1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.recaptchaenterprise.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/empty.proto"; 24import "google/protobuf/field_mask.proto"; 25import "google/protobuf/timestamp.proto"; 26 27option csharp_namespace = "Google.Cloud.RecaptchaEnterprise.V1"; 28option go_package = "cloud.google.com/go/recaptchaenterprise/v2/apiv1/recaptchaenterprisepb;recaptchaenterprisepb"; 29option java_multiple_files = true; 30option java_outer_classname = "RecaptchaEnterpriseProto"; 31option java_package = "com.google.recaptchaenterprise.v1"; 32option objc_class_prefix = "GCRE"; 33option php_namespace = "Google\\Cloud\\RecaptchaEnterprise\\V1"; 34option ruby_package = "Google::Cloud::RecaptchaEnterprise::V1"; 35 36// Service to determine the likelihood an event is legitimate. 37service RecaptchaEnterpriseService { 38 option (google.api.default_host) = "recaptchaenterprise.googleapis.com"; 39 option (google.api.oauth_scopes) = 40 "https://www.googleapis.com/auth/cloud-platform"; 41 42 // Creates an Assessment of the likelihood an event is legitimate. 43 rpc CreateAssessment(CreateAssessmentRequest) returns (Assessment) { 44 option (google.api.http) = { 45 post: "/v1/{parent=projects/*}/assessments" 46 body: "assessment" 47 }; 48 option (google.api.method_signature) = "parent,assessment"; 49 } 50 51 // Annotates a previously created Assessment to provide additional information 52 // on whether the event turned out to be authentic or fraudulent. 53 rpc AnnotateAssessment(AnnotateAssessmentRequest) 54 returns (AnnotateAssessmentResponse) { 55 option (google.api.http) = { 56 post: "/v1/{name=projects/*/assessments/*}:annotate" 57 body: "*" 58 }; 59 option (google.api.method_signature) = "name,annotation"; 60 } 61 62 // Creates a new reCAPTCHA Enterprise key. 63 rpc CreateKey(CreateKeyRequest) returns (Key) { 64 option (google.api.http) = { 65 post: "/v1/{parent=projects/*}/keys" 66 body: "key" 67 }; 68 option (google.api.method_signature) = "parent,key"; 69 } 70 71 // Returns the list of all keys that belong to a project. 72 rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) { 73 option (google.api.http) = { 74 get: "/v1/{parent=projects/*}/keys" 75 }; 76 option (google.api.method_signature) = "parent"; 77 } 78 79 // Returns the secret key related to the specified public key. 80 // You must use the legacy secret key only in a 3rd party integration with 81 // legacy reCAPTCHA. 82 rpc RetrieveLegacySecretKey(RetrieveLegacySecretKeyRequest) 83 returns (RetrieveLegacySecretKeyResponse) { 84 option (google.api.http) = { 85 get: "/v1/{key=projects/*/keys/*}:retrieveLegacySecretKey" 86 }; 87 option (google.api.method_signature) = "key"; 88 } 89 90 // Returns the specified key. 91 rpc GetKey(GetKeyRequest) returns (Key) { 92 option (google.api.http) = { 93 get: "/v1/{name=projects/*/keys/*}" 94 }; 95 option (google.api.method_signature) = "name"; 96 } 97 98 // Updates the specified key. 99 rpc UpdateKey(UpdateKeyRequest) returns (Key) { 100 option (google.api.http) = { 101 patch: "/v1/{key.name=projects/*/keys/*}" 102 body: "key" 103 }; 104 option (google.api.method_signature) = "key,update_mask"; 105 } 106 107 // Deletes the specified key. 108 rpc DeleteKey(DeleteKeyRequest) returns (google.protobuf.Empty) { 109 option (google.api.http) = { 110 delete: "/v1/{name=projects/*/keys/*}" 111 }; 112 option (google.api.method_signature) = "name"; 113 } 114 115 // Migrates an existing key from reCAPTCHA to reCAPTCHA Enterprise. 116 // Once a key is migrated, it can be used from either product. SiteVerify 117 // requests are billed as CreateAssessment calls. You must be 118 // authenticated as one of the current owners of the reCAPTCHA Site Key, and 119 // your user must have the reCAPTCHA Enterprise Admin IAM role in the 120 // destination project. 121 rpc MigrateKey(MigrateKeyRequest) returns (Key) { 122 option (google.api.http) = { 123 post: "/v1/{name=projects/*/keys/*}:migrate" 124 body: "*" 125 }; 126 } 127 128 // Get some aggregated metrics for a Key. This data can be used to build 129 // dashboards. 130 rpc GetMetrics(GetMetricsRequest) returns (Metrics) { 131 option (google.api.http) = { 132 get: "/v1/{name=projects/*/keys/*/metrics}" 133 }; 134 option (google.api.method_signature) = "name"; 135 } 136 137 // List groups of related accounts. 138 rpc ListRelatedAccountGroups(ListRelatedAccountGroupsRequest) 139 returns (ListRelatedAccountGroupsResponse) { 140 option (google.api.http) = { 141 get: "/v1/{parent=projects/*}/relatedaccountgroups" 142 }; 143 option (google.api.method_signature) = "parent"; 144 } 145 146 // Get memberships in a group of related accounts. 147 rpc ListRelatedAccountGroupMemberships( 148 ListRelatedAccountGroupMembershipsRequest) 149 returns (ListRelatedAccountGroupMembershipsResponse) { 150 option (google.api.http) = { 151 get: "/v1/{parent=projects/*/relatedaccountgroups/*}/memberships" 152 }; 153 option (google.api.method_signature) = "parent"; 154 } 155 156 // Search group memberships related to a given account. 157 rpc SearchRelatedAccountGroupMemberships( 158 SearchRelatedAccountGroupMembershipsRequest) 159 returns (SearchRelatedAccountGroupMembershipsResponse) { 160 option (google.api.http) = { 161 post: "/v1/{project=projects/*}/relatedaccountgroupmemberships:search" 162 body: "*" 163 }; 164 option (google.api.method_signature) = "project,hashed_account_id"; 165 } 166} 167 168// The create assessment request message. 169message CreateAssessmentRequest { 170 // Required. The name of the project in which the assessment will be created, 171 // in the format "projects/{project}". 172 string parent = 1 [ 173 (google.api.field_behavior) = REQUIRED, 174 (google.api.resource_reference) = { 175 type: "cloudresourcemanager.googleapis.com/Project" 176 } 177 ]; 178 179 // Required. The assessment details. 180 Assessment assessment = 2 [(google.api.field_behavior) = REQUIRED]; 181} 182 183// Describes an event in the lifecycle of a payment transaction. 184message TransactionEvent { 185 // Enum that represents an event in the payment transaction lifecycle. 186 enum TransactionEventType { 187 // Default, unspecified event type. 188 TRANSACTION_EVENT_TYPE_UNSPECIFIED = 0; 189 190 // Indicates that the transaction is approved by the merchant. The 191 // accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 192 // 'CYBERSOURCE', or 'MANUAL_REVIEW'. 193 MERCHANT_APPROVE = 1; 194 195 // Indicates that the transaction is denied and concluded due to risks 196 // detected by the merchant. The accompanying reasons can include terms such 197 // as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'. 198 MERCHANT_DENY = 2; 199 200 // Indicates that the transaction is being evaluated by a human, due to 201 // suspicion or risk. 202 MANUAL_REVIEW = 3; 203 204 // Indicates that the authorization attempt with the card issuer succeeded. 205 AUTHORIZATION = 4; 206 207 // Indicates that the authorization attempt with the card issuer failed. 208 // The accompanying reasons can include Visa's '54' indicating that the card 209 // is expired, or '82' indicating that the CVV is incorrect. 210 AUTHORIZATION_DECLINE = 5; 211 212 // Indicates that the transaction is completed because the funds were 213 // settled. 214 PAYMENT_CAPTURE = 6; 215 216 // Indicates that the transaction could not be completed because the funds 217 // were not settled. 218 PAYMENT_CAPTURE_DECLINE = 7; 219 220 // Indicates that the transaction has been canceled. Specify the reason 221 // for the cancellation. For example, 'INSUFFICIENT_INVENTORY'. 222 CANCEL = 8; 223 224 // Indicates that the merchant has received a chargeback inquiry due to 225 // fraud for the transaction, requesting additional information before a 226 // fraud chargeback is officially issued and a formal chargeback 227 // notification is sent. 228 CHARGEBACK_INQUIRY = 9; 229 230 // Indicates that the merchant has received a chargeback alert due to fraud 231 // for the transaction. The process of resolving the dispute without 232 // involving the payment network is started. 233 CHARGEBACK_ALERT = 10; 234 235 // Indicates that a fraud notification is issued for the transaction, sent 236 // by the payment instrument's issuing bank because the transaction appears 237 // to be fraudulent. We recommend including TC40 or SAFE data in the 238 // `reason` field for this event type. For partial chargebacks, we recommend 239 // that you include an amount in the `value` field. 240 FRAUD_NOTIFICATION = 11; 241 242 // Indicates that the merchant is informed by the payment network that the 243 // transaction has entered the chargeback process due to fraud. Reason code 244 // examples include Discover's '6005' and '6041'. For partial chargebacks, 245 // we recommend that you include an amount in the `value` field. 246 CHARGEBACK = 12; 247 248 // Indicates that the transaction has entered the chargeback process due to 249 // fraud, and that the merchant has chosen to enter representment. Reason 250 // examples include Discover's '6005' and '6041'. For partial chargebacks, 251 // we recommend that you include an amount in the `value` field. 252 CHARGEBACK_REPRESENTMENT = 13; 253 254 // Indicates that the transaction has had a fraud chargeback which was 255 // illegitimate and was reversed as a result. For partial chargebacks, we 256 // recommend that you include an amount in the `value` field. 257 CHARGEBACK_REVERSE = 14; 258 259 // Indicates that the merchant has received a refund for a completed 260 // transaction. For partial refunds, we recommend that you include an amount 261 // in the `value` field. Reason example: 'TAX_EXEMPT' (partial refund of 262 // exempt tax) 263 REFUND_REQUEST = 15; 264 265 // Indicates that the merchant has received a refund request for this 266 // transaction, but that they have declined it. For partial refunds, we 267 // recommend that you include an amount in the `value` field. Reason 268 // example: 'TAX_EXEMPT' (partial refund of exempt tax) 269 REFUND_DECLINE = 16; 270 271 // Indicates that the completed transaction was refunded by the merchant. 272 // For partial refunds, we recommend that you include an amount in the 273 // `value` field. Reason example: 'TAX_EXEMPT' (partial refund of exempt 274 // tax) 275 REFUND = 17; 276 277 // Indicates that the completed transaction was refunded by the merchant, 278 // and that this refund was reversed. For partial refunds, we recommend that 279 // you include an amount in the `value` field. 280 REFUND_REVERSE = 18; 281 } 282 283 // Optional. The type of this transaction event. 284 TransactionEventType event_type = 1 [(google.api.field_behavior) = OPTIONAL]; 285 286 // Optional. The reason or standardized code that corresponds with this 287 // transaction event, if one exists. For example, a CHARGEBACK event with code 288 // 6005. 289 string reason = 2 [(google.api.field_behavior) = OPTIONAL]; 290 291 // Optional. The value that corresponds with this transaction event, if one 292 // exists. For example, a refund event where $5.00 was refunded. Currency is 293 // obtained from the original transaction data. 294 double value = 3 [(google.api.field_behavior) = OPTIONAL]; 295 296 // Optional. Timestamp when this transaction event occurred; otherwise assumed 297 // to be the time of the API call. 298 google.protobuf.Timestamp event_time = 4 299 [(google.api.field_behavior) = OPTIONAL]; 300} 301 302// The request message to annotate an Assessment. 303message AnnotateAssessmentRequest { 304 // Enum that represents the types of annotations. 305 enum Annotation { 306 // Default unspecified type. 307 ANNOTATION_UNSPECIFIED = 0; 308 309 // Provides information that the event turned out to be legitimate. 310 LEGITIMATE = 1; 311 312 // Provides information that the event turned out to be fraudulent. 313 FRAUDULENT = 2; 314 315 // Provides information that the event was related to a login event in which 316 // the user typed the correct password. Deprecated, prefer indicating 317 // CORRECT_PASSWORD through the reasons field instead. 318 PASSWORD_CORRECT = 3 [deprecated = true]; 319 320 // Provides information that the event was related to a login event in which 321 // the user typed the incorrect password. Deprecated, prefer indicating 322 // INCORRECT_PASSWORD through the reasons field instead. 323 PASSWORD_INCORRECT = 4 [deprecated = true]; 324 } 325 326 // Enum that represents potential reasons for annotating an assessment. 327 enum Reason { 328 // Default unspecified reason. 329 REASON_UNSPECIFIED = 0; 330 331 // Indicates that the transaction had a chargeback issued with no other 332 // details. When possible, specify the type by using CHARGEBACK_FRAUD or 333 // CHARGEBACK_DISPUTE instead. 334 CHARGEBACK = 1; 335 336 // Indicates that the transaction had a chargeback issued related to an 337 // alleged unauthorized transaction from the cardholder's perspective (for 338 // example, the card number was stolen). 339 CHARGEBACK_FRAUD = 8; 340 341 // Indicates that the transaction had a chargeback issued related to the 342 // cardholder having provided their card details but allegedly not being 343 // satisfied with the purchase (for example, misrepresentation, attempted 344 // cancellation). 345 CHARGEBACK_DISPUTE = 9; 346 347 // Indicates that the completed payment transaction was refunded by the 348 // seller. 349 REFUND = 10; 350 351 // Indicates that the completed payment transaction was determined to be 352 // fraudulent by the seller, and was cancelled and refunded as a result. 353 REFUND_FRAUD = 11; 354 355 // Indicates that the payment transaction was accepted, and the user was 356 // charged. 357 TRANSACTION_ACCEPTED = 12; 358 359 // Indicates that the payment transaction was declined, for example due to 360 // invalid card details. 361 TRANSACTION_DECLINED = 13; 362 363 // Indicates the transaction associated with the assessment is suspected of 364 // being fraudulent based on the payment method, billing details, shipping 365 // address or other transaction information. 366 PAYMENT_HEURISTICS = 2; 367 368 // Indicates that the user was served a 2FA challenge. An old assessment 369 // with `ENUM_VALUES.INITIATED_TWO_FACTOR` reason that has not been 370 // overwritten with `PASSED_TWO_FACTOR` is treated as an abandoned 2FA flow. 371 // This is equivalent to `FAILED_TWO_FACTOR`. 372 INITIATED_TWO_FACTOR = 7; 373 374 // Indicates that the user passed a 2FA challenge. 375 PASSED_TWO_FACTOR = 3; 376 377 // Indicates that the user failed a 2FA challenge. 378 FAILED_TWO_FACTOR = 4; 379 380 // Indicates the user provided the correct password. 381 CORRECT_PASSWORD = 5; 382 383 // Indicates the user provided an incorrect password. 384 INCORRECT_PASSWORD = 6; 385 386 // Indicates that the user sent unwanted and abusive messages to other users 387 // of the platform, such as spam, scams, phishing, or social engineering. 388 SOCIAL_SPAM = 14; 389 } 390 391 // Required. The resource name of the Assessment, in the format 392 // "projects/{project}/assessments/{assessment}". 393 string name = 1 [ 394 (google.api.field_behavior) = REQUIRED, 395 (google.api.resource_reference) = { 396 type: "recaptchaenterprise.googleapis.com/Assessment" 397 } 398 ]; 399 400 // Optional. The annotation that will be assigned to the Event. This field can 401 // be left empty to provide reasons that apply to an event without concluding 402 // whether the event is legitimate or fraudulent. 403 Annotation annotation = 2 [(google.api.field_behavior) = OPTIONAL]; 404 405 // Optional. Optional reasons for the annotation that will be assigned to the 406 // Event. 407 repeated Reason reasons = 3 [(google.api.field_behavior) = OPTIONAL]; 408 409 // Optional. Unique stable hashed user identifier to apply to the assessment. 410 // This is an alternative to setting the hashed_account_id in 411 // CreateAssessment, for example when the account identifier is not yet known 412 // in the initial request. It is recommended that the identifier is hashed 413 // using hmac-sha256 with stable secret. 414 bytes hashed_account_id = 4 [(google.api.field_behavior) = OPTIONAL]; 415 416 // Optional. If the assessment is part of a payment transaction, provide 417 // details on payment lifecycle events that occur in the transaction. 418 TransactionEvent transaction_event = 5 419 [(google.api.field_behavior) = OPTIONAL]; 420} 421 422// Empty response for AnnotateAssessment. 423message AnnotateAssessmentResponse {} 424 425// Information about a verification endpoint that can be used for 2FA. 426message EndpointVerificationInfo { 427 oneof endpoint { 428 // Email address for which to trigger a verification request. 429 string email_address = 1; 430 431 // Phone number for which to trigger a verification request. Should be given 432 // in E.164 format. 433 string phone_number = 2; 434 } 435 436 // Output only. Token to provide to the client to trigger endpoint 437 // verification. It must be used within 15 minutes. 438 string request_token = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 439 440 // Output only. Timestamp of the last successful verification for the 441 // endpoint, if any. 442 google.protobuf.Timestamp last_verification_time = 4 443 [(google.api.field_behavior) = OUTPUT_ONLY]; 444} 445 446// Information about account verification, used for identity verification. 447message AccountVerificationInfo { 448 // Result of the account verification as contained in the verdict token issued 449 // at the end of the verification flow. 450 enum Result { 451 // No information about the latest account verification. 452 RESULT_UNSPECIFIED = 0; 453 454 // The user was successfully verified. This means the account verification 455 // challenge was successfully completed. 456 SUCCESS_USER_VERIFIED = 1; 457 458 // The user failed the verification challenge. 459 ERROR_USER_NOT_VERIFIED = 2; 460 461 // The site is not properly onboarded to use the account verification 462 // feature. 463 ERROR_SITE_ONBOARDING_INCOMPLETE = 3; 464 465 // The recipient is not allowed for account verification. This can occur 466 // during integration but should not occur in production. 467 ERROR_RECIPIENT_NOT_ALLOWED = 4; 468 469 // The recipient has already been sent too many verification codes in a 470 // short amount of time. 471 ERROR_RECIPIENT_ABUSE_LIMIT_EXHAUSTED = 5; 472 473 // The verification flow could not be completed due to a critical internal 474 // error. 475 ERROR_CRITICAL_INTERNAL = 6; 476 477 // The client has exceeded their two factor request quota for this period of 478 // time. 479 ERROR_CUSTOMER_QUOTA_EXHAUSTED = 7; 480 481 // The request cannot be processed at the time because of an incident. This 482 // bypass can be restricted to a problematic destination email domain, a 483 // customer, or could affect the entire service. 484 ERROR_VERIFICATION_BYPASSED = 8; 485 486 // The request parameters do not match with the token provided and cannot be 487 // processed. 488 ERROR_VERDICT_MISMATCH = 9; 489 } 490 491 // Endpoints that can be used for identity verification. 492 repeated EndpointVerificationInfo endpoints = 1; 493 494 // Language code preference for the verification message, set as a IETF BCP 47 495 // language code. 496 string language_code = 3; 497 498 // Output only. Result of the latest account verification challenge. 499 Result latest_verification_result = 7 500 [(google.api.field_behavior) = OUTPUT_ONLY]; 501 502 // Username of the account that is being verified. Deprecated. Customers 503 // should now provide the hashed account ID field in Event. 504 string username = 2 [deprecated = true]; 505} 506 507// Private password leak verification info. 508message PrivatePasswordLeakVerification { 509 // Optional. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized 510 // username. It is used to look up password leaks associated with that hash 511 // prefix. 512 bytes lookup_hash_prefix = 1 [(google.api.field_behavior) = OPTIONAL]; 513 514 // Optional. Encrypted Scrypt hash of the canonicalized username+password. It 515 // is re-encrypted by the server and returned through 516 // `reencrypted_user_credentials_hash`. 517 bytes encrypted_user_credentials_hash = 2 518 [(google.api.field_behavior) = OPTIONAL]; 519 520 // Output only. List of prefixes of the encrypted potential password leaks 521 // that matched the given parameters. They must be compared with the 522 // client-side decryption prefix of `reencrypted_user_credentials_hash` 523 repeated bytes encrypted_leak_match_prefixes = 3 524 [(google.api.field_behavior) = OUTPUT_ONLY]; 525 526 // Output only. Corresponds to the re-encryption of the 527 // `encrypted_user_credentials_hash` field. It is used to match potential 528 // password leaks within `encrypted_leak_match_prefixes`. 529 bytes reencrypted_user_credentials_hash = 4 530 [(google.api.field_behavior) = OUTPUT_ONLY]; 531} 532 533// A reCAPTCHA Enterprise assessment resource. 534message Assessment { 535 option (google.api.resource) = { 536 type: "recaptchaenterprise.googleapis.com/Assessment" 537 pattern: "projects/{project}/assessments/{assessment}" 538 }; 539 540 // Output only. The resource name for the Assessment in the format 541 // "projects/{project}/assessments/{assessment}". 542 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 543 544 // The event being assessed. 545 Event event = 2; 546 547 // Output only. The risk analysis result for the event being assessed. 548 RiskAnalysis risk_analysis = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 549 550 // Output only. Properties of the provided event token. 551 TokenProperties token_properties = 4 552 [(google.api.field_behavior) = OUTPUT_ONLY]; 553 554 // Account verification information for identity verification. The assessment 555 // event must include a token and site key to use this feature. 556 AccountVerificationInfo account_verification = 5; 557 558 // Assessment returned by account defender when a hashed_account_id is 559 // provided. 560 AccountDefenderAssessment account_defender_assessment = 6; 561 562 // The private password leak verification field contains the parameters that 563 // are used to to check for leaks privately without sharing user credentials. 564 PrivatePasswordLeakVerification private_password_leak_verification = 8; 565 566 // Assessment returned by Fraud Prevention when TransactionData is provided. 567 FraudPreventionAssessment fraud_prevention_assessment = 11; 568} 569 570// The event being assessed. 571message Event { 572 // Optional. The user response token provided by the reCAPTCHA Enterprise 573 // client-side integration on your site. 574 string token = 1 [(google.api.field_behavior) = OPTIONAL]; 575 576 // Optional. The site key that was used to invoke reCAPTCHA Enterprise on your 577 // site and generate the token. 578 string site_key = 2 [(google.api.field_behavior) = OPTIONAL]; 579 580 // Optional. The user agent present in the request from the user's device 581 // related to this event. 582 string user_agent = 3 [(google.api.field_behavior) = OPTIONAL]; 583 584 // Optional. The IP address in the request from the user's device related to 585 // this event. 586 string user_ip_address = 4 [(google.api.field_behavior) = OPTIONAL]; 587 588 // Optional. The expected action for this type of event. This should be the 589 // same action provided at token generation time on client-side platforms 590 // already integrated with recaptcha enterprise. 591 string expected_action = 5 [(google.api.field_behavior) = OPTIONAL]; 592 593 // Optional. Unique stable hashed user identifier for the request. The 594 // identifier must be hashed using hmac-sha256 with stable secret. 595 bytes hashed_account_id = 6 [(google.api.field_behavior) = OPTIONAL]; 596 597 // Optional. Data describing a payment transaction to be assessed. Sending 598 // this data enables reCAPTCHA Enterprise Fraud Prevention and the 599 // FraudPreventionAssessment component in the response. 600 TransactionData transaction_data = 13 601 [(google.api.field_behavior) = OPTIONAL]; 602} 603 604// Transaction data associated with a payment protected by reCAPTCHA Enterprise. 605// All fields are optional. 606message TransactionData { 607 // Structured address format for billing and shipping addresses. 608 message Address { 609 // The recipient name, potentially including information such as "care of". 610 string recipient = 1; 611 612 // The first lines of the address. The first line generally contains the 613 // street name and number, and further lines may include information such as 614 // an apartment number. 615 repeated string address = 2; 616 617 // The town/city of the address. 618 string locality = 3; 619 620 // The state, province, or otherwise administrative area of the address. 621 string administrative_area = 4; 622 623 // The CLDR country/region of the address. 624 string region_code = 5; 625 626 // The postal or ZIP code of the address. 627 string postal_code = 6; 628 } 629 630 // Details about a user's account involved in the transaction. 631 message User { 632 // Unique account identifier for this user. If using account defender, 633 // this should match the hashed_account_id field. Otherwise, a unique and 634 // persistent identifier for this account. 635 string account_id = 6; 636 637 // The epoch milliseconds of the user's account creation. 638 int64 creation_ms = 1; 639 640 // The email address of the user. 641 string email = 2; 642 643 // Whether the email has been verified to be accessible by the user (OTP or 644 // similar). 645 bool email_verified = 3; 646 647 // The phone number of the user, with country code. 648 string phone_number = 4; 649 650 // Whether the phone number has been verified to be accessible by the user 651 // (OTP or similar). 652 bool phone_verified = 5; 653 } 654 655 // Line items being purchased in this transaction. 656 message Item { 657 // The full name of the item. 658 string name = 1; 659 660 // The value per item that the user is paying, in the transaction currency, 661 // after discounts. 662 double value = 2; 663 664 // The quantity of this item that is being purchased. 665 int64 quantity = 3; 666 667 // When a merchant is specified, its corresponding account_id. Necessary to 668 // populate marketplace-style transactions. 669 string merchant_account_id = 4; 670 } 671 672 // Details about the transaction from the gateway. 673 message GatewayInfo { 674 // Name of the gateway service (for example, stripe, square, paypal). 675 string name = 1; 676 677 // Gateway response code describing the state of the transaction. 678 string gateway_response_code = 2; 679 680 // AVS response code from the gateway 681 // (available only when reCAPTCHA Enterprise is called after authorization). 682 string avs_response_code = 3; 683 684 // CVV response code from the gateway 685 // (available only when reCAPTCHA Enterprise is called after authorization). 686 string cvv_response_code = 4; 687 } 688 689 // Unique identifier for the transaction. This custom identifier can be used 690 // to reference this transaction in the future, for example, labeling a refund 691 // or chargeback event. Two attempts at the same transaction should use the 692 // same transaction id. 693 optional string transaction_id = 11; 694 695 // The payment method for the transaction. The allowed values are: 696 // 697 // * credit-card 698 // * debit-card 699 // * gift-card 700 // * processor-{name} (If a third-party is used, for example, 701 // processor-paypal) 702 // * custom-{name} (If an alternative method is used, for example, 703 // custom-crypto) 704 string payment_method = 1; 705 706 // The Bank Identification Number - generally the first 6 or 8 digits of the 707 // card. 708 string card_bin = 2; 709 710 // The last four digits of the card. 711 string card_last_four = 3; 712 713 // The currency code in ISO-4217 format. 714 string currency_code = 4; 715 716 // The decimal value of the transaction in the specified currency. 717 double value = 5; 718 719 // The value of shipping in the specified currency. 0 for free or no shipping. 720 double shipping_value = 12; 721 722 // Destination address if this transaction involves shipping a physical item. 723 Address shipping_address = 6; 724 725 // Address associated with the payment method when applicable. 726 Address billing_address = 7; 727 728 // Information about the user paying/initiating the transaction. 729 User user = 8; 730 731 // Information about the user or users fulfilling the transaction. 732 repeated User merchants = 13; 733 734 // Items purchased in this transaction. 735 repeated Item items = 14; 736 737 // Information about the payment gateway's response to the transaction. 738 GatewayInfo gateway_info = 10; 739} 740 741// Risk analysis result for an event. 742message RiskAnalysis { 743 // Reasons contributing to the risk analysis verdict. 744 enum ClassificationReason { 745 // Default unspecified type. 746 CLASSIFICATION_REASON_UNSPECIFIED = 0; 747 748 // Interactions matched the behavior of an automated agent. 749 AUTOMATION = 1; 750 751 // The event originated from an illegitimate environment. 752 UNEXPECTED_ENVIRONMENT = 2; 753 754 // Traffic volume from the event source is higher than normal. 755 TOO_MUCH_TRAFFIC = 3; 756 757 // Interactions with the site were significantly different than expected 758 // patterns. 759 UNEXPECTED_USAGE_PATTERNS = 4; 760 761 // Too little traffic has been received from this site thus far to generate 762 // quality risk analysis. 763 LOW_CONFIDENCE_SCORE = 5; 764 765 // The request matches behavioral characteristics of a carding attack. 766 SUSPECTED_CARDING = 6; 767 768 // The request matches behavioral characteristics of chargebacks for fraud. 769 SUSPECTED_CHARGEBACK = 7; 770 } 771 772 // Legitimate event score from 0.0 to 1.0. 773 // (1.0 means very likely legitimate traffic while 0.0 means very likely 774 // non-legitimate traffic). 775 float score = 1; 776 777 // Reasons contributing to the risk analysis verdict. 778 repeated ClassificationReason reasons = 2; 779} 780 781// Properties of the provided event token. 782message TokenProperties { 783 // Enum that represents the types of invalid token reasons. 784 enum InvalidReason { 785 // Default unspecified type. 786 INVALID_REASON_UNSPECIFIED = 0; 787 788 // If the failure reason was not accounted for. 789 UNKNOWN_INVALID_REASON = 1; 790 791 // The provided user verification token was malformed. 792 MALFORMED = 2; 793 794 // The user verification token had expired. 795 EXPIRED = 3; 796 797 // The user verification had already been seen. 798 DUPE = 4; 799 800 // The user verification token was not present. 801 MISSING = 5; 802 803 // A retriable error (such as network failure) occurred on the browser. 804 // Could easily be simulated by an attacker. 805 BROWSER_ERROR = 6; 806 } 807 808 // Whether the provided user response token is valid. When valid = false, the 809 // reason could be specified in invalid_reason or it could also be due to 810 // a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey 811 // used to generate the token was different than the one specified in the 812 // assessment). 813 bool valid = 1; 814 815 // Reason associated with the response when valid = false. 816 InvalidReason invalid_reason = 2; 817 818 // The timestamp corresponding to the generation of the token. 819 google.protobuf.Timestamp create_time = 3; 820 821 // The hostname of the page on which the token was generated (Web keys only). 822 string hostname = 4; 823 824 // The name of the Android package with which the token was generated (Android 825 // keys only). 826 string android_package_name = 8; 827 828 // The ID of the iOS bundle with which the token was generated (iOS keys 829 // only). 830 string ios_bundle_id = 9; 831 832 // Action name provided at token generation. 833 string action = 5; 834} 835 836// Assessment for Fraud Prevention. 837message FraudPreventionAssessment { 838 // Information about stolen instrument fraud, where the user is not the 839 // legitimate owner of the instrument being used for the purchase. 840 message StolenInstrumentVerdict { 841 // Probability (0-1) of this transaction being executed with a stolen 842 // instrument. 843 float risk = 1; 844 } 845 846 // Information about card testing fraud, where an adversary is testing 847 // fraudulently obtained cards or brute forcing their details. 848 message CardTestingVerdict { 849 // Probability (0-1) of this transaction attempt being part of a card 850 // testing attack. 851 float risk = 1; 852 } 853 854 // Probability (0-1) of this transaction being fraudulent. Summarizes the 855 // combined risk of attack vectors below. 856 float transaction_risk = 1; 857 858 // Assessment of this transaction for risk of a stolen instrument. 859 StolenInstrumentVerdict stolen_instrument_verdict = 2; 860 861 // Assessment of this transaction for risk of being part of a card testing 862 // attack. 863 CardTestingVerdict card_testing_verdict = 3; 864} 865 866// Account defender risk assessment. 867message AccountDefenderAssessment { 868 // Labels returned by account defender for this request. 869 enum AccountDefenderLabel { 870 // Default unspecified type. 871 ACCOUNT_DEFENDER_LABEL_UNSPECIFIED = 0; 872 873 // The request matches a known good profile for the user. 874 PROFILE_MATCH = 1; 875 876 // The request is potentially a suspicious login event and must be further 877 // verified either through multi-factor authentication or another system. 878 SUSPICIOUS_LOGIN_ACTIVITY = 2; 879 880 // The request matched a profile that previously had suspicious account 881 // creation behavior. This can mean that this is a fake account. 882 SUSPICIOUS_ACCOUNT_CREATION = 3; 883 884 // The account in the request has a high number of related accounts. It does 885 // not necessarily imply that the account is bad but can require further 886 // investigation. 887 RELATED_ACCOUNTS_NUMBER_HIGH = 4; 888 } 889 890 // Labels for this request. 891 repeated AccountDefenderLabel labels = 1; 892} 893 894// The create key request message. 895message CreateKeyRequest { 896 // Required. The name of the project in which the key will be created, in the 897 // format "projects/{project}". 898 string parent = 1 [ 899 (google.api.field_behavior) = REQUIRED, 900 (google.api.resource_reference) = { 901 type: "cloudresourcemanager.googleapis.com/Project" 902 } 903 ]; 904 905 // Required. Information to create a reCAPTCHA Enterprise key. 906 Key key = 2 [(google.api.field_behavior) = REQUIRED]; 907} 908 909// The list keys request message. 910message ListKeysRequest { 911 // Required. The name of the project that contains the keys that will be 912 // listed, in the format "projects/{project}". 913 string parent = 1 [ 914 (google.api.field_behavior) = REQUIRED, 915 (google.api.resource_reference) = { 916 type: "cloudresourcemanager.googleapis.com/Project" 917 } 918 ]; 919 920 // Optional. The maximum number of keys to return. Default is 10. Max limit is 921 // 1000. 922 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 923 924 // Optional. The next_page_token value returned from a previous. 925 // ListKeysRequest, if any. 926 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 927} 928 929// Response to request to list keys in a project. 930message ListKeysResponse { 931 // Key details. 932 repeated Key keys = 1; 933 934 // Token to retrieve the next page of results. It is set to empty if no keys 935 // remain in results. 936 string next_page_token = 2; 937} 938 939// The retrieve legacy secret key request message. 940message RetrieveLegacySecretKeyRequest { 941 // Required. The public key name linked to the requested secret key in the 942 // format "projects/{project}/keys/{key}". 943 string key = 1 [ 944 (google.api.field_behavior) = REQUIRED, 945 (google.api.resource_reference) = { 946 type: "recaptchaenterprise.googleapis.com/Key" 947 } 948 ]; 949} 950 951// The get key request message. 952message GetKeyRequest { 953 // Required. The name of the requested key, in the format 954 // "projects/{project}/keys/{key}". 955 string name = 1 [ 956 (google.api.field_behavior) = REQUIRED, 957 (google.api.resource_reference) = { 958 type: "recaptchaenterprise.googleapis.com/Key" 959 } 960 ]; 961} 962 963// The update key request message. 964message UpdateKeyRequest { 965 // Required. The key to update. 966 Key key = 1 [(google.api.field_behavior) = REQUIRED]; 967 968 // Optional. The mask to control which fields of the key get updated. If the 969 // mask is not present, all fields will be updated. 970 google.protobuf.FieldMask update_mask = 2 971 [(google.api.field_behavior) = OPTIONAL]; 972} 973 974// The delete key request message. 975message DeleteKeyRequest { 976 // Required. The name of the key to be deleted, in the format 977 // "projects/{project}/keys/{key}". 978 string name = 1 [ 979 (google.api.field_behavior) = REQUIRED, 980 (google.api.resource_reference) = { 981 type: "recaptchaenterprise.googleapis.com/Key" 982 } 983 ]; 984} 985 986// The migrate key request message. 987message MigrateKeyRequest { 988 // Required. The name of the key to be migrated, in the format 989 // "projects/{project}/keys/{key}". 990 string name = 1 [ 991 (google.api.field_behavior) = REQUIRED, 992 (google.api.resource_reference) = { 993 type: "recaptchaenterprise.googleapis.com/Key" 994 } 995 ]; 996 997 // Optional. If true, skips the billing check. 998 // A reCAPTCHA Enterprise key or migrated key behaves differently than a 999 // reCAPTCHA (non-Enterprise version) key when you reach a quota limit (see 1000 // https://cloud.google.com/recaptcha-enterprise/quotas#quota_limit). To avoid 1001 // any disruption of your usage, we check that a billing account is present. 1002 // If your usage of reCAPTCHA is under the free quota, you can safely skip the 1003 // billing check and proceed with the migration. See 1004 // https://cloud.google.com/recaptcha-enterprise/docs/billing-information. 1005 bool skip_billing_check = 2 [(google.api.field_behavior) = OPTIONAL]; 1006} 1007 1008// The get metrics request message. 1009message GetMetricsRequest { 1010 // Required. The name of the requested metrics, in the format 1011 // "projects/{project}/keys/{key}/metrics". 1012 string name = 1 [ 1013 (google.api.field_behavior) = REQUIRED, 1014 (google.api.resource_reference) = { 1015 type: "recaptchaenterprise.googleapis.com/Metrics" 1016 } 1017 ]; 1018} 1019 1020// Metrics for a single Key. 1021message Metrics { 1022 option (google.api.resource) = { 1023 type: "recaptchaenterprise.googleapis.com/Metrics" 1024 pattern: "projects/{project}/keys/{key}/metrics" 1025 }; 1026 1027 // Output only. The name of the metrics, in the format 1028 // "projects/{project}/keys/{key}/metrics". 1029 string name = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 1030 1031 // Inclusive start time aligned to a day (UTC). 1032 google.protobuf.Timestamp start_time = 1; 1033 1034 // Metrics will be continuous and in order by dates, and in the granularity 1035 // of day. All Key types should have score-based data. 1036 repeated ScoreMetrics score_metrics = 2; 1037 1038 // Metrics will be continuous and in order by dates, and in the granularity 1039 // of day. Only challenge-based keys (CHECKBOX, INVISIBLE), will have 1040 // challenge-based data. 1041 repeated ChallengeMetrics challenge_metrics = 3; 1042} 1043 1044// Secret key is used only in legacy reCAPTCHA. It must be used in a 3rd party 1045// integration with legacy reCAPTCHA. 1046message RetrieveLegacySecretKeyResponse { 1047 // The secret key (also known as shared secret) authorizes communication 1048 // between your application backend and the reCAPTCHA Enterprise server to 1049 // create an assessment. 1050 // The secret key needs to be kept safe for security purposes. 1051 string legacy_secret_key = 1; 1052} 1053 1054// A key used to identify and configure applications (web and/or mobile) that 1055// use reCAPTCHA Enterprise. 1056message Key { 1057 option (google.api.resource) = { 1058 type: "recaptchaenterprise.googleapis.com/Key" 1059 pattern: "projects/{project}/keys/{key}" 1060 }; 1061 1062 // The resource name for the Key in the format 1063 // "projects/{project}/keys/{key}". 1064 string name = 1; 1065 1066 // Human-readable display name of this key. Modifiable by user. 1067 string display_name = 2; 1068 1069 // Platform specific settings for this key. The key can only be used on a 1070 // platform for which the settings are enabled. 1071 oneof platform_settings { 1072 // Settings for keys that can be used by websites. 1073 WebKeySettings web_settings = 3; 1074 1075 // Settings for keys that can be used by Android apps. 1076 AndroidKeySettings android_settings = 4; 1077 1078 // Settings for keys that can be used by iOS apps. 1079 IOSKeySettings ios_settings = 5; 1080 } 1081 1082 // See <a href="https://cloud.google.com/recaptcha-enterprise/docs/labels"> 1083 // Creating and managing labels</a>. 1084 map<string, string> labels = 6; 1085 1086 // Output only. The timestamp corresponding to the creation of this Key. 1087 google.protobuf.Timestamp create_time = 7 1088 [(google.api.field_behavior) = OUTPUT_ONLY]; 1089 1090 // Options for user acceptance testing. 1091 TestingOptions testing_options = 9; 1092 1093 // Settings for WAF 1094 WafSettings waf_settings = 10; 1095} 1096 1097// Options for user acceptance testing. 1098message TestingOptions { 1099 // Enum that represents the challenge option for challenge-based (CHECKBOX, 1100 // INVISIBLE) testing keys. 1101 enum TestingChallenge { 1102 // Perform the normal risk analysis and return either nocaptcha or a 1103 // challenge depending on risk and trust factors. 1104 TESTING_CHALLENGE_UNSPECIFIED = 0; 1105 1106 // Challenge requests for this key always return a nocaptcha, which 1107 // does not require a solution. 1108 NOCAPTCHA = 1; 1109 1110 // Challenge requests for this key always return an unsolvable 1111 // challenge. 1112 UNSOLVABLE_CHALLENGE = 2; 1113 } 1114 1115 // All assessments for this Key will return this score. Must be between 0 1116 // (likely not legitimate) and 1 (likely legitimate) inclusive. 1117 float testing_score = 1; 1118 1119 // For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests 1120 // for this site will return nocaptcha if NOCAPTCHA, or an unsolvable 1121 // challenge if CHALLENGE. 1122 TestingChallenge testing_challenge = 2; 1123} 1124 1125// Settings specific to keys that can be used by websites. 1126message WebKeySettings { 1127 // Enum that represents the integration types for web keys. 1128 enum IntegrationType { 1129 // Default type that indicates this enum hasn't been specified. This is not 1130 // a valid IntegrationType, one of the other types must be specified 1131 // instead. 1132 INTEGRATION_TYPE_UNSPECIFIED = 0; 1133 1134 // Only used to produce scores. It doesn't display the "I'm not a robot" 1135 // checkbox and never shows captcha challenges. 1136 SCORE = 1; 1137 1138 // Displays the "I'm not a robot" checkbox and may show captcha challenges 1139 // after it is checked. 1140 CHECKBOX = 2; 1141 1142 // Doesn't display the "I'm not a robot" checkbox, but may show captcha 1143 // challenges after risk analysis. 1144 INVISIBLE = 3; 1145 } 1146 1147 // Enum that represents the possible challenge frequency and difficulty 1148 // configurations for a web key. 1149 enum ChallengeSecurityPreference { 1150 // Default type that indicates this enum hasn't been specified. 1151 CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED = 0; 1152 1153 // Key tends to show fewer and easier challenges. 1154 USABILITY = 1; 1155 1156 // Key tends to show balanced (in amount and difficulty) challenges. 1157 BALANCE = 2; 1158 1159 // Key tends to show more and harder challenges. 1160 SECURITY = 3; 1161 } 1162 1163 // If set to true, it means allowed_domains will not be enforced. 1164 bool allow_all_domains = 3; 1165 1166 // Domains or subdomains of websites allowed to use the key. All subdomains 1167 // of an allowed domain are automatically allowed. A valid domain requires a 1168 // host and must not include any path, port, query or fragment. 1169 // Examples: 'example.com' or 'subdomain.example.com' 1170 repeated string allowed_domains = 1; 1171 1172 // If set to true, the key can be used on AMP (Accelerated Mobile Pages) 1173 // websites. This is supported only for the SCORE integration type. 1174 bool allow_amp_traffic = 2; 1175 1176 // Required. Describes how this key is integrated with the website. 1177 IntegrationType integration_type = 4 [(google.api.field_behavior) = REQUIRED]; 1178 1179 // Settings for the frequency and difficulty at which this key triggers 1180 // captcha challenges. This should only be specified for IntegrationTypes 1181 // CHECKBOX and INVISIBLE. 1182 ChallengeSecurityPreference challenge_security_preference = 5; 1183} 1184 1185// Settings specific to keys that can be used by Android apps. 1186message AndroidKeySettings { 1187 // If set to true, allowed_package_names are not enforced. 1188 bool allow_all_package_names = 2; 1189 1190 // Android package names of apps allowed to use the key. 1191 // Example: 'com.companyname.appname' 1192 repeated string allowed_package_names = 1; 1193} 1194 1195// Settings specific to keys that can be used by iOS apps. 1196message IOSKeySettings { 1197 // If set to true, allowed_bundle_ids are not enforced. 1198 bool allow_all_bundle_ids = 2; 1199 1200 // iOS bundle ids of apps allowed to use the key. 1201 // Example: 'com.companyname.productname.appname' 1202 repeated string allowed_bundle_ids = 1; 1203} 1204 1205// Score distribution. 1206message ScoreDistribution { 1207 // Map key is score value multiplied by 100. The scores are discrete values 1208 // between [0, 1]. The maximum number of buckets is on order of a few dozen, 1209 // but typically much lower (ie. 10). 1210 map<int32, int64> score_buckets = 1; 1211} 1212 1213// Metrics related to scoring. 1214message ScoreMetrics { 1215 // Aggregated score metrics for all traffic. 1216 ScoreDistribution overall_metrics = 1; 1217 1218 // Action-based metrics. The map key is the action name which specified by the 1219 // site owners at time of the "execute" client-side call. 1220 map<string, ScoreDistribution> action_metrics = 2; 1221} 1222 1223// Metrics related to challenges. 1224message ChallengeMetrics { 1225 // Count of reCAPTCHA checkboxes or badges rendered. This is mostly equivalent 1226 // to a count of pageloads for pages that include reCAPTCHA. 1227 int64 pageload_count = 1; 1228 1229 // Count of nocaptchas (successful verification without a challenge) issued. 1230 int64 nocaptcha_count = 2; 1231 1232 // Count of submitted challenge solutions that were incorrect or otherwise 1233 // deemed suspicious such that a subsequent challenge was triggered. 1234 int64 failed_count = 3; 1235 1236 // Count of nocaptchas (successful verification without a challenge) plus 1237 // submitted challenge solutions that were correct and resulted in 1238 // verification. 1239 int64 passed_count = 4; 1240} 1241 1242// The request message to list memberships in a related account group. 1243message ListRelatedAccountGroupMembershipsRequest { 1244 // Required. The resource name for the related account group in the format 1245 // `projects/{project}/relatedaccountgroups/{relatedaccountgroup}`. 1246 string parent = 1 [ 1247 (google.api.field_behavior) = REQUIRED, 1248 (google.api.resource_reference) = { 1249 child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership" 1250 } 1251 ]; 1252 1253 // Optional. The maximum number of accounts to return. The service might 1254 // return fewer than this value. If unspecified, at most 50 accounts are 1255 // returned. The maximum value is 1000; values above 1000 are coerced to 1000. 1256 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1257 1258 // Optional. A page token, received from a previous 1259 // `ListRelatedAccountGroupMemberships` call. 1260 // 1261 // When paginating, all other parameters provided to 1262 // `ListRelatedAccountGroupMemberships` must match the call that provided the 1263 // page token. 1264 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1265} 1266 1267// The response to a `ListRelatedAccountGroupMemberships` call. 1268message ListRelatedAccountGroupMembershipsResponse { 1269 // The memberships listed by the query. 1270 repeated RelatedAccountGroupMembership related_account_group_memberships = 1; 1271 1272 // A token, which can be sent as `page_token` to retrieve the next page. 1273 // If this field is omitted, there are no subsequent pages. 1274 string next_page_token = 2; 1275} 1276 1277// The request message to list related account groups. 1278message ListRelatedAccountGroupsRequest { 1279 // Required. The name of the project to list related account groups from, in 1280 // the format "projects/{project}". 1281 string parent = 1 [ 1282 (google.api.field_behavior) = REQUIRED, 1283 (google.api.resource_reference) = { 1284 child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroup" 1285 } 1286 ]; 1287 1288 // Optional. The maximum number of groups to return. The service might return 1289 // fewer than this value. If unspecified, at most 50 groups are returned. The 1290 // maximum value is 1000; values above 1000 are coerced to 1000. 1291 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 1292 1293 // Optional. A page token, received from a previous `ListRelatedAccountGroups` 1294 // call. Provide this to retrieve the subsequent page. 1295 // 1296 // When paginating, all other parameters provided to 1297 // `ListRelatedAccountGroups` must match the call that provided the page 1298 // token. 1299 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 1300} 1301 1302// The response to a `ListRelatedAccountGroups` call. 1303message ListRelatedAccountGroupsResponse { 1304 // The groups of related accounts listed by the query. 1305 repeated RelatedAccountGroup related_account_groups = 1; 1306 1307 // A token, which can be sent as `page_token` to retrieve the next page. 1308 // If this field is omitted, there are no subsequent pages. 1309 string next_page_token = 2; 1310} 1311 1312// The request message to search related account group memberships. 1313message SearchRelatedAccountGroupMembershipsRequest { 1314 // Required. The name of the project to search related account group 1315 // memberships from. Specify the project name in the following format: 1316 // "projects/{project}". 1317 string project = 1 [ 1318 (google.api.field_behavior) = REQUIRED, 1319 (google.api.resource_reference) = { 1320 child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership" 1321 } 1322 ]; 1323 1324 // Optional. The unique stable hashed user identifier we should search 1325 // connections to. The identifier should correspond to a `hashed_account_id` 1326 // provided in a previous `CreateAssessment` or `AnnotateAssessment` call. 1327 bytes hashed_account_id = 2 [(google.api.field_behavior) = OPTIONAL]; 1328 1329 // Optional. The maximum number of groups to return. The service might return 1330 // fewer than this value. If unspecified, at most 50 groups are returned. The 1331 // maximum value is 1000; values above 1000 are coerced to 1000. 1332 int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL]; 1333 1334 // Optional. A page token, received from a previous 1335 // `SearchRelatedAccountGroupMemberships` call. Provide this to retrieve the 1336 // subsequent page. 1337 // 1338 // When paginating, all other parameters provided to 1339 // `SearchRelatedAccountGroupMemberships` must match the call that provided 1340 // the page token. 1341 string page_token = 4 [(google.api.field_behavior) = OPTIONAL]; 1342} 1343 1344// The response to a `SearchRelatedAccountGroupMemberships` call. 1345message SearchRelatedAccountGroupMembershipsResponse { 1346 // The queried memberships. 1347 repeated RelatedAccountGroupMembership related_account_group_memberships = 1; 1348 1349 // A token, which can be sent as `page_token` to retrieve the next page. 1350 // If this field is omitted, there are no subsequent pages. 1351 string next_page_token = 2; 1352} 1353 1354// A membership in a group of related accounts. 1355message RelatedAccountGroupMembership { 1356 option (google.api.resource) = { 1357 type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership" 1358 pattern: "projects/{project}/relatedaccountgroups/{relatedaccountgroup}/memberships/{membership}" 1359 }; 1360 1361 // Required. The resource name for this membership in the format 1362 // `projects/{project}/relatedaccountgroups/{relatedaccountgroup}/memberships/{membership}`. 1363 string name = 1 [ 1364 (google.api.field_behavior) = REQUIRED, 1365 (google.api.resource_reference) = { 1366 type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership" 1367 } 1368 ]; 1369 1370 // The unique stable hashed user identifier of the member. The identifier 1371 // corresponds to a `hashed_account_id` provided in a previous 1372 // `CreateAssessment` or `AnnotateAssessment` call. 1373 bytes hashed_account_id = 2; 1374} 1375 1376// A group of related accounts. 1377message RelatedAccountGroup { 1378 option (google.api.resource) = { 1379 type: "recaptchaenterprise.googleapis.com/RelatedAccountGroup" 1380 pattern: "projects/{project}/relatedaccountgroups/{relatedaccountgroup}" 1381 }; 1382 1383 // Required. The resource name for the related account group in the format 1384 // `projects/{project}/relatedaccountgroups/{related_account_group}`. 1385 string name = 1 [ 1386 (google.api.field_behavior) = REQUIRED, 1387 (google.api.resource_reference) = { 1388 type: "recaptchaenterprise.googleapis.com/RelatedAccountGroup" 1389 } 1390 ]; 1391} 1392 1393// Settings specific to keys that can be used for WAF (Web Application 1394// Firewall). 1395message WafSettings { 1396 // Supported WAF features. For more information, see 1397 // https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. 1398 enum WafFeature { 1399 // Undefined feature. 1400 WAF_FEATURE_UNSPECIFIED = 0; 1401 1402 // Redirects suspicious traffic to reCAPTCHA. 1403 CHALLENGE_PAGE = 1; 1404 1405 // Use reCAPTCHA session-tokens to protect the whole user session on the 1406 // site's domain. 1407 SESSION_TOKEN = 2; 1408 1409 // Use reCAPTCHA action-tokens to protect user actions. 1410 ACTION_TOKEN = 3; 1411 } 1412 1413 // Web Application Firewalls supported by reCAPTCHA Enterprise. 1414 enum WafService { 1415 // Undefined WAF 1416 WAF_SERVICE_UNSPECIFIED = 0; 1417 1418 // Cloud Armor 1419 CA = 1; 1420 } 1421 1422 // Required. The WAF service that uses this key. 1423 WafService waf_service = 1 [(google.api.field_behavior) = REQUIRED]; 1424 1425 // Required. The WAF feature for which this key is enabled. 1426 WafFeature waf_feature = 2 [(google.api.field_behavior) = REQUIRED]; 1427} 1428