本頁面由 Cloud Translation API 翻譯而成。

建立行動應用程式的評估

本頁說明如何建立評估，讓後端驗證 reCAPTCHA 傳送的權杖是否有效。當使用者觸發動作時，reCAPTCHA 會傳送加密的回應，也就是 reCAPTCHA 回應權杖 (權杖)。

您必須建立評估作業，將產生的權杖提交至評估端點，才能在後端評估 execute() 的結果。reCAPTCHA 會處理提交的權杖，並回報權杖的有效性和分數。

每月前 10,000 次 reCAPTCHA 評估免費。達到每月免費使用上限 (每月 10,000 次評估) 後，如要繼續建立評估，請為 Google Cloud 專案啟用帳單功能。如要進一步瞭解 reCAPTCHA 的計費方式，請參閱帳單資訊。

事前準備

準備 reCAPTCHA 環境。
請確認您擁有下列 Identity and Access Management 角色： reCAPTCHA Enterprise 代理人 (roles/recaptchaenterprise.agent)。
在 iOS 應用程式或 Android 應用程式中安裝計分金鑰。

設定 reCAPTCHA 驗證。

可選用的驗證方法取決於 reCAPTCHA 的設定環境。下表可協助您選擇適當的驗證方法和支援的介面，以設定驗證：

環境	介面	驗證方式
Google Cloud	REST 用戶端程式庫	使用附加的服務帳戶。
地端部署或其他雲端服務供應商	REST	使用 API 金鑰或 Workload Identity 聯盟。如要使用 API 金鑰，建議套用 API 金鑰限制，確保 API 金鑰安全無虞。
用戶端程式庫	使用下列設定：如果是 Python 或 Java，請使用 API 金鑰或 Workload Identity Federation。如要使用 API 金鑰，建議套用 API 金鑰限制，確保 API 金鑰安全無虞。其他語言請使用 Workload Identity 聯盟。

環境

介面

驗證方式

Google Cloud

REST
用戶端程式庫

使用附加的服務帳戶。

地端部署或其他雲端服務供應商

REST

使用 API 金鑰或 Workload Identity 聯盟。

如要使用 API 金鑰，建議套用 API 金鑰限制，確保 API 金鑰安全無虞。

用戶端程式庫

使用下列設定：

如果是 Python 或 Java，請使用 API 金鑰或 Workload Identity Federation。
如要使用 API 金鑰，建議套用 API 金鑰限制，確保 API 金鑰安全無虞。
其他語言請使用 Workload Identity 聯盟。

擷取權杖

從 execute() 呼叫的回應中擷取代碼。

您只能「一次」存取每位使用者的權杖。如果您需要評估使用者在行動應用程式中執行的後續操作，或在建立評估之前，憑證已過期，則必須再次呼叫 execute()，以產生新憑證。

建立評估

設定驗證後，請傳送要求至 reCAPTCHA Enterprise API 或使用 reCAPTCHA 用戶端程式庫，建立評估作業。

為提升偵測準確度，建議您在建立評估時傳遞下列額外值：

userAgent：使用者代理程式會納入要求標頭中的 HTTP 要求。詳情請參閱 Mozilla 開發人員網路說明文件中的「瞭解 User-Agent 要求標頭」。
userIpAddress：傳送要求至後端的使用者 IP 位址會顯示在 HTTP 要求中。如果您使用 Proxy 伺服器，IP 位址會顯示在 X-Forwarded-For 要求標頭中。如要進一步瞭解如何取得 IP 位址，請參閱 X-Forwarded-For。
ja4：JA4 是用於指紋辨識 TLS 用戶端的開放原始碼方法。如要進一步瞭解如何建立 JA4 指紋，請參閱 GitHub 上的 JA4 文件。
ja3：JA3 是用於指紋辨識 TLS 用戶端的開放原始碼方法。如要進一步瞭解如何建立 JA3 指紋，請參閱 GitHub 上的 JA3 文件。

有助於保護網站和行動應用程式，防範進階攻擊模式和人為濫用行為。

REST API

將要求傳送至 reCAPTCHA API，即可建立評估作業。您可以使用 gcloud CLI 或 API 金鑰進行驗證。

使用 gcloud CLI

使用 projects.assessments.create 方法建立評估。將這項要求傳送至 v1 API 端點。

使用任何要求資料之前，請先替換以下項目：

PROJECT_ID：您的 Google Cloud 專案 ID
TOKEN：從 grecaptcha.enterprise.execute() 呼叫傳回的權杖
KEY_ID：與網站或應用程式相關聯的 reCAPTCHA 金鑰。詳情請參閱「reCAPTCHA 金鑰」。
USER_AGENT：使用者裝置發出要求時的使用者代理程式。
USER_IP_ADDRESS：使用者裝置發出要求時的 IP 位址。
JA4：傳輸層安全標準 (TLS) 用戶端的 JA4 指紋。建議使用 FoxIO-LLC/ja4 計算 JA4 指紋。
JA3：傳輸層安全標準 (TLS) 用戶端的 JA3 指紋。建議使用 salesforce/ja3 計算 JA3 指紋。
USER_ACTION：您在 grecaptcha.enterprise.execute() 呼叫中為 action 指定的動作 (由使用者發起)，例如 login。
詳情請參閱「動作名稱」。

HTTP 方法和網址：

POST https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments

JSON 要求主體：

{
  "event": {
    "token": "TOKEN",
    "siteKey": "KEY_ID",
    "userAgent": "USER_AGENT",
    "userIpAddress": "USER_IP_ADDRESS",
    "ja4": "JA4",
    "ja3": "JA3",
    "expectedAction": "USER_ACTION"
  }
}

如要傳送要求，請選擇以下其中一個選項：

curl

注意： 下列指令假設您已執行 gcloud init 或 gcloud auth login，透過使用者帳戶登入 gcloud CLI，或使用 Cloud Shell，自動登入 gcloud CLI。您可以執行 gcloud auth list 查看目前有效的帳戶。

將要求主體儲存在名為 request.json 的檔案中，然後執行下列指令：

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments"

PowerShell

注意： 下列指令假設您已執行 gcloud init 或 gcloud auth login，透過使用者帳戶登入 gcloud CLI。您可以執行 gcloud auth list 查看目前有效的帳戶。

將要求主體儲存在名為 request.json 的檔案中，然後執行下列指令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments" | Select-Object -Expand Content

您應該會收到如下的 JSON 回應：

{
  "tokenProperties": {
    "valid": true,
    "com.example.app" or "iosBundleId": "com.example.app",
    "action": "homepage",
    "createTime": "2019-03-28T12:24:17.894Z"
   },
  "riskAnalysis": {
    "score": 0.1,
    "reasons": ["AUTOMATION"]
  },
 "event": {
    "token": "TOKEN",
    "siteKey": "KEY_ID",
    "userAgent": "USER_AGENT",
    "userIpAddress": "USER_IP_ADDRESS",
    "ja4": "JA4",
    "ja3": "JA3",
    "expectedAction": "USER_ACTION"
  },
  "name": "projects/PROJECT_NUMBER/assessments/b6ac310000000000"
}

注意：如要整合動作，請在呼叫 projects.assessments.create 方法時，確認 action 的傳回值與 expectedAction 相符。如果不相符，表示有攻擊者企圖假冒正常操作。您可以針對使用者互動採取行動，例如新增額外驗證或封鎖互動，以防範任何詐欺活動。

建議您在非嚴格剖析模式中使用任何 JSON 剖析器，以免 JSON 回應中新增其他欄位時發生任何中斷情形。

使用 API 金鑰

使用 projects.assessments.create 方法建立評估。將這項要求傳送至 v1 API 端點。

注意：如果您使用 v1beta1 版本的 API，建議改用 v1 版本，因為 reCAPTCHA 帳戶防護等新功能僅適用於 v1 版本。如要從 v1beta1 遷移至 v1，請參閱「從 v1beta API 遷移至 v1 API」。

使用任何要求資料之前，請先替換以下項目：

API_KEY：與目前專案相關聯的 API 金鑰
PROJECT_ID：您的 Google Cloud 專案 ID
TOKEN：從 grecaptcha.enterprise.execute() 呼叫傳回的權杖
KEY_ID：與網站或應用程式相關聯的 reCAPTCHA 金鑰。詳情請參閱「reCAPTCHA 金鑰」。
USER_AGENT：使用者裝置發出要求時的使用者代理程式。
USER_IP_ADDRESS：使用者裝置發出要求時的 IP 位址。
JA3：SSL 用戶端的 JA3 指紋。建議使用 salesforce/ja3 計算 JA3。
USER_ACTION：您在 grecaptcha.enterprise.execute() 呼叫中為 action 指定的動作 (由使用者發起)，例如 login。
詳情請參閱「動作名稱」。

HTTP 方法和網址：

POST https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY

JSON 要求主體：

{
  "event": {
    "token": "TOKEN",
    "siteKey": "KEY_ID",
    "userAgent": "USER_AGENT",
    "userIpAddress": "USER_IP_ADDRESS",
    "ja3": "JA3",
    "expectedAction": "USER_ACTION"
  }
}

如要傳送要求，請選擇以下其中一個選項：

curl

將要求主體儲存在名為 request.json 的檔案中，然後執行下列指令：

curl -X POST \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY"

PowerShell

將要求主體儲存在名為 request.json 的檔案中，然後執行下列指令：

$headers = @{  }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://recaptchaenterprise.googleapis.com/v1/projects/PROJECT_ID/assessments?key=API_KEY" | Select-Object -Expand Content

您應該會收到如下的 JSON 回應：

{
  "tokenProperties": {
    "valid": true,
    "hostname": "www.google.com",
    "action": "homepage",
    "createTime": "2019-03-28T12:24:17.894Z"
   },
  "riskAnalysis": {
    "score": 0.1,
    "reasons": ["AUTOMATION"]
  },
  "event": {
    "token": "TOKEN",
    "siteKey": "KEY_ID",
    "userAgent": "USER_AGENT",
    "userIpAddress": "USER_IP_ADDRESS",
    "ja3": "JA3",
    "expectedAction": "USER_ACTION"
  },
  "name": "projects/PROJECT_NUMBER/assessments/b6ac310000000000"
}

注意：如要與動作整合，請在呼叫 projects.assessments.create 方法時，確認 action 的回傳值與 expectedAction 相符。如果不相符，表示有攻擊者企圖假冒正常操作。您可以針對使用者互動採取行動，例如新增額外驗證或封鎖互動，以防範任何詐欺活動。

建議您在非嚴格剖析模式中使用任何 JSON 剖析器，以免 JSON 回應中新增其他欄位時發生任何中斷情形。

C#

  using System;
  using Google.Api.Gax.ResourceNames;
  using Google.Cloud.RecaptchaEnterprise.V1;

  public class CreateAssessmentSample
  {
      // Create an assessment to analyze the risk of a UI action.
      // projectID: Google Cloud project ID.
      // recaptchaKey: reCAPTCHA key obtained by registering a domain or an app to use reCAPTCHA Enterprise.
      // token: The token obtained from the client on passing the recaptchaKey.
      // recaptchaAction: Action name corresponding to the token.
      public void createAssessment(string projectID = "project-id", string recaptchaKey = "recaptcha-key",
          string token = "action-token", string recaptchaAction = "action-name")
      {

          // Create the client.
          // TODO: To avoid memory issues, move this client generation outside
          // of this example, and cache it (recommended) or call client.close()
          // before exiting this method.
          RecaptchaEnterpriseServiceClient client = RecaptchaEnterpriseServiceClient.Create();

          ProjectName projectName = new ProjectName(projectID);

          // Build the assessment request.
          CreateAssessmentRequest createAssessmentRequest = new CreateAssessmentRequest()
          {
              Assessment = new Assessment()
              {
                  // Set the properties of the event to be tracked.
                  Event = new Event()
                  {
                      SiteKey = recaptchaKey,
                      Token = token,
                      ExpectedAction = recaptchaAction
                  },
              },
              ParentAsProjectName = projectName
          };

          Assessment response = client.CreateAssessment(createAssessmentRequest);

          // Check if the token is valid.
          if (response.TokenProperties.Valid == false)
          {
              System.Console.WriteLine("The CreateAssessment call failed because the token was: " +
                  response.TokenProperties.InvalidReason.ToString());
              return;
          }

          // Check if the expected action was executed.
          if (response.TokenProperties.Action != recaptchaAction)
          {
              System.Console.WriteLine("The action attribute in reCAPTCHA tag is: " +
                  response.TokenProperties.Action.ToString());
              System.Console.WriteLine("The action attribute in the reCAPTCHA tag does not " +
                  "match the action you are expecting to score");
              return;
          }

          // Get the risk score and the reasons.
          // For more information on interpreting the assessment,
          // see: https://cloud.google.com/recaptcha/docs/interpret-assessment
          System.Console.WriteLine("The reCAPTCHA score is: " + ((decimal)response.RiskAnalysis.Score));

          foreach (RiskAnalysis.Types.ClassificationReason reason in response.RiskAnalysis.Reasons)
          {
              System.Console.WriteLine(reason.ToString());
          }
      }

      public static void Main(string[] args)
      {
          new CreateAssessmentSample().createAssessment();
      }
  }

Go

  import (
    "context"
    "fmt"

    recaptcha "cloud.google.com/go/recaptchaenterprise/v2/apiv1"
    recaptchapb "cloud.google.com/go/recaptchaenterprise/v2/apiv1/recaptchaenterprisepb"
  )

  func main() {
    // TODO(developer): Replace these variables before running the sample.
    projectID := "project-id"
    recaptchaKey := "recaptcha-key"
    token := "action-token"
    recaptchaAction := "action-name"

    createAssessment(projectID, recaptchaKey, token, recaptchaAction)
  }

  /**
  * Create an assessment to analyze the risk of a UI action.
  *
  * @param projectID: Google Cloud project ID
  * @param recaptchaKey: reCAPTCHA key obtained by registering a domain or an app to use the services of reCAPTCHA Enterprise.
  * @param token: The token obtained from the client on passing the recaptchaKey.
  * @param recaptchaAction: Action name corresponding to the token.
  */
  func createAssessment(projectID string, recaptchaKey string, token string, recaptchaAction string) {

    // Create the recaptcha client.
    // TODO: To avoid memory issues, move this client generation outside
    // of this example, and cache it (recommended) or call client.close()
    // before exiting this method.
    ctx := context.Background()
    client, err := recaptcha.NewClient(ctx)
    if err != nil {
      fmt.Printf("Error creating reCAPTCHA client\n")
    }
    defer client.Close()

    // Set the properties of the event to be tracked.
    event := &recaptchapb.Event{
      Token:          token,
      SiteKey:        recaptchaKey,
    }

    assessment := &recaptchapb.Assessment{
      Event: event,
    }

    // Build the assessment request.
    request := &recaptchapb.CreateAssessmentRequest{
      Assessment: assessment,
      Parent:     fmt.Sprintf("projects/%s", projectID),
    }

    response, err := client.CreateAssessment(
      ctx,
      request)

    if err != nil {
      fmt.Printf("%v", err.Error())
    }

    // Check if the token is valid.
    if response.TokenProperties.Valid == false {
      fmt.Printf("The CreateAssessment() call failed because the token"+
         " was invalid for the following reasons: %v",
      response.TokenProperties.InvalidReason)
      return
    }

    // Check if the expected action was executed.
    if response.TokenProperties.Action == recaptchaAction {
      // Get the risk score and the reason(s).
      // For more information on interpreting the assessment,
      // see: https://cloud.google.com/recaptcha/docs/interpret-assessment
      fmt.Printf("The reCAPTCHA score for this token is:  %v",
        response.RiskAnalysis.Score)

      for _,reason := range response.RiskAnalysis.Reasons {
        fmt.Printf(reason.String()+"\n")
      }
      return
    }

    fmt.Printf("The action attribute in your reCAPTCHA tag does " +
        "not match the action you are expecting to score")
  }

Java


import com.google.cloud.recaptchaenterprise.v1.RecaptchaEnterpriseServiceClient;
import com.google.recaptchaenterprise.v1.Assessment;
import com.google.recaptchaenterprise.v1.CreateAssessmentRequest;
import com.google.recaptchaenterprise.v1.Event;
import com.google.recaptchaenterprise.v1.ProjectName;
import com.google.recaptchaenterprise.v1.RiskAnalysis.ClassificationReason;
import java.io.IOException;

public class CreateAssessment {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectID = "project-id";
    String recaptchaSiteKey = "recaptcha-site-key";
    String token = "action-token";
    String recaptchaAction = "action-name";
    String userIpAddress = "user-ip-address";
    String userAgent = "user-agent";
    String ja3 = "ja3";
    String ja4 = "ja4";

    createAssessment(projectID, recaptchaSiteKey, token, recaptchaAction, userIpAddress, userAgent, ja3, ja4);
  }

  /**
   * Create an assessment to analyze the risk of an UI action. Assessment approach is the same for
   * both 'score' and 'checkbox' type recaptcha site keys.
   *
   * @param projectID : GCloud Project ID
   * @param recaptchaSiteKey : Site key obtained by registering a domain/app to use recaptcha
   *     services. (score/ checkbox type)
   * @param token : The token obtained from the client on passing the recaptchaSiteKey.
   * @param recaptchaAction : Action name corresponding to the token.
   * @param userIpAddress: IP address of the user sending a request.
   * @param userAgent: User agent is included in the HTTP request in the request header. 
   * @param ja3: JA3 associated with the request.
   * @param ja4: JA4 associated with the request.
   */
  public static void createAssessment(
      String projectID, String recaptchaSiteKey, String token, String recaptchaAction, String userIpAddress, String userAgent, String ja3, String ja4)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the `client.close()` method on the client to safely
    // clean up any remaining background resources.
    try (RecaptchaEnterpriseServiceClient client = RecaptchaEnterpriseServiceClient.create()) {

      // Set the properties of the event to be tracked.
      Event event = Event.newBuilder()
          .setSiteKey(recaptchaSiteKey)
          .setToken(token)
          .setUserIpAddress(userIpAddress)
          .setJa3(ja3)
          .setJa4(ja4)
          .setUserAgent(userAgent)
          .build();

      // Build the assessment request.
      CreateAssessmentRequest createAssessmentRequest =
          CreateAssessmentRequest.newBuilder()
              .setParent(ProjectName.of(projectID).toString())
              .setAssessment(Assessment.newBuilder().setEvent(event).build())
              .build();

      Assessment response = client.createAssessment(createAssessmentRequest);

      // Check if the token is valid.
      if (!response.getTokenProperties().getValid()) {
        System.out.println(
            "The CreateAssessment call failed because the token was: "
                + response.getTokenProperties().getInvalidReason().name());
        return;
      }

      // Check if the expected action was executed.
      // (If the key is checkbox type and 'action' attribute wasn't set, skip this check.)
      if (!response.getTokenProperties().getAction().equals(recaptchaAction)) {
        System.out.println(
            "The action attribute in reCAPTCHA tag is: "
                + response.getTokenProperties().getAction());
        System.out.println(
            "The action attribute in the reCAPTCHA tag "
                + "does not match the action ("
                + recaptchaAction
                + ") you are expecting to score");
        return;
      }

      // Get the reason(s) and the risk score.
      // For more information on interpreting the assessment,
      // see: https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
      for (ClassificationReason reason : response.getRiskAnalysis().getReasonsList()) {
        System.out.println(reason);
      }

      float recaptchaScore = response.getRiskAnalysis().getScore();
      System.out.println("The reCAPTCHA score is: " + recaptchaScore);

      // Get the assessment name (id). Use this to annotate the assessment.
      String assessmentName = response.getName();
      System.out.println(
          "Assessment name: " + assessmentName.substring(assessmentName.lastIndexOf("/") + 1));
    }
  }
}

Node.js

  const {RecaptchaEnterpriseServiceClient} =
      require('@google-cloud/recaptcha-enterprise');

 /**
 * Create an assessment to analyze the risk of a UI action. Note that
 * this example does set error boundaries and returns `null` for
 * exceptions.
 *
 * projectID: Google Cloud project ID
 * recaptchaKey: reCAPTCHA key obtained by registering a domain or an app to use the services of reCAPTCHA Enterprise.
 * token: The token obtained from the client on passing the recaptchaKey.
 * recaptchaAction: Action name corresponding to the token.
 * userIpAddress: The IP address of the user sending a request to your backend is available in the HTTP request.
 * userAgent: The user agent is included in the HTTP request in the request header.
 * ja4: JA4 fingerprint associated with the request.
 * ja3: JA3 fingerprint associated with the request.
 */
 async function createAssessment({
   projectID = "your-project-id",
   recaptchaKey = "your-recaptcha-key",
   token = "action-token",
   recaptchaAction = "action-name",
   userIpAddress = "user-ip-address",
   userAgent = "user-agent",
   ja4 = "ja4"
   ja3 = "ja3"
 }) {
   // Create the reCAPTCHA client & set the project path. There are multiple
   // ways to authenticate your client. For more information see:
   // https://cloud.google.com/docs/authentication
   // TODO: To avoid memory issues, move this client generation outside
   // of this example, and cache it (recommended) or call client.close()
   // before exiting this method.
   const client = new RecaptchaEnterpriseServiceClient();
   const projectPath = client.projectPath(projectID);

   // Build the assessment request.
   const request = ({
     assessment: {
       event: {
         token: token,
         siteKey: recaptchaKey,
         userIpAddress: userIpAddress,
         userAgent: userAgent,
         ja4: ja4,
         ja3: ja3,
       },
     },
     parent: projectPath,
   });

   // client.createAssessment() can return a Promise or take a Callback
   const [ response ] = await client.createAssessment(request);

   // Check if the token is valid.
   if (!response.tokenProperties.valid) {
    console.log("The CreateAssessment call failed because the token was: " +
      response.tokenProperties.invalidReason);

    return null;
   }

   // Check if the expected action was executed.
   // The `action` property is set by user client in the
   // grecaptcha.enterprise.execute() method.
   if (response.tokenProperties.action === recaptchaAction) {

    // Get the risk score and the reason(s).
    // For more information on interpreting the assessment,
    // see: https://cloud.google.com/recaptcha/docs/interpret-assessment
    console.log("The reCAPTCHA score is: " +
      response.riskAnalysis.score);

    response.riskAnalysis.reasons.forEach((reason) => {
      console.log(reason);
    });
    return response.riskAnalysis.score;
   } else {
    console.log("The action attribute in your reCAPTCHA tag " +
      "does not match the action you are expecting to score");
    return null;
   }
 }

PHP

  <?php

  // Include Google Cloud dependencies using Composer
  // composer require google/cloud-recaptcha-enterprise
  require 'vendor/autoload.php';

  use Google\Cloud\RecaptchaEnterprise\V1\Client\RecaptchaEnterpriseServiceClient;
  use Google\Cloud\RecaptchaEnterprise\V1\Event;
  use Google\Cloud\RecaptchaEnterprise\V1\Assessment;
  use Google\Cloud\RecaptchaEnterprise\V1\CreateAssessmentRequest;
  use Google\Cloud\RecaptchaEnterprise\V1\TokenProperties\InvalidReason;

  /**
  * Create an assessment to analyze the risk of a UI action.
  * @param string $siteKey The key ID for the reCAPTCHA key (See https://cloud.google.com/recaptcha/docs/create-key)
  * @param string $token The user's response token for which you want to receive a reCAPTCHA score. (See https://cloud.google.com/recaptcha/docs/create-assessment#retrieve_token)
  * @param string $project Your Google Cloud project ID
  */
  function create_assessment(
     string $siteKey,
     string $token,
     string $project
  ): void {
  // TODO: To avoid memory issues, move this client generation outside
  // of this example, and cache it (recommended) or call client.close()
  // before exiting this method.
  $client = new RecaptchaEnterpriseServiceClient();
  $projectName = $client->projectName($project);

     $event = (new Event())
         ->setSiteKey($siteKey)
         ->setToken($token);

     $assessment = (new Assessment())
         ->setEvent($event);

     $request = (new CreateAssessmentRequest())
         ->setParent($projectName)
         ->setAssessment($assessment);

     try {
         $response = $client->createAssessment($request);

         // You can use the score only if the assessment is valid,
         // In case of failures like re-submitting the same token, getValid() will return false
         if ($response->getTokenProperties()->getValid() == false) {
             printf('The CreateAssessment() call failed because the token was invalid for the following reason: ');
             printf(InvalidReason::name($response->getTokenProperties()->getInvalidReason()));
         } else {
             printf('The score for the protection action is:');
             printf($response->getRiskAnalysis()->getScore());

             // Optional: You can use the following methods to get more data about the token
             // Action name provided at token generation.
             // printf($response->getTokenProperties()->getAction() . PHP_EOL);
             // The timestamp corresponding to the generation of the token.
             // printf($response->getTokenProperties()->getCreateTime()->getSeconds() . PHP_EOL);
             // The hostname of the page on which the token was generated.
             // printf($response->getTokenProperties()->getHostname() . PHP_EOL);
         }
     } catch (exception $e) {
         printf('CreateAssessment() call failed with the following error: ');
         printf($e);
     }
  }

  // TODO(Developer): Replace the following before running the sample
  create_assessment(
     'YOUR_RECAPTCHA_KEY',
     'YOUR_USER_RESPONSE_TOKEN',
     'YOUR_GOOGLE_CLOUD_PROJECT_ID'
  );
?>

Python


from google.cloud import recaptchaenterprise_v1
from google.cloud.recaptchaenterprise_v1 import Assessment


def create_assessment(
    project_id: str,
    recaptcha_site_key: str,
    token: str,
    recaptcha_action: str,
    user_ip_address: str,
    user_agent: str,
    ja3: str,
) -> Assessment:
    """Create an assessment to analyze the risk of a UI action.
    Args:
        project_id: GCloud Project ID
        recaptcha_site_key: Site key obtained by registering a domain/app to use recaptcha services.
        token: The token obtained from the client on passing the recaptchaSiteKey.
        recaptcha_action: Action name corresponding to the token.
        user_ip_address: IP address of the user sending a request.
        user_agent: User agent is included in the HTTP request in the request header.
        ja3: JA3 associated with the request.
    """

    client = recaptchaenterprise_v1.RecaptchaEnterpriseServiceClient()

    # Set the properties of the event to be tracked.
    event = recaptchaenterprise_v1.Event()
    event.site_key = recaptcha_site_key
    event.token = token
    event.user_ip_address = user_ip_address
    event.user_agent = user_agent
    event.ja3 = ja3

    assessment = recaptchaenterprise_v1.Assessment()
    assessment.event = event

    project_name = f"projects/{project_id}"

    # Build the assessment request.
    request = recaptchaenterprise_v1.CreateAssessmentRequest()
    request.assessment = assessment
    request.parent = project_name

    response = client.create_assessment(request)

    # Check if the token is valid.
    if not response.token_properties.valid:
        print(
            "The CreateAssessment call failed because the token was "
            + "invalid for for the following reasons: "
            + str(response.token_properties.invalid_reason)
        )
        return

    # Check if the expected action was executed.
    if response.token_properties.action != recaptcha_action:
        print(
            "The action attribute in your reCAPTCHA tag does"
            + "not match the action you are expecting to score"
        )
        return
    else:
        # Get the risk score and the reason(s)
        # For more information on interpreting the assessment,
        # see: https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
        for reason in response.risk_analysis.reasons:
            print(reason)
        print(
            "The reCAPTCHA score for this token is: "
            + str(response.risk_analysis.score)
        )
        # Get the assessment name (id). Use this to annotate the assessment.
        assessment_name = client.parse_assessment_path(response.name).get("assessment")
        print(f"Assessment name: {assessment_name}")
    return response

Ruby

require "google/cloud/recaptcha_enterprise"

# Create an assessment to analyze the risk of a UI action.
#
# @param site_key [String] Site key obtained by registering a domain/app to use recaptcha services.
# @param token [String] The token obtained from the client on passing the recaptcha site_key.
# @param project_id [String] GCloud Project ID.
# @param recaptcha_action [String] Action name corresponding to the token.
# @return [void]
def create_assessment site_key:, token:, project_id:, recaptcha_action:
  # Create the reCAPTCHA client.
  client = ::Google::Cloud::RecaptchaEnterprise.recaptcha_enterprise_service

  request = { parent: "projects/#{project_id}",
              assessment: {
                event: {
                  site_key: site_key,
                  token: token
                }
              } }

  response = client.create_assessment request

  # Check if the token is valid.
  if !response.token_properties.valid
    puts "The create_assessment() call failed because the token was invalid with the following reason:" \
         "#{response.token_properties.invalid_reason}"
  # Check if the expected action was executed.
  elsif response.token_properties.action == recaptcha_action
    # Get the risk score and the reason(s).
    # For more information on interpreting the assessment,
    # see: https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
    puts "The reCAPTCHA score for this token is: #{response.risk_analysis.score}"
    response.risk_analysis.reasons.each { |reason| puts reason }
  else
    puts "The action attribute in your reCAPTCHA tag does not match the action you are expecting to score"
  end
end

注意：評估的回覆可能會顯示 score=0.9 和 reason=LOW_CONFIDENCE。這是因為在前端整合新建立的金鑰時，reCAPTCHA 需要一段時間才能傳回準確的風險分析結果。因此，為確保風險分析的準確性，建議您在前端建立及整合金鑰後，等待 48 小時再對傳回的分數採取任何行動。

後續步驟

解讀評估結果，並根據分數對行動應用程式採取適當行動。

建立行動應用程式的評估 透過集合功能整理內容 你可以依據偏好儲存及分類內容。

事前準備

擷取權杖

建立評估

REST API

使用 gcloud CLI

curl

PowerShell

使用 API 金鑰

curl

PowerShell

C#

Go

Java

Node.js

PHP

Python

Ruby

後續步驟

建立行動應用程式的評估