 465 // Optional. Reasons for the annotation that are assigned to the event. 466 repeated Reason reasons = 3 [(google.api.field_behavior) = OPTIONAL]; 467 468 // Optional. A stable account identifier to apply to the assessment. This is 469 // an alternative to setting `account_id` in `CreateAssessment`, for example 470 // when a stable account identifier is not yet known in the initial request. 471 string account_id = 7 [(google.api.field_behavior) = OPTIONAL]; 472 473 // Optional. A stable hashed account identifier to apply to the assessment. 474 // This is an alternative to setting `hashed_account_id` in 475 // `CreateAssessment`, for example when a stable account identifier is not yet 476 // known in the initial request. 477 bytes hashed_account_id = 4 [(google.api.field_behavior) = OPTIONAL]; 478 479 // Optional. If the assessment is part of a payment transaction, provide 480 // details on payment lifecycle events that occur in the transaction. 481 TransactionEvent transaction_event = 5 482 [(google.api.field_behavior) = OPTIONAL]; 483} 484 485// Empty response for AnnotateAssessment. 486message AnnotateAssessmentResponse {} 487 488// Information about a verification endpoint that can be used for 2FA. 489message EndpointVerificationInfo { 490 oneof endpoint { 491 // Email address for which to trigger a verification request. 492 string email_address = 1; 493 494 // Phone number for which to trigger a verification request. Should be given 495 // in E.164 format. 496 string phone_number = 2; 497 } 498 499 // Output only. Token to provide to the client to trigger endpoint 500 // verification. It must be used within 15 minutes. 501 string request_token = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 502 503 // Output only. Timestamp of the last successful verification for the 504 // endpoint, if any. 505 google.protobuf.Timestamp last_verification_time = 4 506 [(google.api.field_behavior) = OUTPUT_ONLY]; 507} 508 509// Information about account verification, used for identity verification. 510message AccountVerificationInfo { 511 // Result of the account verification as contained in the verdict token issued 512 // at the end of the verification flow. 513 enum Result { 514 // No information about the latest account verification. 515 RESULT_UNSPECIFIED = 0; 516 517 // The user was successfully verified. This means the account verification 518 // challenge was successfully completed. 519 SUCCESS_USER_VERIFIED = 1; 520 521 // The user failed the verification challenge. 522 ERROR_USER_NOT_VERIFIED = 2; 523 524 // The site is not properly onboarded to use the account verification 525 // feature. 526 ERROR_SITE_ONBOARDING_INCOMPLETE = 3; 527 528 // The recipient is not allowed for account verification. This can occur 529 // during integration but should not occur in production. 530 ERROR_RECIPIENT_NOT_ALLOWED = 4; 531 532 // The recipient has already been sent too many verification codes in a 533 // short amount of time. 534 ERROR_RECIPIENT_ABUSE_LIMIT_EXHAUSTED = 5; 535 536 // The verification flow could not be completed due to a critical internal 537 // error. 538 ERROR_CRITICAL_INTERNAL = 6; 539 540 // The client has exceeded their two factor request quota for this period of 541 // time. 542 ERROR_CUSTOMER_QUOTA_EXHAUSTED = 7; 543 544 // The request cannot be processed at the time because of an incident. This 545 // bypass can be restricted to a problematic destination email domain, a 546 // customer, or could affect the entire service. 547 ERROR_VERIFICATION_BYPASSED = 8; 548 549 // The request parameters do not match with the token provided and cannot be 550 // processed. 551 ERROR_VERDICT_MISMATCH = 9; 552 } 553 554 // Optional. Endpoints that can be used for identity verification. 555 repeated EndpointVerificationInfo endpoints = 1 556 [(google.api.field_behavior) = OPTIONAL]; 557 558 // Optional. Language code preference for the verification message, set as a 559 // IETF BCP 47 language code. 560 string language_code = 3 [(google.api.field_behavior) = OPTIONAL]; 561 562 // Output only. Result of the latest account verification challenge. 563 Result latest_verification_result = 7 564 [(google.api.field_behavior) = OUTPUT_ONLY]; 565 566 // Username of the account that is being verified. Deprecated. Customers 567 // should now provide the `account_id` field in `event.user_info`. 568 string username = 2 [deprecated = true]; 569} 570 571// Private password leak verification info. 572message PrivatePasswordLeakVerification { 573 // Required. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized 574 // username. It is used to look up password leaks associated with that hash 575 // prefix. 576 bytes lookup_hash_prefix = 1 [(google.api.field_behavior) = REQUIRED]; 577 578 // Optional. Encrypted Scrypt hash of the canonicalized username+password. It 579 // is re-encrypted by the server and returned through 580 // `reencrypted_user_credentials_hash`. 581 bytes encrypted_user_credentials_hash = 2 582 [(google.api.field_behavior) = OPTIONAL]; 583 584 // Output only. List of prefixes of the encrypted potential password leaks 585 // that matched the given parameters. They must be compared with the 586 // client-side decryption prefix of `reencrypted_user_credentials_hash` 587 repeated bytes encrypted_leak_match_prefixes = 3 588 [(google.api.field_behavior) = OUTPUT_ONLY]; 589 590 // Output only. Corresponds to the re-encryption of the 591 // `encrypted_user_credentials_hash` field. It is used to match potential 592 // password leaks within `encrypted_leak_match_prefixes`. 593 bytes reencrypted_user_credentials_hash = 4 594 [(google.api.field_behavior) = OUTPUT_ONLY]; 595} 596 597// A reCAPTCHA Enterprise assessment resource. 598message Assessment { 599 option (google.api.resource) = { 600 type: "recaptchaenterprise.googleapis.com/Assessment" 601 pattern: "projects/{project}/assessments/{assessment}" 602 plural: "assessments" 603 singular: "assessment" 604 }; 605 606 // Output only. Identifier. The resource name for the Assessment in the format 607 // `projects/{project}/assessments/{assessment}`. 608 string name = 1 [ 609 (google.api.field_behavior) = OUTPUT_ONLY, 610 (google.api.field_behavior) = IDENTIFIER 611 ]; 612 613 // Optional. The event being assessed. 614 Event event = 2 [(google.api.field_behavior) = OPTIONAL]; 615 616 // Output only. The risk analysis result for the event being assessed. 617 RiskAnalysis risk_analysis = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 618 619 // Output only. Properties of the provided event token. 620 TokenProperties token_properties = 4 621 [(google.api.field_behavior) = OUTPUT_ONLY]; 622 623 // Optional. Account verification information for identity verification. The 624 // assessment event must include a token and site key to use this feature. 625 AccountVerificationInfo account_verification = 5 626 [(google.api.field_behavior) = OPTIONAL]; 627 628 // Output only. Assessment returned by account defender when an account 629 // identifier is provided. 630 AccountDefenderAssessment account_defender_assessment = 6 631 [(google.api.field_behavior) = OUTPUT_ONLY]; 632 633 // Optional. The private password leak verification field contains the 634 // parameters that are used to to check for leaks privately without sharing 635 // user credentials. 636 PrivatePasswordLeakVerification private_password_leak_verification = 8 637 [(google.api.field_behavior) = OPTIONAL]; 638 639 // Output only. Assessment returned when firewall policies belonging to the 640 // project are evaluated using the field firewall_policy_evaluation. 641 FirewallPolicyAssessment firewall_policy_assessment = 10 642 [(google.api.field_behavior) = OUTPUT_ONLY]; 643 644 // Output only. Assessment returned by Fraud Prevention when TransactionData 645 // is provided. 646 FraudPreventionAssessment fraud_prevention_assessment = 11 647 [(google.api.field_behavior) = OUTPUT_ONLY]; 648 649 // Output only. Fraud Signals specific to the users involved in a payment 650 // transaction. 651 FraudSignals fraud_signals = 13 [(google.api.field_behavior) = OUTPUT_ONLY]; 652} 653 654// The event being assessed. 655message Event { 656 // Setting that controls Fraud Prevention assessments. 657 enum FraudPrevention { 658 // Default, unspecified setting. If opted in for automatic detection, 659 // `fraud_prevention_assessment` is returned based on the request. 660 // Otherwise, `fraud_prevention_assessment` is returned if 661 // `transaction_data` is present in the `Event` and Fraud Prevention is 662 // enabled in the Google Cloud console. 663 FRAUD_PREVENTION_UNSPECIFIED = 0; 664 665 // Enable Fraud Prevention for this assessment, if Fraud Prevention is 666 // enabled in the Google Cloud console. 667 ENABLED = 1; 668 669 // Disable Fraud Prevention for this assessment, regardless of opt-in 670 // status or Google Cloud console settings. 671 DISABLED = 2; 672 } 673 674 // Optional. The user response token provided by the reCAPTCHA Enterprise 675 // client-side integration on your site. 676 string token = 1 [(google.api.field_behavior) = OPTIONAL]; 677 678 // Optional. The site key that was used to invoke reCAPTCHA Enterprise on your 679 // site and generate the token. 680 string site_key = 2 [(google.api.field_behavior) = OPTIONAL]; 681 682 // Optional. The user agent present in the request from the user's device 683 // related to this event. 684 string user_agent = 3 [(google.api.field_behavior) = OPTIONAL]; 685 686 // Optional. The IP address in the request from the user's device related to 687 // this event. 688 string user_ip_address = 4 [ 689 (google.api.field_info).format = IPV4_OR_IPV6, 690 (google.api.field_behavior) = OPTIONAL 691 ]; 692 693 // Optional. The expected action for this type of event. This should be the 694 // same action provided at token generation time on client-side platforms 695 // already integrated with recaptcha enterprise. 696 string expected_action = 5 [(google.api.field_behavior) = OPTIONAL]; 697 698 // Optional. Deprecated: use `user_info.account_id` instead. 699 // Unique stable hashed user identifier for the request. The identifier must 700 // be hashed using hmac-sha256 with stable secret. 701 bytes hashed_account_id = 6 702 [deprecated = true, (google.api.field_behavior) = OPTIONAL]; 703 704 // Optional. Flag for a reCAPTCHA express request for an assessment without a 705 // token. If enabled, `site_key` must reference a SCORE key with WAF feature 706 // set to EXPRESS. 707 bool express = 14 [(google.api.field_behavior) = OPTIONAL]; 708 709 // Optional. The URI resource the user requested that triggered an assessment. 710 string requested_uri = 8 [(google.api.field_behavior) = OPTIONAL]; 711 712 // Optional. Flag for running WAF token assessment. 713 // If enabled, the token must be specified, and have been created by a 714 // WAF-enabled key. 715 bool waf_token_assessment = 9 [(google.api.field_behavior) = OPTIONAL]; 716 717 // Optional. JA3 fingerprint for SSL clients. 718 string ja3 = 10 [(google.api.field_behavior) = OPTIONAL]; 719 720 // Optional. HTTP header information about the request. 721 repeated string headers = 11 [(google.api.field_behavior) = OPTIONAL]; 722 723 // Optional. Flag for enabling firewall policy config assessment. 724 // If this flag is enabled, the firewall policy will be evaluated and a 725 // suggested firewall action will be returned in the response. 726 bool firewall_policy_evaluation = 12 [(google.api.field_behavior) = OPTIONAL]; 727 728 // Optional. Data describing a payment transaction to be assessed. Sending 729 // this data enables reCAPTCHA Enterprise Fraud Prevention and the 730 // FraudPreventionAssessment component in the response. 731 TransactionData transaction_data = 13 732 [(google.api.field_behavior) = OPTIONAL]; 733 734 // Optional. Information about the user that generates this event, when they 735 // can be identified. They are often identified through the use of an account 736 // for logged-in requests or login/registration requests, or by providing user 737 // identifiers for guest actions like checkout. 738 UserInfo user_info = 15 [(google.api.field_behavior) = OPTIONAL]; 739 740 // Optional. The Fraud Prevention setting for this assessment. 741 FraudPrevention fraud_prevention = 17 742 [(google.api.field_behavior) = OPTIONAL]; 743} 744 745// Transaction data associated with a payment protected by reCAPTCHA Enterprise. 746message TransactionData { 747 // Structured address format for billing and shipping addresses. 748 message Address { 749 // Optional. The recipient name, potentially including information such as 750 // "care of". 751 string recipient = 1 [(google.api.field_behavior) = OPTIONAL]; 752 753 // Optional. The first lines of the address. The first line generally 754 // contains the street name and number, and further lines may include 755 // information such as an apartment number. 756 repeated string address = 2 [(google.api.field_behavior) = OPTIONAL]; 757 758 // Optional. The town/city of the address. 759 string locality = 3 [(google.api.field_behavior) = OPTIONAL]; 760 761 // Optional. The state, province, or otherwise administrative area of the 762 // address. 763 string administrative_area = 4 [(google.api.field_behavior) = OPTIONAL]; 764 765 // Optional. The CLDR country/region of the address. 766 string region_code = 5 [(google.api.field_behavior) = OPTIONAL]; 767 768 // Optional. The postal or ZIP code of the address. 769 string postal_code = 6 [(google.api.field_behavior) = OPTIONAL]; 770 } 771 772 // Details about a user's account involved in the transaction. 773 message User { 774 // Optional. Unique account identifier for this user. If using account 775 // defender, this should match the hashed_account_id field. Otherwise, a 776 // unique and persistent identifier for this account. 777 string account_id = 6 [(google.api.field_behavior) = OPTIONAL]; 778 779 // Optional. The epoch milliseconds of the user's account creation. 780 int64 creation_ms = 1 [(google.api.field_behavior) = OPTIONAL]; 781 782 // Optional. The email address of the user. 783 string email = 2 [(google.api.field_behavior) = OPTIONAL]; 784 785 // Optional. Whether the email has been verified to be accessible by the 786 // user (OTP or similar). 787 bool email_verified = 3 [(google.api.field_behavior) = OPTIONAL]; 788 789 // Optional. The phone number of the user, with country code. 790 string phone_number = 4 [(google.api.field_behavior) = OPTIONAL]; 791 792 // Optional. Whether the phone number has been verified to be accessible by 793 // the user (OTP or similar). 794 bool phone_verified = 5 [(google.api.field_behavior) = OPTIONAL]; 795 } 796 797 // Line items being purchased in this transaction. 798 message Item { 799 // Optional. The full name of the item. 800 string name = 1 [(google.api.field_behavior) = OPTIONAL]; 801 802 // Optional. The value per item that the user is paying, in the transaction 803 // currency, after discounts. 804 double value = 2 [(google.api.field_behavior) = OPTIONAL]; 805 806 // Optional. The quantity of this item that is being purchased. 807 int64 quantity = 3 [(google.api.field_behavior) = OPTIONAL]; 808 809 // Optional. When a merchant is specified, its corresponding account_id. 810 // Necessary to populate marketplace-style transactions. 811 string merchant_account_id = 4 [(google.api.field_behavior) = OPTIONAL]; 812 } 813 814 // Details about the transaction from the gateway. 815 message GatewayInfo { 816 // Optional. Name of the gateway service (for example, stripe, square, 817 // paypal). 818 string name = 1 [(google.api.field_behavior) = OPTIONAL]; 819 820 // Optional. Gateway response code describing the state of the transaction. 821 string gateway_response_code = 2 [(google.api.field_behavior) = OPTIONAL]; 822 823 // Optional. AVS response code from the gateway 824 // (available only when reCAPTCHA Enterprise is called after authorization). 825 string avs_response_code = 3 [(google.api.field_behavior) = OPTIONAL]; 826 827 // Optional. CVV response code from the gateway 828 // (available only when reCAPTCHA Enterprise is called after authorization). 829 string cvv_response_code = 4 [(google.api.field_behavior) = OPTIONAL]; 830 } 831 832 // Unique identifier for the transaction. This custom identifier can be used 833 // to reference this transaction in the future, for example, labeling a refund 834 // or chargeback event. Two attempts at the same transaction should use the 835 // same transaction id. 836 optional string transaction_id = 11; 837 838 // Optional. The payment method for the transaction. The allowed values are: 839 // 840 // * credit-card 841 // * debit-card 842 // * gift-card 843 // * processor-{name} (If a third-party is used, for example, 844 // processor-paypal) 845 // * custom-{name} (If an alternative method is used, for example, 846 // custom-crypto) 847 string payment_method = 1 [(google.api.field_behavior) = OPTIONAL]; 848 849 // Optional. The Bank Identification Number - generally the first 6 or 8 850 // digits of the card. 851 string card_bin = 2 [(google.api.field_behavior) = OPTIONAL]; 852 853 // Optional. The last four digits of the card. 854 string card_last_four = 3 [(google.api.field_behavior) = OPTIONAL]; 855 856 // Optional. The currency code in ISO-4217 format. 857 string currency_code = 4 [(google.api.field_behavior) = OPTIONAL]; 858 859 // Optional. The decimal value of the transaction in the specified currency. 860 double value = 5 [(google.api.field_behavior) = OPTIONAL]; 861 862 // Optional. The value of shipping in the specified currency. 0 for free or no 863 // shipping. 864 double shipping_value = 12 [(google.api.field_behavior) = OPTIONAL]; 865 866 // Optional. Destination address if this transaction involves shipping a 867 // physical item. 868 Address shipping_address = 6 [(google.api.field_behavior) = OPTIONAL]; 869 870 // Optional. Address associated with the payment method when applicable. 871 Address billing_address = 7 [(google.api.field_behavior) = OPTIONAL]; 872 873 // Optional. Information about the user paying/initiating the transaction. 874 User user = 8 [(google.api.field_behavior) = OPTIONAL]; 875 876 // Optional. Information about the user or users fulfilling the transaction. 877 repeated User merchants = 13 [(google.api.field_behavior) = OPTIONAL]; 878 879 // Optional. Items purchased in this transaction. 880 repeated Item items = 14 [(google.api.field_behavior) = OPTIONAL]; 881 882 // Optional. Information about the payment gateway's response to the 883 // transaction. 884 GatewayInfo gateway_info = 10 [(google.api.field_behavior) = OPTIONAL]; 885} 886 887// User information associated with a request protected by reCAPTCHA Enterprise. 888message UserInfo { 889 // Optional. Creation time for this account associated with this user. Leave 890 // blank for non logged-in actions, guest checkout, or when there is no 891 // account associated with the current user. 892 google.protobuf.Timestamp create_account_time = 1 893 [(google.api.field_behavior) = OPTIONAL]; 894 895 // Optional. For logged-in requests or login/registration requests, the unique 896 // account identifier associated with this user. You can use the username if 897 // it is stable (meaning it is the same for every request associated with the 898 // same user), or any stable user ID of your choice. Leave blank for non 899 // logged-in actions or guest checkout. 900 string account_id = 2 [(google.api.field_behavior) = OPTIONAL]; 901 902 // Optional. Identifiers associated with this user or request. 903 repeated UserId user_ids = 3 [(google.api.field_behavior) = OPTIONAL]; 904} 905 906// An identifier associated with a user. 907message UserId { 908 oneof id_oneof { 909 // Optional. An email address. 910 string email = 1 [(google.api.field_behavior) = OPTIONAL]; 911 912 // Optional. A phone number. Should use the E.164 format. 913 string phone_number = 2 [(google.api.field_behavior) = OPTIONAL]; 914 915 // Optional. A unique username, if different from all the other identifiers 916 // and `account_id` that are provided. Can be a unique login handle or 917 // display name for a user. 918 string username = 3 [(google.api.field_behavior) = OPTIONAL]; 919 } 920} 921 922// Risk analysis result for an event. 923message RiskAnalysis { 924 // Reasons contributing to the risk analysis verdict. 925 enum ClassificationReason { 926 // Default unspecified type. 927 CLASSIFICATION_REASON_UNSPECIFIED = 0; 928 929 // Interactions matched the behavior of an automated agent. 930 AUTOMATION = 1; 931 932 // The event originated from an illegitimate environment. 933 UNEXPECTED_ENVIRONMENT = 2; 934 935 // Traffic volume from the event source is higher than normal. 936 TOO_MUCH_TRAFFIC = 3; 937 938 // Interactions with the site were significantly different than expected 939 // patterns. 940 UNEXPECTED_USAGE_PATTERNS = 4; 941 942 // Too little traffic has been received from this site thus far to generate 943 // quality risk analysis. 944 LOW_CONFIDENCE_SCORE = 5; 945 946 // The request matches behavioral characteristics of a carding attack. 947 SUSPECTED_CARDING = 6; 948 949 // The request matches behavioral characteristics of chargebacks for fraud. 950 SUSPECTED_CHARGEBACK = 7; 951 } 952 953 // Output only. Legitimate event score from 0.0 to 1.0. 954 // (1.0 means very likely legitimate traffic while 0.0 means very likely 955 // non-legitimate traffic). 956 float score = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 957 958 // Output only. Reasons contributing to the risk analysis verdict. 959 repeated ClassificationReason reasons = 2 960 [(google.api.field_behavior) = OUTPUT_ONLY]; 961 962 // Output only. Extended verdict reasons to be used for experimentation only. 963 // The set of possible reasons is subject to change. 964 repeated string extended_verdict_reasons = 3 965 [(google.api.field_behavior) = OUTPUT_ONLY]; 966} 967 968// Properties of the provided event token. 969message TokenProperties { 970 // Enum that represents the types of invalid token reasons. 971 enum InvalidReason { 972 // Default unspecified type. 973 INVALID_REASON_UNSPECIFIED = 0; 974 975 // If the failure reason was not accounted for. 976 UNKNOWN_INVALID_REASON = 1; 977 978 // The provided user verification token was malformed. 979 MALFORMED = 2; 980 981 // The user verification token had expired. 982 EXPIRED = 3; 983 984 // The user verification had already been seen. 985 DUPE = 4; 986 987 // The user verification token was not present. 988 MISSING = 5; 989 990 // A retriable error (such as network failure) occurred on the browser. 991 // Could easily be simulated by an attacker. 992 BROWSER_ERROR = 6; 993 } 994 995 // Output only. Whether the provided user response token is valid. When valid 996 // = false, the reason could be specified in invalid_reason or it could also 997 // be due to a user failing to solve a challenge or a sitekey mismatch (i.e 998 // the sitekey used to generate the token was different than the one specified 999 // in the assessment). 1000 bool valid = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1001 1002 // Output only. Reason associated with the response when valid = false. 1003 InvalidReason invalid_reason = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 1004 1005 // Output only. The timestamp corresponding to the generation of the token. 1006 google.protobuf.Timestamp create_time = 3 1007 [(google.api.field_behavior) = OUTPUT_ONLY]; 1008 1009 // Output only. The hostname of the page on which the token was generated (Web 1010 // keys only). 1011 string hostname = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 1012 1013 // Output only. The name of the Android package with which the token was 1014 // generated (Android keys only). 1015 string android_package_name = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 1016 1017 // Output only. The ID of the iOS bundle with which the token was generated 1018 // (iOS keys only). 1019 string ios_bundle_id = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 1020 1021 // Output only. Action name provided at token generation. 1022 string action = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 1023} 1024 1025// Assessment for Fraud Prevention. 1026message FraudPreventionAssessment { 1027 // Information about stolen instrument fraud, where the user is not the 1028 // legitimate owner of the instrument being used for the purchase. 1029 message StolenInstrumentVerdict { 1030 // Output only. Probability of this transaction being executed with a stolen 1031 // instrument. Values are from 0.0 (lowest) to 1.0 (highest). 1032 float risk = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1033 } 1034 1035 // Information about card testing fraud, where an adversary is testing 1036 // fraudulently obtained cards or brute forcing their details. 1037 message CardTestingVerdict { 1038 // Output only. Probability of this transaction attempt being part of a card 1039 // testing attack. Values are from 0.0 (lowest) to 1.0 (highest). 1040 float risk = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1041 } 1042 1043 // Information about behavioral trust of the transaction. 1044 message BehavioralTrustVerdict { 1045 // Output only. Probability of this transaction attempt being executed in a 1046 // behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0 1047 // (highest). 1048 float trust = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1049 } 1050 1051 // Output only. Probability of this transaction being fraudulent. Summarizes 1052 // the combined risk of attack vectors below. Values are from 0.0 (lowest) 1053 // to 1.0 (highest). 1054 float transaction_risk = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1055 1056 // Output only. Assessment of this transaction for risk of a stolen 1057 // instrument. 1058 StolenInstrumentVerdict stolen_instrument_verdict = 2 1059 [(google.api.field_behavior) = OUTPUT_ONLY]; 1060 1061 // Output only. Assessment of this transaction for risk of being part of a 1062 // card testing attack. 1063 CardTestingVerdict card_testing_verdict = 3 1064 [(google.api.field_behavior) = OUTPUT_ONLY]; 1065 1066 // Output only. Assessment of this transaction for behavioral trust. 1067 BehavioralTrustVerdict behavioral_trust_verdict = 4 1068 [(google.api.field_behavior) = OUTPUT_ONLY]; 1069} 1070 1071// Fraud signals describing users and cards involved in the transaction. 1072message FraudSignals { 1073 // Signals describing the user involved in this transaction. 1074 message UserSignals { 1075 // Output only. This user (based on email, phone, and other identifiers) has 1076 // been seen on the internet for at least this number of days. 1077 int32 active_days_lower_bound = 1 1078 [(google.api.field_behavior) = OUTPUT_ONLY]; 1079 1080 // Output only. Likelihood (from 0.0 to 1.0) this user includes synthetic 1081 // components in their identity, such as a randomly generated email address, 1082 // temporary phone number, or fake shipping address. 1083 float synthetic_risk = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 1084 } 1085 1086 // Signals describing the payment card used in this transaction. 1087 message CardSignals { 1088 // Risk labels describing the card being assessed, such as its funding 1089 // mechanism. 1090 enum CardLabel { 1091 // No label specified. 1092 CARD_LABEL_UNSPECIFIED = 0; 1093 1094 // This card has been detected as prepaid. 1095 PREPAID = 1; 1096 1097 // This card has been detected as virtual, such as a card number generated 1098 // for a single transaction or merchant. 1099 VIRTUAL = 2; 1100 1101 // This card has been detected as being used in an unexpected geographic 1102 // location. 1103 UNEXPECTED_LOCATION = 3; 1104 } 1105 1106 // Output only. The labels for the payment card in this transaction. 1107 repeated CardLabel card_labels = 1 1108 [(google.api.field_behavior) = OUTPUT_ONLY]; 1109 } 1110 1111 // Output only. Signals describing the end user in this transaction. 1112 UserSignals user_signals = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 1113 1114 // Output only. Signals describing the payment card or cards used in this 1115 // transaction. 1116 CardSignals card_signals = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 1117} 1118 1119// Account defender risk assessment. 1120message AccountDefenderAssessment { 1121 // Labels returned by account defender for this request. 1122 enum AccountDefenderLabel { 1123 // Default unspecified type. 1124 ACCOUNT_DEFENDER_LABEL_UNSPECIFIED = 0; 1125 1126 // The request matches a known good profile for the user. 1127 PROFILE_MATCH = 1; 1128 1129 // The request is potentially a suspicious login event and must be further 1130 // verified either through multi-factor authentication or another system. 1131 SUSPICIOUS_LOGIN_ACTIVITY = 2; 1132 1133 // The request matched a profile that previously had suspicious account 1134 // creation behavior. This can mean that this is a fake account. 1135 SUSPICIOUS_ACCOUNT_CREATION = 3; 1136 1137 // The account in the request has a high number of related accounts. It does 1138 // not necessarily imply that the account is bad but can require further 1139 // investigation. 1140 RELATED_ACCOUNTS_NUMBER_HIGH = 4; 1141 } 1142 1143 // Output only. Labels for this request. 1144 repeated AccountDefenderLabel labels = 1 1145 [(google.api.field_behavior) = OUTPUT_ONLY]; 1146} 1147 1148// The create key request message. 1149message CreateKeyRequest { 1150 // Required. The name of the project in which the key will be created, in the 1151 // format `projects/{project}`. 1152 string parent = 1 [ 1153 (google.api.field_behavior) = REQUIRED, 1154 (google.api.resource_reference) = { 1155 type: "cloudresourcemanager.googleapis.com/Project" 1156 } 1157 ]; 1158 1159 // Required. Information to create a reCAPTCHA Enterprise key. 1160 Key key = 2 [(google.api.field_behavior) = REQUIRED]; 1161} 1162 1163// The list keys request message. 1164message ListKeysRequest { 1165 // Required. The name of the project that contains the keys that will be 1166 // listed, in the format `projects/{project}`. 1167 string parent = 1 [ 1168 (google.api.field_behavior) = REQUIRED, 1169 (google.api.resource_reference) = { 1170 type: "cloudresourcemanager.googleapis.com/Project" 1171 } 1172 ]; 1173 1174 // Optional. The maximum number of keys to return. Default is 10. Max limit is 1175 // 1000. 1176 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1177 1178 // Optional. The next_page_token value returned from a previous. 1179 // ListKeysRequest, if any. 1180 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1181} 1182 1183// Response to request to list keys in a project. 1184message ListKeysResponse { 1185 // Key details. 1186 repeated Key keys = 1; 1187 1188 // Token to retrieve the next page of results. It is set to empty if no keys 1189 // remain in results. 1190 string next_page_token = 2; 1191} 1192 1193// The retrieve legacy secret key request message. 1194message RetrieveLegacySecretKeyRequest { 1195 // Required. The public key name linked to the requested secret key in the 1196 // format `projects/{project}/keys/{key}`. 1197 string key = 1 [ 1198 (google.api.field_behavior) = REQUIRED, 1199 (google.api.resource_reference) = { 1200 type: "recaptchaenterprise.googleapis.com/Key" 1201 } 1202 ]; 1203} 1204 1205// The get key request message. 1206message GetKeyRequest { 1207 // Required. The name of the requested key, in the format 1208 // `projects/{project}/keys/{key}`. 1209 string name = 1 [ 1210 (google.api.field_behavior) = REQUIRED, 1211 (google.api.resource_reference) = { 1212 type: "recaptchaenterprise.googleapis.com/Key" 1213 } 1214 ]; 1215} 1216 1217// The update key request message. 1218message UpdateKeyRequest { 1219 // Required. The key to update. 1220 Key key = 1 [(google.api.field_behavior) = REQUIRED]; 1221 1222 // Optional. The mask to control which fields of the key get updated. If the 1223 // mask is not present, all fields will be updated. 1224 google.protobuf.FieldMask update_mask = 2 1225 [(google.api.field_behavior) = OPTIONAL]; 1226} 1227 1228// The delete key request message. 1229message DeleteKeyRequest { 1230 // Required. The name of the key to be deleted, in the format 1231 // `projects/{project}/keys/{key}`. 1232 string name = 1 [ 1233 (google.api.field_behavior) = REQUIRED, 1234 (google.api.resource_reference) = { 1235 type: "recaptchaenterprise.googleapis.com/Key" 1236 } 1237 ]; 1238} 1239 1240// The create firewall policy request message. 1241message CreateFirewallPolicyRequest { 1242 // Required. The name of the project this policy will apply to, in the format 1243 // `projects/{project}`. 1244 string parent = 1 [ 1245 (google.api.field_behavior) = REQUIRED, 1246 (google.api.resource_reference) = { 1247 type: "cloudresourcemanager.googleapis.com/Project" 1248 } 1249 ]; 1250 1251 // Required. Information to create the policy. 1252 FirewallPolicy firewall_policy = 2 [(google.api.field_behavior) = REQUIRED]; 1253} 1254 1255// The list firewall policies request message. 1256message ListFirewallPoliciesRequest { 1257 // Required. The name of the project to list the policies for, in the format 1258 // `projects/{project}`. 1259 string parent = 1 [ 1260 (google.api.field_behavior) = REQUIRED, 1261 (google.api.resource_reference) = { 1262 type: "cloudresourcemanager.googleapis.com/Project" 1263 } 1264 ]; 1265 1266 // Optional. The maximum number of policies to return. Default is 10. Max 1267 // limit is 1000. 1268 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1269 1270 // Optional. The next_page_token value returned from a previous. 1271 // ListFirewallPoliciesRequest, if any. 1272 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1273} 1274 1275// Response to request to list firewall policies belonging to a project. 1276message ListFirewallPoliciesResponse { 1277 // Policy details. 1278 repeated FirewallPolicy firewall_policies = 1; 1279 1280 // Token to retrieve the next page of results. It is set to empty if no 1281 // policies remain in results. 1282 string next_page_token = 2; 1283} 1284 1285// The get firewall policy request message. 1286message GetFirewallPolicyRequest { 1287 // Required. The name of the requested policy, in the format 1288 // `projects/{project}/firewallpolicies/{firewallpolicy}`. 1289 string name = 1 [ 1290 (google.api.field_behavior) = REQUIRED, 1291 (google.api.resource_reference) = { 1292 type: "recaptchaenterprise.googleapis.com/FirewallPolicy" 1293 } 1294 ]; 1295} 1296 1297// The update firewall policy request message. 1298message UpdateFirewallPolicyRequest { 1299 // Required. The policy to update. 1300 FirewallPolicy firewall_policy = 1 [(google.api.field_behavior) = REQUIRED]; 1301 1302 // Optional. The mask to control which fields of the policy get updated. If 1303 // the mask is not present, all fields will be updated. 1304 google.protobuf.FieldMask update_mask = 2 1305 [(google.api.field_behavior) = OPTIONAL]; 1306} 1307 1308// The delete firewall policy request message. 1309message DeleteFirewallPolicyRequest { 1310 // Required. The name of the policy to be deleted, in the format 1311 // `projects/{project}/firewallpolicies/{firewallpolicy}`. 1312 string name = 1 [ 1313 (google.api.field_behavior) = REQUIRED, 1314 (google.api.resource_reference) = { 1315 type: "recaptchaenterprise.googleapis.com/FirewallPolicy" 1316 } 1317 ]; 1318} 1319 1320// The reorder firewall policies request message. 1321message ReorderFirewallPoliciesRequest { 1322 // Required. The name of the project to list the policies for, in the format 1323 // `projects/{project}`. 1324 string parent = 1 [ 1325 (google.api.field_behavior) = REQUIRED, 1326 (google.api.resource_reference) = { 1327 type: "cloudresourcemanager.googleapis.com/Project" 1328 } 1329 ]; 1330 1331 // Required. A list containing all policy names, in the new order. Each name 1332 // is in the format `projects/{project}/firewallpolicies/{firewallpolicy}`. 1333 repeated string names = 2 [ 1334 (google.api.field_behavior) = REQUIRED, 1335 (google.api.resource_reference) = { 1336 type: "recaptchaenterprise.googleapis.com/FirewallPolicy" 1337 } 1338 ]; 1339} 1340 1341// The reorder firewall policies response message. 1342message ReorderFirewallPoliciesResponse {} 1343 1344// The migrate key request message. 1345message MigrateKeyRequest { 1346 // Required. The name of the key to be migrated, in the format 1347 // `projects/{project}/keys/{key}`. 1348 string name = 1 [ 1349 (google.api.field_behavior) = REQUIRED, 1350 (google.api.resource_reference) = { 1351 type: "recaptchaenterprise.googleapis.com/Key" 1352 } 1353 ]; 1354 1355 // Optional. If true, skips the billing check. 1356 // A reCAPTCHA Enterprise key or migrated key behaves differently than a 1357 // reCAPTCHA (non-Enterprise version) key when you reach a quota limit (see 1358 // https://cloud.google.com/recaptcha-enterprise/quotas#quota_limit). To avoid 1359 // any disruption of your usage, we check that a billing account is present. 1360 // If your usage of reCAPTCHA is under the free quota, you can safely skip the 1361 // billing check and proceed with the migration. See 1362 // https://cloud.google.com/recaptcha-enterprise/docs/billing-information. 1363 bool skip_billing_check = 2 [(google.api.field_behavior) = OPTIONAL]; 1364} 1365 1366// The get metrics request message. 1367message GetMetricsRequest { 1368 // Required. The name of the requested metrics, in the format 1369 // `projects/{project}/keys/{key}/metrics`. 1370 string name = 1 [ 1371 (google.api.field_behavior) = REQUIRED, 1372 (google.api.resource_reference) = { 1373 type: "recaptchaenterprise.googleapis.com/Metrics" 1374 } 1375 ]; 1376} 1377 1378// Metrics for a single Key. 1379message Metrics { 1380 option (google.api.resource) = { 1381 type: "recaptchaenterprise.googleapis.com/Metrics" 1382 pattern: "projects/{project}/keys/{key}/metrics" 1383 plural: "metrics" 1384 singular: "metrics" 1385 }; 1386 1387 // Output only. Identifier. The name of the metrics, in the format 1388 // `projects/{project}/keys/{key}/metrics`. 1389 string name = 4 [ 1390 (google.api.field_behavior) = IDENTIFIER, 1391 (google.api.field_behavior) = OUTPUT_ONLY 1392 ]; 1393 1394 // Inclusive start time aligned to a day (UTC). 1395 google.protobuf.Timestamp start_time = 1; 1396 1397 // Metrics will be continuous and in order by dates, and in the granularity 1398 // of day. All Key types should have score-based data. 1399 repeated ScoreMetrics score_metrics = 2; 1400 1401 // Metrics will be continuous and in order by dates, and in the granularity 1402 // of day. Only challenge-based keys (CHECKBOX, INVISIBLE), will have 1403 // challenge-based data. 1404 repeated ChallengeMetrics challenge_metrics = 3; 1405} 1406 1407// Secret key is used only in legacy reCAPTCHA. It must be used in a 3rd party 1408// integration with legacy reCAPTCHA. 1409message RetrieveLegacySecretKeyResponse { 1410 // The secret key (also known as shared secret) authorizes communication 1411 // between your application backend and the reCAPTCHA Enterprise server to 1412 // create an assessment. 1413 // The secret key needs to be kept safe for security purposes. 1414 string legacy_secret_key = 1; 1415} 1416 1417// A key used to identify and configure applications (web and/or mobile) that 1418// use reCAPTCHA Enterprise. 1419message Key { 1420 option (google.api.resource) = { 1421 type: "recaptchaenterprise.googleapis.com/Key" 1422 pattern: "projects/{project}/keys/{key}" 1423 plural: "keys" 1424 singular: "key" 1425 }; 1426 1427 // Identifier. The resource name for the Key in the format 1428 // `projects/{project}/keys/{key}`. 1429 string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 1430 1431 // Required. Human-readable display name of this key. Modifiable by user. 1432 string display_name = 2 [(google.api.field_behavior) = REQUIRED]; 1433 1434 // Platform-specific settings for this key. The key can only be used on a 1435 // platform for which the settings are enabled. 1436 oneof platform_settings { 1437 // Settings for keys that can be used by websites. 1438 WebKeySettings web_settings = 3; 1439 1440 // Settings for keys that can be used by Android apps. 1441 AndroidKeySettings android_settings = 4; 1442 1443 // Settings for keys that can be used by iOS apps. 1444 IOSKeySettings ios_settings = 5; 1445 } 1446 1447 // Optional. See [Creating and managing labels] 1448 // (https://cloud.google.com/recaptcha-enterprise/docs/labels). 1449 map<string, string> labels = 6 [(google.api.field_behavior) = OPTIONAL]; 1450 1451 // Output only. The timestamp corresponding to the creation of this key. 1452 google.protobuf.Timestamp create_time = 7 1453 [(google.api.field_behavior) = OUTPUT_ONLY]; 1454 1455 // Optional. Options for user acceptance testing. 1456 TestingOptions testing_options = 9 [(google.api.field_behavior) = OPTIONAL]; 1457 1458 // Optional. Settings for WAF 1459 WafSettings waf_settings = 10 [(google.api.field_behavior) = OPTIONAL]; 1460} 1461 1462// Options for user acceptance testing. 1463message TestingOptions { 1464 // Enum that represents the challenge option for challenge-based (CHECKBOX, 1465 // INVISIBLE) testing keys. 1466 enum TestingChallenge { 1467 // Perform the normal risk analysis and return either nocaptcha or a 1468 // challenge depending on risk and trust factors. 1469 TESTING_CHALLENGE_UNSPECIFIED = 0; 1470 1471 // Challenge requests for this key always return a nocaptcha, which 1472 // does not require a solution. 1473 NOCAPTCHA = 1; 1474 1475 // Challenge requests for this key always return an unsolvable 1476 // challenge. 1477 UNSOLVABLE_CHALLENGE = 2; 1478 } 1479 1480 // Optional. All assessments for this Key will return this score. Must be 1481 // between 0 (likely not legitimate) and 1 (likely legitimate) inclusive. 1482 float testing_score = 1 [(google.api.field_behavior) = OPTIONAL]; 1483 1484 // Optional. For challenge-based keys only (CHECKBOX, INVISIBLE), all 1485 // challenge requests for this site will return nocaptcha if NOCAPTCHA, or an 1486 // unsolvable challenge if CHALLENGE. 1487 TestingChallenge testing_challenge = 2 1488 [(google.api.field_behavior) = OPTIONAL]; 1489} 1490 1491// Settings specific to keys that can be used by websites. 1492message WebKeySettings { 1493 // Enum that represents the integration types for web keys. 1494 enum IntegrationType { 1495 // Default type that indicates this enum hasn't been specified. This is not 1496 // a valid IntegrationType, one of the other types must be specified 1497 // instead. 1498 INTEGRATION_TYPE_UNSPECIFIED = 0; 1499 1500 // Only used to produce scores. It doesn't display the "I'm not a robot" 1501 // checkbox and never shows captcha challenges. 1502 SCORE = 1; 1503 1504 // Displays the "I'm not a robot" checkbox and may show captcha challenges 1505 // after it is checked. 1506 CHECKBOX = 2; 1507 1508 // Doesn't display the "I'm not a robot" checkbox, but may show captcha 1509 // challenges after risk analysis. 1510 INVISIBLE = 3; 1511 } 1512 1513 // Enum that represents the possible challenge frequency and difficulty 1514 // configurations for a web key. 1515 enum ChallengeSecurityPreference { 1516 // Default type that indicates this enum hasn't been specified. 1517 CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED = 0; 1518 1519 // Key tends to show fewer and easier challenges. 1520 USABILITY = 1; 1521 1522 // Key tends to show balanced (in amount and difficulty) challenges. 1523 BALANCE = 2; 1524 1525 // Key tends to show more and harder challenges. 1526 SECURITY = 3; 1527 } 1528 1529 // Optional. If set to true, it means allowed_domains will not be enforced. 1530 bool allow_all_domains = 3 [(google.api.field_behavior) = OPTIONAL]; 1531 1532 // Optional. Domains or subdomains of websites allowed to use the key. All 1533 // subdomains of an allowed domain are automatically allowed. A valid domain 1534 // requires a host and must not include any path, port, query or fragment. 1535 // Examples: 'example.com' or 'subdomain.example.com' 1536 repeated string allowed_domains = 1 [(google.api.field_behavior) = OPTIONAL]; 1537 1538 // Optional. If set to true, the key can be used on AMP (Accelerated Mobile 1539 // Pages) websites. This is supported only for the SCORE integration type. 1540 bool allow_amp_traffic = 2 [(google.api.field_behavior) = OPTIONAL]; 1541 1542 // Required. Describes how this key is integrated with the website. 1543 IntegrationType integration_type = 4 [(google.api.field_behavior) = REQUIRED]; 1544 1545 // Optional. Settings for the frequency and difficulty at which this key 1546 // triggers captcha challenges. This should only be specified for 1547 // IntegrationTypes CHECKBOX and INVISIBLE. 1548 ChallengeSecurityPreference challenge_security_preference = 5 1549 [(google.api.field_behavior) = OPTIONAL]; 1550} 1551 1552// Settings specific to keys that can be used by Android apps. 1553message AndroidKeySettings { 1554 // Optional. If set to true, allowed_package_names are not enforced. 1555 bool allow_all_package_names = 2 [(google.api.field_behavior) = OPTIONAL]; 1556 1557 // Optional. Android package names of apps allowed to use the key. 1558 // Example: 'com.companyname.appname' 1559 repeated string allowed_package_names = 1 1560 [(google.api.field_behavior) = OPTIONAL]; 1561 1562 // Optional. Set to true for keys that are used in an Android application that 1563 // is available for download in app stores in addition to the Google Play 1564 // Store. 1565 bool support_non_google_app_store_distribution = 3 1566 [(google.api.field_behavior) = OPTIONAL]; 1567} 1568 1569// Settings specific to keys that can be used by iOS apps. 1570message IOSKeySettings { 1571 // Optional. If set to true, allowed_bundle_ids are not enforced. 1572 bool allow_all_bundle_ids = 2 [(google.api.field_behavior) = OPTIONAL]; 1573 1574 // Optional. iOS bundle ids of apps allowed to use the key. 1575 // Example: 'com.companyname.productname.appname' 1576 repeated string allowed_bundle_ids = 1 1577 [(google.api.field_behavior) = OPTIONAL]; 1578 1579 // Optional. Apple Developer account details for the app that is protected by 1580 // the reCAPTCHA Key. reCAPTCHA Enterprise leverages platform-specific checks 1581 // like Apple App Attest and Apple DeviceCheck to protect your app from abuse. 1582 // Providing these fields allows reCAPTCHA Enterprise to get a better 1583 // assessment of the integrity of your app. 1584 AppleDeveloperId apple_developer_id = 3 1585 [(google.api.field_behavior) = OPTIONAL]; 1586} 1587 1588// Contains fields that are required to perform Apple-specific integrity checks. 1589message AppleDeveloperId { 1590 // Required. Input only. A private key (downloaded as a text file with a .p8 1591 // file extension) generated for your Apple Developer account. Ensure that 1592 // Apple DeviceCheck is enabled for the private key. 1593 string private_key = 1 [ 1594 (google.api.field_behavior) = REQUIRED, 1595 (google.api.field_behavior) = INPUT_ONLY 1596 ]; 1597 1598 // Required. The Apple developer key ID (10-character string). 1599 string key_id = 2 [(google.api.field_behavior) = REQUIRED]; 1600 1601 // Required. The Apple team ID (10-character string) owning the provisioning 1602 // profile used to build your application. 1603 string team_id = 3 [(google.api.field_behavior) = REQUIRED]; 1604} 1605 1606// Score distribution. 1607message ScoreDistribution { 1608 // Map key is score value multiplied by 100. The scores are discrete values 1609 // between [0, 1]. The maximum number of buckets is on order of a few dozen, 1610 // but typically much lower (ie. 10). 1611 map<int32, int64> score_buckets = 1; 1612} 1613 1614// Metrics related to scoring. 1615message ScoreMetrics { 1616 // Aggregated score metrics for all traffic. 1617 ScoreDistribution overall_metrics = 1; 1618 1619 // Action-based metrics. The map key is the action name which specified by the 1620 // site owners at time of the "execute" client-side call. 1621 map<string, ScoreDistribution> action_metrics = 2; 1622} 1623 1624// Metrics related to challenges. 1625message ChallengeMetrics { 1626 // Count of reCAPTCHA checkboxes or badges rendered. This is mostly equivalent 1627 // to a count of pageloads for pages that include reCAPTCHA. 1628 int64 pageload_count = 1; 1629 1630 // Count of nocaptchas (successful verification without a challenge) issued. 1631 int64 nocaptcha_count = 2; 1632 1633 // Count of submitted challenge solutions that were incorrect or otherwise 1634 // deemed suspicious such that a subsequent challenge was triggered. 1635 int64 failed_count = 3; 1636 1637 // Count of nocaptchas (successful verification without a challenge) plus 1638 // submitted challenge solutions that were correct and resulted in 1639 // verification. 1640 int64 passed_count = 4; 1641} 1642 1643// Policy config assessment. 1644message FirewallPolicyAssessment { 1645 // Output only. If the processing of a policy config fails, an error will be 1646 // populated and the firewall_policy will be left empty. 1647 google.rpc.Status error = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 1648 1649 // Output only. The policy that matched the request. If more than one policy 1650 // may match, this is the first match. If no policy matches the incoming 1651 // request, the policy field will be left empty. 1652 FirewallPolicy firewall_policy = 8 1653 [(google.api.field_behavior) = OUTPUT_ONLY]; 1654} 1655 1656// An individual action. Each action represents what to do if a policy 1657// matches. 1658message FirewallAction { 1659 // An allow action continues processing a request unimpeded. 1660 message AllowAction {} 1661 1662 // A block action serves an HTTP error code a prevents the request from 1663 // hitting the backend. 1664 message BlockAction {} 1665 1666 // An include reCAPTCHA script action involves injecting reCAPTCHA JavaScript 1667 // code into the HTML returned by the site backend. This reCAPTCHA 1668 // script is tasked with collecting user signals on the requested web page, 1669 // issuing tokens as a cookie within the site domain, and enabling their 1670 // utilization in subsequent page requests. 1671 message IncludeRecaptchaScriptAction {} 1672 1673 // A redirect action returns a 307 (temporary redirect) response, pointing 1674 // the user to a ReCaptcha interstitial page to attach a token. 1675 message RedirectAction {} 1676 1677 // A substitute action transparently serves a different page than the one 1678 // requested. 1679 message SubstituteAction { 1680 // Optional. The address to redirect to. The target is a relative path in 1681 // the current host. Example: "/blog/404.html". 1682 string path = 1 [(google.api.field_behavior) = OPTIONAL]; 1683 } 1684 1685 // A set header action sets a header and forwards the request to the 1686 // backend. This can be used to trigger custom protection implemented on the 1687 // backend. 1688 message SetHeaderAction { 1689 // Optional. The header key to set in the request to the backend server. 1690 string key = 1 [(google.api.field_behavior) = OPTIONAL]; 1691 1692 // Optional. The header value to set in the request to the backend server. 1693 string value = 2 [(google.api.field_behavior) = OPTIONAL]; 1694 } 1695 1696 oneof firewall_action_oneof { 1697 // The user request did not match any policy and should be allowed 1698 // access to the requested resource. 1699 AllowAction allow = 1; 1700 1701 // This action will deny access to a given page. The user will get an HTTP 1702 // error code. 1703 BlockAction block = 2; 1704 1705 // This action will inject reCAPTCHA JavaScript code into the HTML page 1706 // returned by the site backend. 1707 IncludeRecaptchaScriptAction include_recaptcha_script = 6; 1708 1709 // This action will redirect the request to a ReCaptcha interstitial to 1710 // attach a token. 1711 RedirectAction redirect = 5; 1712 1713 // This action will transparently serve a different page to an offending 1714 // user. 1715 SubstituteAction substitute = 3; 1716 1717 // This action will set a custom header but allow the request to continue 1718 // to the customer backend. 1719 SetHeaderAction set_header = 4; 1720 } 1721} 1722 1723// A FirewallPolicy represents a single matching pattern and resulting actions 1724// to take. 1725message FirewallPolicy { 1726 option (google.api.resource) = { 1727 type: "recaptchaenterprise.googleapis.com/FirewallPolicy" 1728 pattern: "projects/{project}/firewallpolicies/{firewallpolicy}" 1729 plural: "firewallPolicies" 1730 singular: "firewallPolicy" 1731 }; 1732 1733 // Identifier. The resource name for the FirewallPolicy in the format 1734 // `projects/{project}/firewallpolicies/{firewallpolicy}`. 1735 string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 1736 1737 // Optional. A description of what this policy aims to achieve, for 1738 // convenience purposes. The description can at most include 256 UTF-8 1739 // characters. 1740 string description = 2 [(google.api.field_behavior) = OPTIONAL]; 1741 1742 // Optional. The path for which this policy applies, specified as a glob 1743 // pattern. For more information on glob, see the [manual 1744 // page](https://man7.org/linux/man-pages/man7/glob.7.html). 1745 // A path has a max length of 200 characters. 1746 string path = 4 [(google.api.field_behavior) = OPTIONAL]; 1747 1748 // Optional. A CEL (Common Expression Language) conditional expression that 1749 // specifies if this policy applies to an incoming user request. If this 1750 // condition evaluates to true and the requested path matched the path 1751 // pattern, the associated actions should be executed by the caller. The 1752 // condition string is checked for CEL syntax correctness on creation. For 1753 // more information, see the [CEL spec](https://github.com/google/cel-spec) 1754 // and its [language 1755 // definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md). 1756 // A condition has a max length of 500 characters. 1757 string condition = 5 [(google.api.field_behavior) = OPTIONAL]; 1758 1759 // Optional. The actions that the caller should take regarding user access. 1760 // There should be at most one terminal action. A terminal action is any 1761 // action that forces a response, such as `AllowAction`, 1762 // `BlockAction` or `SubstituteAction`. 1763 // Zero or more non-terminal actions such as `SetHeader` might be 1764 // specified. A single policy can contain up to 16 actions. 1765 repeated FirewallAction actions = 6 [(google.api.field_behavior) = OPTIONAL]; 1766} 1767 1768// The request message to list memberships in a related account group. 1769message ListRelatedAccountGroupMembershipsRequest { 1770 // Required. The resource name for the related account group in the format 1771 // `projects/{project}/relatedaccountgroups/{relatedaccountgroup}`. 1772 string parent = 1 [ 1773 (google.api.field_behavior) = REQUIRED, 1774 (google.api.resource_reference) = { 1775 child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership" 1776 } 1777 ]; 1778 1779 // Optional. The maximum number of accounts to return. The service might 1780 // return fewer than this value. If unspecified, at most 50 accounts are 1781 // returned. The maximum value is 1000; values above 1000 are coerced to 1000. 1782 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1783 1784 // Optional. A page token, received from a previous 1785 // `ListRelatedAccountGroupMemberships` call. 1786 // 1787 // When paginating, all other parameters provided to 1788 // `ListRelatedAccountGroupMemberships` must match the call that provided the 1789 // page token. 1790 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1791} 1792 1793// The response to a `ListRelatedAccountGroupMemberships` call. 1794message ListRelatedAccountGroupMembershipsResponse { 1795 // The memberships listed by the query. 1796 repeated RelatedAccountGroupMembership related_account_group_memberships = 1; 1797 1798 // A token, which can be sent as `page_token` to retrieve the next page. 1799 // If this field is omitted, there are no subsequent pages. 1800 string next_page_token = 2; 1801} 1802 1803// The request message to list related account groups. 1804message ListRelatedAccountGroupsRequest { 1805 // Required. The name of the project to list related account groups from, in 1806 // the format `projects/{project}`. 1807 string parent = 1 [ 1808 (google.api.field_behavior) = REQUIRED, 1809 (google.api.resource_reference) = { 1810 child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroup" 1811 } 1812 ]; 1813 1814 // Optional. The maximum number of groups to return. The service might return 1815 // fewer than this value. If unspecified, at most 50 groups are returned. The 1816 // maximum value is 1000; values above 1000 are coerced to 1000. 1817 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1818 1819 // Optional. A page token, received from a previous `ListRelatedAccountGroups` 1820 // call. Provide this to retrieve the subsequent page. 1821 // 1822 // When paginating, all other parameters provided to 1823 // `ListRelatedAccountGroups` must match the call that provided the page 1824 // token. 1825 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1826} 1827 1828// The response to a `ListRelatedAccountGroups` call. 1829message ListRelatedAccountGroupsResponse { 1830 // The groups of related accounts listed by the query. 1831 repeated RelatedAccountGroup related_account_groups = 1; 1832 1833 // A token, which can be sent as `page_token` to retrieve the next page. 1834 // If this field is omitted, there are no subsequent pages. 1835 string next_page_token = 2; 1836} 1837 1838// The request message to search related account group memberships. 1839message SearchRelatedAccountGroupMembershipsRequest { 1840 // Required. The name of the project to search related account group 1841 // memberships from. Specify the project name in the following format: 1842 // `projects/{project}`. 1843 string project = 1 [ 1844 (google.api.field_behavior) = REQUIRED, 1845 (google.api.resource_reference) = { 1846 type: "cloudresourcemanager.googleapis.com/Project" 1847 } 1848 ]; 1849 1850 // Optional. The unique stable account identifier used to search connections. 1851 // The identifier should correspond to an `account_id` provided in a previous 1852 // `CreateAssessment` or `AnnotateAssessment` call. Either hashed_account_id 1853 // or account_id must be set, but not both. 1854 string account_id = 5 [(google.api.field_behavior) = OPTIONAL]; 1855 1856 // Optional. Deprecated: use `account_id` instead. 1857 // The unique stable hashed account identifier used to search connections. The 1858 // identifier should correspond to a `hashed_account_id` provided in a 1859 // previous `CreateAssessment` or `AnnotateAssessment` call. Either 1860 // hashed_account_id or account_id must be set, but not both. 1861 bytes hashed_account_id = 2 1862 [deprecated = true, (google.api.field_behavior) = OPTIONAL]; 1863 1864 // Optional. The maximum number of groups to return. The service might return 1865 // fewer than this value. If unspecified, at most 50 groups are returned. The 1866 // maximum value is 1000; values above 1000 are coerced to 1000. 1867 int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL]; 1868 1869 // Optional. A page token, received from a previous 1870 // `SearchRelatedAccountGroupMemberships` call. Provide this to retrieve the 1871 // subsequent page. 1872 // 1873 // When paginating, all other parameters provided to 1874 // `SearchRelatedAccountGroupMemberships` must match the call that provided 1875 // the page token. 1876 string page_token = 4 [(google.api.field_behavior) = OPTIONAL]; 1877} 1878 1879// The response to a `SearchRelatedAccountGroupMemberships` call. 1880message SearchRelatedAccountGroupMembershipsResponse { 1881 // The queried memberships. 1882 repeated RelatedAccountGroupMembership related_account_group_memberships = 1; 1883 1884 // A token, which can be sent as `page_token` to retrieve the next page. 1885 // If this field is omitted, there are no subsequent pages. 1886 string next_page_token = 2; 1887} 1888 1889// A membership in a group of related accounts. 1890message RelatedAccountGroupMembership { 1891 option (google.api.resource) = { 1892 type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership" 1893 pattern: "projects/{project}/relatedaccountgroups/{relatedaccountgroup}/memberships/{membership}" 1894 plural: "relatedAccountGroupMemberships" 1895 singular: "relatedAccountGroupMembership" 1896 }; 1897 1898 // Required. Identifier. The resource name for this membership in the format 1899 // `projects/{project}/relatedaccountgroups/{relatedaccountgroup}/memberships/{membership}`. 1900 string name = 1 [ 1901 (google.api.field_behavior) = IDENTIFIER, 1902 (google.api.field_behavior) = REQUIRED 1903 ]; 1904 1905 // The unique stable account identifier of the member. The identifier 1906 // corresponds to an `account_id` provided in a previous `CreateAssessment` or 1907 // `AnnotateAssessment` call. 1908 string account_id = 4; 1909 1910 // Deprecated: use `account_id` instead. 1911 // The unique stable hashed account identifier of the member. The identifier 1912 // corresponds to a `hashed_account_id` provided in a previous 1913 // `CreateAssessment` or `AnnotateAssessment` call. 1914 bytes hashed_account_id = 2 [deprecated = true]; 1915} 1916 1917// A group of related accounts. 1918message RelatedAccountGroup { 1919 option (google.api.resource) = { 1920 type: "recaptchaenterprise.googleapis.com/RelatedAccountGroup" 1921 pattern: "projects/{project}/relatedaccountgroups/{relatedaccountgroup}" 1922 plural: "relatedAccountGroups" 1923 singular: "relatedAccountGroup" 1924 }; 1925 1926 // Required. Identifier. The resource name for the related account group in 1927 // the format 1928 // `projects/{project}/relatedaccountgroups/{related_account_group}`. 1929 string name = 1 [ 1930 (google.api.field_behavior) = IDENTIFIER, 1931 (google.api.field_behavior) = REQUIRED 1932 ]; 1933} 1934 1935// Settings specific to keys that can be used for WAF (Web Application 1936// Firewall). 1937message WafSettings { 1938 // Supported WAF features. For more information, see 1939 // https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. 1940 enum WafFeature { 1941 // Undefined feature. 1942 WAF_FEATURE_UNSPECIFIED = 0; 1943 1944 // Redirects suspicious traffic to reCAPTCHA. 1945 CHALLENGE_PAGE = 1; 1946 1947 // Use reCAPTCHA session-tokens to protect the whole user session on the 1948 // site's domain. 1949 SESSION_TOKEN = 2; 1950 1951 // Use reCAPTCHA action-tokens to protect user actions. 1952 ACTION_TOKEN = 3; 1953 1954 // Use reCAPTCHA WAF express protection to protect any content other than 1955 // web pages, like APIs and IoT devices. 1956 EXPRESS = 5; 1957 } 1958 1959 // Web Application Firewalls supported by reCAPTCHA Enterprise. 1960 enum WafService { 1961 // Undefined WAF 1962 WAF_SERVICE_UNSPECIFIED = 0; 1963 1964 // Cloud Armor 1965 CA = 1; 1966 1967 // Fastly 1968 FASTLY = 3; 1969 1970 // Cloudflare 1971 CLOUDFLARE = 4; 1972 } 1973 1974 // Required. The WAF service that uses this key. 1975 WafService waf_service = 1 [(google.api.field_behavior) = REQUIRED]; 1976 1977 // Required. The WAF feature for which this key is enabled. 1978 WafFeature waf_feature = 2 [(google.api.field_behavior) = REQUIRED]; 1979} 1980