This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community is upgrading platforms!

Read more and check out our FAQ
Log in to ask a question

Getting API error while calling the "Annotate assessments" REST API

Posted on 10-21-2024 12:05 AM
Lakshmi_Kunchal
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I integrated reCAPTCHA Enterprise (score-based) in my web application. Everything is working fine, and I am getting the score. I want to configure "Account Defender" and "SMS toll fraud protection."  For "SMS toll fraud protection", I am sending the account identifier to the API. While configuring the account defender, getting an API error in "Annotate Login Events". Below is my code

1. First I created the reCAPTCHA Enterprise assessment, got the assessment_id (name field), and sent that assessment_id to annotate the assessment

const url = `https://recaptchaenterprise.googleapis.com/v1/${result}:annotate`;

const data = {
"annotation": "LEGITIMATE",
"reasons": "REASON_UNSPECIFIED"
};

fetch(url, {
method: 'POST',
mode: 'no-cors',
body: JSON.stringify(data),
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer APIKEY'
}

}).then(response => {
if (response.ok) {
return response.json();
}
else if (response.status === 404) {
console.error("Assessment ID not found:", assessmentId);
// Handle the case of a non-existent assessment
}
else {
throw new Error(`Error fetching reCAPTCHA Enterprise data: ${response.status}`);
}
}).then(result => {
console.log("result", result)
})
.catch(error => {
console.error("Error verifying reCAPTCHA token:", error);
});

 getting 403 error "https://recaptchaenterprise.googleapis.com/v1/projects/project_id/assessments/18ebc7dac6000000:annot... net::ERR_ABORTED 403 (Forbidden)"

Please let me know what I did wrong

 

0 1 273
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Lakshmi_Kunchal
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Got the 200 response. I authorized the API with an OAuth access token from the Google Cloud and changed the reason to something other than "REASON_UNSPECIFIED". If we use the reason as "REASON_UNSPECIFIED", it throws an error as "invalid reason". 

I completed every step mentioned in the document and got the "accountDefenderAssessment" field in the response, too. Still, the "Account defender" shows as "Configure" in the reCAPTCHA console. I hope it will be enabled after some time. 

0 Likes
Top Solution Authors
View all