- JSON representation
- ClientSettings
- ProtectedEndpointGroup
- ProtectedEndpoint
- ChallengeRuleGroup
- ChallengeRule
- NoChallengeOutcome
- ChallengeOutcome
A complete configuration set containing multiple grouped rules defining the behavior of reCAPTCHA for fraud detection and prevention.
| JSON representation |
|---|
{ "name": string, "clientSettings": { object ( |
| Fields | |
|---|---|
name |
Identifier. Resource name for this policy. Format: "projects/{project}/keys/{key}/policy" for a policy under a key. |
clientSettings |
Required. Configuration for clients protected by this policy. |
challengeRuleGroups[] |
Optional. Rules to configure the behavior of reCAPTCHA for showing a challenge. Rule groups are evaluated in order. Evaluation stops when the first matching rule group is found. |
ClientSettings
Configuration for clients to protect with reCAPTCHA.
| JSON representation |
|---|
{
"allowedDomains": [
string
],
"allowAllDomains": boolean,
"protectedEndpointGroup": {
object ( |
| Fields | |
|---|---|
allowedDomains[] |
Optional. Domains or subdomains of websites allowed to use the policy. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com' Each policy supports a maximum of 250 domains. To use a policy on more domains, set |
allowAllDomains |
Optional. If set to true, it means allowedDomains are not enforced. |
protectedEndpointGroup |
Optional. Configuration for all API endpoints to protect with reCAPTCHA. If this field is not set, reCAPTCHA will not automatically request tokens on any API endpoints. |
ProtectedEndpointGroup
Configuration for API endpoints to protect with reCAPTCHA.
| JSON representation |
|---|
{
"protectedEndpoints": [
{
object ( |
| Fields | |
|---|---|
protectedEndpoints[] |
Optional. List of API endpoints to automatically protect with reCAPTCHA. If any of these endpoints is invoked from a page where a key bound to this policy is installed, a reCAPTCHA token is automatically generated and attached to the request. If multiple protected endpoints match a given API endpoint, the first one in the list is used. |
ProtectedEndpoint
Configuration for an API endpoint to protect with reCAPTCHA.
| JSON representation |
|---|
{ "path": string, "action": string } |
| Fields | |
|---|---|
path |
Required. URI path of the API endpoint to protect. Must start with '/'. Supports glob characters '*' to match a single path segment and '**' to match multiple path segments. Standalone root catch-alls ('/*' and '/**') are invalid because it would hurt performance to trigger reCAPTCHA on every single request to your backend. Matching is evaluated against the URL path only (domain, scheme, and query parameters are ignored). Examples: - |
action |
Required. Action name to be used for token generation for this endpoint. The action name is not case-sensitive and can only contain alphanumeric characters, slashes, and underscores. |
ChallengeRuleGroup
A collection of challenge rules that applies to one or more actions.
| JSON representation |
|---|
{
"actions": [
string
],
"challengeRules": [
{
object ( |
| Fields | |
|---|---|
actions[] |
Required. Action name provided at token generation. The action name is not case-sensitive and can only contain alphanumeric characters, slashes, and underscores. If "*" is provided, the rule group applies to all actions. If multiple actions are provided, the rule group is applied to all of them. This field is required. |
challengeRules[] |
Required. A list of rules that configure when and how reCAPTCHA presents a challenge. reCAPTCHA evaluates these rules in order and applies the first one that matches. |
ChallengeRule
A rule to configure the behavior of reCAPTCHA for conditionally presenting a challenge.
| JSON representation |
|---|
{ "condition": string, // Union field |
| Fields | |
|---|---|
condition |
Optional. A CEL condition that must be met for this rule to apply. The following fields can be referenced in the condition: * Examples: * |
Union field outcome. Required. The outcome to apply when this challenge rule matches. outcome can be only one of the following: |
|
noChallenge |
Do not present a challenge to the user. |
challenge |
Present a challenge to the user. |
NoChallengeOutcome
This type has no fields.
An outcome that indicates that no challenge should be presented to the user.
ChallengeOutcome
An outcome that indicates that a challenge of a specified difficulty should be presented to the user.
| JSON representation |
|---|
{
"difficulty": enum ( |
| Fields | |
|---|---|
difficulty |
Optional. The difficulty of the challenge to present to the user. If unspecified, |