google-cloud-recaptcha_enterprise-v1 0.15.0 → 0.17.3

data/proto_docs/google/cloud/recaptchaenterprise/v1/recaptchaenterprise.rb

@@ -25,7 +25,7 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The name of the project in which the assessment will be created,
-        #     in the format "projects/\\{project}".
+        #     in the format `projects/{project}`.
         # @!attribute [rw] assessment
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::Assessment]
         #     Required. The assessment details.
@@ -159,7 +159,7 @@ module Google
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. The resource name of the Assessment, in the format
-        #     "projects/\\{project}/assessments/\\{assessment}".
+        #     `projects/{project}/assessments/{assessment}`.
         # @!attribute [rw] annotation
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::AnnotateAssessmentRequest::Annotation]
         #     Optional. The annotation that will be assigned to the Event. This field can
@@ -167,15 +167,18 @@ module Google
         #     whether the event is legitimate or fraudulent.
         # @!attribute [rw] reasons
         #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::AnnotateAssessmentRequest::Reason>]
-        #     Optional. Optional reasons for the annotation that will be assigned to the
-        #     Event.
+        #     Optional. Reasons for the annotation that are assigned to the event.
+        # @!attribute [rw] account_id
+        #   @return [::String]
+        #     Optional. A stable account identifier to apply to the assessment. This is
+        #     an alternative to setting `account_id` in `CreateAssessment`, for example
+        #     when a stable account identifier is not yet known in the initial request.
         # @!attribute [rw] hashed_account_id
         #   @return [::String]
-        #     Optional. Unique stable hashed user identifier to apply to the assessment.
-        #     This is an alternative to setting the hashed_account_id in
-        #     CreateAssessment, for example when the account identifier is not yet known
-        #     in the initial request. It is recommended that the identifier is hashed
-        #     using hmac-sha256 with stable secret.
+        #     Optional. A stable hashed account identifier to apply to the assessment.
+        #     This is an alternative to setting `hashed_account_id` in
+        #     `CreateAssessment`, for example when a stable account identifier is not yet
+        #     known in the initial request.
         # @!attribute [rw] transaction_event
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TransactionEvent]
         #     Optional. If the assessment is part of a payment transaction, provide
@@ -302,18 +305,19 @@ module Google
         # Information about account verification, used for identity verification.
         # @!attribute [rw] endpoints
         #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::EndpointVerificationInfo>]
-        #     Endpoints that can be used for identity verification.
+        #     Optional. Endpoints that can be used for identity verification.
         # @!attribute [rw] language_code
         #   @return [::String]
-        #     Language code preference for the verification message, set as a IETF BCP 47
-        #     language code.
+        #     Optional. Language code preference for the verification message, set as a
+        #     IETF BCP 47 language code.
         # @!attribute [r] latest_verification_result
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::AccountVerificationInfo::Result]
         #     Output only. Result of the latest account verification challenge.
         # @!attribute [rw] username
+        #   @deprecated This field is deprecated and may be removed in the next major version update.
         #   @return [::String]
         #     Username of the account that is being verified. Deprecated. Customers
-        #     should now provide the hashed account ID field in Event.
+        #     should now provide the `account_id` field in `event.user_info`.
         class AccountVerificationInfo
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -365,7 +369,7 @@ module Google
         # Private password leak verification info.
         # @!attribute [rw] lookup_hash_prefix
         #   @return [::String]
-        #     Optional. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized
+        #     Required. Exactly 26-bit prefix of the SHA-256 hash of the canonicalized
         #     username. It is used to look up password leaks associated with that hash
         #     prefix.
         # @!attribute [rw] encrypted_user_credentials_hash
@@ -391,11 +395,11 @@ module Google
         # A reCAPTCHA Enterprise assessment resource.
         # @!attribute [r] name
         #   @return [::String]
-        #     Output only. The resource name for the Assessment in the format
-        #     "projects/\\{project}/assessments/\\{assessment}".
+        #     Output only. Identifier. The resource name for the Assessment in the format
+        #     `projects/{project}/assessments/{assessment}`.
         # @!attribute [rw] event
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::Event]
-        #     The event being assessed.
+        #     Optional. The event being assessed.
         # @!attribute [r] risk_analysis
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::RiskAnalysis]
         #     Output only. The risk analysis result for the event being assessed.
@@ -404,19 +408,29 @@ module Google
         #     Output only. Properties of the provided event token.
         # @!attribute [rw] account_verification
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::AccountVerificationInfo]
-        #     Account verification information for identity verification. The assessment
-        #     event must include a token and site key to use this feature.
-        # @!attribute [rw] account_defender_assessment
+        #     Optional. Account verification information for identity verification. The
+        #     assessment event must include a token and site key to use this feature.
+        # @!attribute [r] account_defender_assessment
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::AccountDefenderAssessment]
-        #     Assessment returned by account defender when a hashed_account_id is
-        #     provided.
+        #     Output only. Assessment returned by account defender when an account
+        #     identifier is provided.
         # @!attribute [rw] private_password_leak_verification
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::PrivatePasswordLeakVerification]
-        #     The private password leak verification field contains the parameters that
-        #     are used to to check for leaks privately without sharing user credentials.
-        # @!attribute [rw] fraud_prevention_assessment
+        #     Optional. The private password leak verification field contains the
+        #     parameters that are used to to check for leaks privately without sharing
+        #     user credentials.
+        # @!attribute [r] firewall_policy_assessment
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallPolicyAssessment]
+        #     Output only. Assessment returned when firewall policies belonging to the
+        #     project are evaluated using the field firewall_policy_evaluation.
+        # @!attribute [r] fraud_prevention_assessment
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FraudPreventionAssessment]
-        #     Assessment returned by Fraud Prevention when TransactionData is provided.
+        #     Output only. Assessment returned by Fraud Prevention when TransactionData
+        #     is provided.
+        # @!attribute [r] fraud_signals
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FraudSignals]
+        #     Output only. Fraud Signals specific to the users involved in a payment
+        #     transaction.
         class Assessment
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -445,21 +459,52 @@ module Google
         #     same action provided at token generation time on client-side platforms
         #     already integrated with recaptcha enterprise.
         # @!attribute [rw] hashed_account_id
+        #   @deprecated This field is deprecated and may be removed in the next major version update.
+        #   @return [::String]
+        #     Optional. Deprecated: use `user_info.account_id` instead.
+        #     Unique stable hashed user identifier for the request. The identifier must
+        #     be hashed using hmac-sha256 with stable secret.
+        # @!attribute [rw] express
+        #   @return [::Boolean]
+        #     Optional. Flag for a reCAPTCHA express request for an assessment without a
+        #     token. If enabled, `site_key` must reference a SCORE key with WAF feature
+        #     set to EXPRESS.
+        # @!attribute [rw] requested_uri
+        #   @return [::String]
+        #     Optional. The URI resource the user requested that triggered an assessment.
+        # @!attribute [rw] waf_token_assessment
+        #   @return [::Boolean]
+        #     Optional. Flag for running WAF token assessment.
+        #     If enabled, the token must be specified, and have been created by a
+        #     WAF-enabled key.
+        # @!attribute [rw] ja3
         #   @return [::String]
-        #     Optional. Unique stable hashed user identifier for the request. The
-        #     identifier must be hashed using hmac-sha256 with stable secret.
+        #     Optional. JA3 fingerprint for SSL clients.
+        # @!attribute [rw] headers
+        #   @return [::Array<::String>]
+        #     Optional. HTTP header information about the request.
+        # @!attribute [rw] firewall_policy_evaluation
+        #   @return [::Boolean]
+        #     Optional. Flag for enabling firewall policy config assessment.
+        #     If this flag is enabled, the firewall policy will be evaluated and a
+        #     suggested firewall action will be returned in the response.
         # @!attribute [rw] transaction_data
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TransactionData]
         #     Optional. Data describing a payment transaction to be assessed. Sending
         #     this data enables reCAPTCHA Enterprise Fraud Prevention and the
         #     FraudPreventionAssessment component in the response.
+        # @!attribute [rw] user_info
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::UserInfo]
+        #     Optional. Information about the user that generates this event, when they
+        #     can be identified. They are often identified through the use of an account
+        #     for logged-in requests or login/registration requests, or by providing user
+        #     identifiers for guest actions like checkout.
         class Event
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
         # Transaction data associated with a payment protected by reCAPTCHA Enterprise.
-        # All fields are optional.
         # @!attribute [rw] transaction_id
         #   @return [::String]
         #     Unique identifier for the transaction. This custom identifier can be used
@@ -468,7 +513,7 @@ module Google
         #     same transaction id.
         # @!attribute [rw] payment_method
         #   @return [::String]
-        #     The payment method for the transaction. The allowed values are:
+        #     Optional. The payment method for the transaction. The allowed values are:
         #
         #     * credit-card
         #     * debit-card
@@ -479,38 +524,41 @@ module Google
         #     custom-crypto)
         # @!attribute [rw] card_bin
         #   @return [::String]
-        #     The Bank Identification Number - generally the first 6 or 8 digits of the
-        #     card.
+        #     Optional. The Bank Identification Number - generally the first 6 or 8
+        #     digits of the card.
         # @!attribute [rw] card_last_four
         #   @return [::String]
-        #     The last four digits of the card.
+        #     Optional. The last four digits of the card.
         # @!attribute [rw] currency_code
         #   @return [::String]
-        #     The currency code in ISO-4217 format.
+        #     Optional. The currency code in ISO-4217 format.
         # @!attribute [rw] value
         #   @return [::Float]
-        #     The decimal value of the transaction in the specified currency.
+        #     Optional. The decimal value of the transaction in the specified currency.
         # @!attribute [rw] shipping_value
         #   @return [::Float]
-        #     The value of shipping in the specified currency. 0 for free or no shipping.
+        #     Optional. The value of shipping in the specified currency. 0 for free or no
+        #     shipping.
         # @!attribute [rw] shipping_address
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TransactionData::Address]
-        #     Destination address if this transaction involves shipping a physical item.
+        #     Optional. Destination address if this transaction involves shipping a
+        #     physical item.
         # @!attribute [rw] billing_address
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TransactionData::Address]
-        #     Address associated with the payment method when applicable.
+        #     Optional. Address associated with the payment method when applicable.
         # @!attribute [rw] user
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TransactionData::User]
-        #     Information about the user paying/initiating the transaction.
+        #     Optional. Information about the user paying/initiating the transaction.
         # @!attribute [rw] merchants
         #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::TransactionData::User>]
-        #     Information about the user or users fulfilling the transaction.
+        #     Optional. Information about the user or users fulfilling the transaction.
         # @!attribute [rw] items
         #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::TransactionData::Item>]
-        #     Items purchased in this transaction.
+        #     Optional. Items purchased in this transaction.
         # @!attribute [rw] gateway_info
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TransactionData::GatewayInfo]
-        #     Information about the payment gateway's response to the transaction.
+        #     Optional. Information about the payment gateway's response to the
+        #     transaction.
         class TransactionData
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -518,24 +566,26 @@ module Google
           # Structured address format for billing and shipping addresses.
           # @!attribute [rw] recipient
           #   @return [::String]
-          #     The recipient name, potentially including information such as "care of".
+          #     Optional. The recipient name, potentially including information such as
+          #     "care of".
           # @!attribute [rw] address
           #   @return [::Array<::String>]
-          #     The first lines of the address. The first line generally contains the
-          #     street name and number, and further lines may include information such as
-          #     an apartment number.
+          #     Optional. The first lines of the address. The first line generally
+          #     contains the street name and number, and further lines may include
+          #     information such as an apartment number.
           # @!attribute [rw] locality
           #   @return [::String]
-          #     The town/city of the address.
+          #     Optional. The town/city of the address.
           # @!attribute [rw] administrative_area
           #   @return [::String]
-          #     The state, province, or otherwise administrative area of the address.
+          #     Optional. The state, province, or otherwise administrative area of the
+          #     address.
           # @!attribute [rw] region_code
           #   @return [::String]
-          #     The CLDR country/region of the address.
+          #     Optional. The CLDR country/region of the address.
           # @!attribute [rw] postal_code
           #   @return [::String]
-          #     The postal or ZIP code of the address.
+          #     Optional. The postal or ZIP code of the address.
           class Address
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -544,26 +594,26 @@ module Google
           # Details about a user's account involved in the transaction.
           # @!attribute [rw] account_id
           #   @return [::String]
-          #     Unique account identifier for this user. If using account defender,
-          #     this should match the hashed_account_id field. Otherwise, a unique and
-          #     persistent identifier for this account.
+          #     Optional. Unique account identifier for this user. If using account
+          #     defender, this should match the hashed_account_id field. Otherwise, a
+          #     unique and persistent identifier for this account.
           # @!attribute [rw] creation_ms
           #   @return [::Integer]
-          #     The epoch milliseconds of the user's account creation.
+          #     Optional. The epoch milliseconds of the user's account creation.
           # @!attribute [rw] email
           #   @return [::String]
-          #     The email address of the user.
+          #     Optional. The email address of the user.
           # @!attribute [rw] email_verified
           #   @return [::Boolean]
-          #     Whether the email has been verified to be accessible by the user (OTP or
-          #     similar).
+          #     Optional. Whether the email has been verified to be accessible by the
+          #     user (OTP or similar).
           # @!attribute [rw] phone_number
           #   @return [::String]
-          #     The phone number of the user, with country code.
+          #     Optional. The phone number of the user, with country code.
           # @!attribute [rw] phone_verified
           #   @return [::Boolean]
-          #     Whether the phone number has been verified to be accessible by the user
-          #     (OTP or similar).
+          #     Optional. Whether the phone number has been verified to be accessible by
+          #     the user (OTP or similar).
           class User
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -572,18 +622,18 @@ module Google
           # Line items being purchased in this transaction.
           # @!attribute [rw] name
           #   @return [::String]
-          #     The full name of the item.
+          #     Optional. The full name of the item.
           # @!attribute [rw] value
           #   @return [::Float]
-          #     The value per item that the user is paying, in the transaction currency,
-          #     after discounts.
+          #     Optional. The value per item that the user is paying, in the transaction
+          #     currency, after discounts.
           # @!attribute [rw] quantity
           #   @return [::Integer]
-          #     The quantity of this item that is being purchased.
+          #     Optional. The quantity of this item that is being purchased.
           # @!attribute [rw] merchant_account_id
           #   @return [::String]
-          #     When a merchant is specified, its corresponding account_id. Necessary to
-          #     populate marketplace-style transactions.
+          #     Optional. When a merchant is specified, its corresponding account_id.
+          #     Necessary to populate marketplace-style transactions.
           class Item
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -592,17 +642,18 @@ module Google
           # Details about the transaction from the gateway.
           # @!attribute [rw] name
           #   @return [::String]
-          #     Name of the gateway service (for example, stripe, square, paypal).
+          #     Optional. Name of the gateway service (for example, stripe, square,
+          #     paypal).
           # @!attribute [rw] gateway_response_code
           #   @return [::String]
-          #     Gateway response code describing the state of the transaction.
+          #     Optional. Gateway response code describing the state of the transaction.
           # @!attribute [rw] avs_response_code
           #   @return [::String]
-          #     AVS response code from the gateway
+          #     Optional. AVS response code from the gateway
           #     (available only when reCAPTCHA Enterprise is called after authorization).
           # @!attribute [rw] cvv_response_code
           #   @return [::String]
-          #     CVV response code from the gateway
+          #     Optional. CVV response code from the gateway
           #     (available only when reCAPTCHA Enterprise is called after authorization).
           class GatewayInfo
             include ::Google::Protobuf::MessageExts
@@ -610,15 +661,57 @@ module Google
           end
         end
 
+        # User information associated with a request protected by reCAPTCHA Enterprise.
+        # @!attribute [rw] create_account_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Optional. Creation time for this account associated with this user. Leave
+        #     blank for non logged-in actions, guest checkout, or when there is no
+        #     account associated with the current user.
+        # @!attribute [rw] account_id
+        #   @return [::String]
+        #     Optional. For logged-in requests or login/registration requests, the unique
+        #     account identifier associated with this user. You can use the username if
+        #     it is stable (meaning it is the same for every request associated with the
+        #     same user), or any stable user ID of your choice. Leave blank for non
+        #     logged-in actions or guest checkout.
+        # @!attribute [rw] user_ids
+        #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::UserId>]
+        #     Optional. Identifiers associated with this user or request.
+        class UserInfo
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # An identifier associated with a user.
+        # @!attribute [rw] email
+        #   @return [::String]
+        #     Optional. An email address.
+        # @!attribute [rw] phone_number
+        #   @return [::String]
+        #     Optional. A phone number. Should use the E.164 format.
+        # @!attribute [rw] username
+        #   @return [::String]
+        #     Optional. A unique username, if different from all the other identifiers
+        #     and `account_id` that are provided. Can be a unique login handle or
+        #     display name for a user.
+        class UserId
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Risk analysis result for an event.
-        # @!attribute [rw] score
+        # @!attribute [r] score
         #   @return [::Float]
-        #     Legitimate event score from 0.0 to 1.0.
+        #     Output only. Legitimate event score from 0.0 to 1.0.
         #     (1.0 means very likely legitimate traffic while 0.0 means very likely
         #     non-legitimate traffic).
-        # @!attribute [rw] reasons
+        # @!attribute [r] reasons
         #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::RiskAnalysis::ClassificationReason>]
-        #     Reasons contributing to the risk analysis verdict.
+        #     Output only. Reasons contributing to the risk analysis verdict.
+        # @!attribute [r] extended_verdict_reasons
+        #   @return [::Array<::String>]
+        #     Output only. Extended verdict reasons to be used for experimentation only.
+        #     The set of possible reasons is subject to change.
         class RiskAnalysis
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -654,33 +747,34 @@ module Google
         end
 
         # Properties of the provided event token.
-        # @!attribute [rw] valid
+        # @!attribute [r] valid
         #   @return [::Boolean]
-        #     Whether the provided user response token is valid. When valid = false, the
-        #     reason could be specified in invalid_reason or it could also be due to
-        #     a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey
-        #     used to generate the token was different than the one specified in the
-        #     assessment).
-        # @!attribute [rw] invalid_reason
+        #     Output only. Whether the provided user response token is valid. When valid
+        #     = false, the reason could be specified in invalid_reason or it could also
+        #     be due to a user failing to solve a challenge or a sitekey mismatch (i.e
+        #     the sitekey used to generate the token was different than the one specified
+        #     in the assessment).
+        # @!attribute [r] invalid_reason
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TokenProperties::InvalidReason]
-        #     Reason associated with the response when valid = false.
-        # @!attribute [rw] create_time
+        #     Output only. Reason associated with the response when valid = false.
+        # @!attribute [r] create_time
         #   @return [::Google::Protobuf::Timestamp]
-        #     The timestamp corresponding to the generation of the token.
-        # @!attribute [rw] hostname
-        #   @return [::String]
-        #     The hostname of the page on which the token was generated (Web keys only).
-        # @!attribute [rw] android_package_name
+        #     Output only. The timestamp corresponding to the generation of the token.
+        # @!attribute [r] hostname
         #   @return [::String]
-        #     The name of the Android package with which the token was generated (Android
+        #     Output only. The hostname of the page on which the token was generated (Web
         #     keys only).
-        # @!attribute [rw] ios_bundle_id
+        # @!attribute [r] android_package_name
         #   @return [::String]
-        #     The ID of the iOS bundle with which the token was generated (iOS keys
-        #     only).
-        # @!attribute [rw] action
+        #     Output only. The name of the Android package with which the token was
+        #     generated (Android keys only).
+        # @!attribute [r] ios_bundle_id
         #   @return [::String]
-        #     Action name provided at token generation.
+        #     Output only. The ID of the iOS bundle with which the token was generated
+        #     (iOS keys only).
+        # @!attribute [r] action
+        #   @return [::String]
+        #     Output only. Action name provided at token generation.
         class TokenProperties
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -712,27 +806,32 @@ module Google
         end
 
         # Assessment for Fraud Prevention.
-        # @!attribute [rw] transaction_risk
+        # @!attribute [r] transaction_risk
         #   @return [::Float]
-        #     Probability (0-1) of this transaction being fraudulent. Summarizes the
-        #     combined risk of attack vectors below.
-        # @!attribute [rw] stolen_instrument_verdict
+        #     Output only. Probability of this transaction being fraudulent. Summarizes
+        #     the combined risk of attack vectors below. Values are from 0.0 (lowest)
+        #     to 1.0 (highest).
+        # @!attribute [r] stolen_instrument_verdict
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FraudPreventionAssessment::StolenInstrumentVerdict]
-        #     Assessment of this transaction for risk of a stolen instrument.
-        # @!attribute [rw] card_testing_verdict
+        #     Output only. Assessment of this transaction for risk of a stolen
+        #     instrument.
+        # @!attribute [r] card_testing_verdict
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FraudPreventionAssessment::CardTestingVerdict]
-        #     Assessment of this transaction for risk of being part of a card testing
-        #     attack.
+        #     Output only. Assessment of this transaction for risk of being part of a
+        #     card testing attack.
+        # @!attribute [r] behavioral_trust_verdict
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FraudPreventionAssessment::BehavioralTrustVerdict]
+        #     Output only. Assessment of this transaction for behavioral trust.
         class FraudPreventionAssessment
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
 
           # Information about stolen instrument fraud, where the user is not the
           # legitimate owner of the instrument being used for the purchase.
-          # @!attribute [rw] risk
+          # @!attribute [r] risk
           #   @return [::Float]
-          #     Probability (0-1) of this transaction being executed with a stolen
-          #     instrument.
+          #     Output only. Probability of this transaction being executed with a stolen
+          #     instrument. Values are from 0.0 (lowest) to 1.0 (highest).
           class StolenInstrumentVerdict
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -740,20 +839,86 @@ module Google
 
           # Information about card testing fraud, where an adversary is testing
           # fraudulently obtained cards or brute forcing their details.
-          # @!attribute [rw] risk
+          # @!attribute [r] risk
           #   @return [::Float]
-          #     Probability (0-1) of this transaction attempt being part of a card
-          #     testing attack.
+          #     Output only. Probability of this transaction attempt being part of a card
+          #     testing attack. Values are from 0.0 (lowest) to 1.0 (highest).
           class CardTestingVerdict
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
+
+          # Information about behavioral trust of the transaction.
+          # @!attribute [r] trust
+          #   @return [::Float]
+          #     Output only. Probability of this transaction attempt being executed in a
+          #     behaviorally trustworthy way. Values are from 0.0 (lowest) to 1.0
+          #     (highest).
+          class BehavioralTrustVerdict
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # Fraud signals describing users and cards involved in the transaction.
+        # @!attribute [r] user_signals
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FraudSignals::UserSignals]
+        #     Output only. Signals describing the end user in this transaction.
+        # @!attribute [r] card_signals
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FraudSignals::CardSignals]
+        #     Output only. Signals describing the payment card or cards used in this
+        #     transaction.
+        class FraudSignals
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Signals describing the user involved in this transaction.
+          # @!attribute [r] active_days_lower_bound
+          #   @return [::Integer]
+          #     Output only. This user (based on email, phone, and other identifiers) has
+          #     been seen on the internet for at least this number of days.
+          # @!attribute [r] synthetic_risk
+          #   @return [::Float]
+          #     Output only. Likelihood (from 0.0 to 1.0) this user includes synthetic
+          #     components in their identity, such as a randomly generated email address,
+          #     temporary phone number, or fake shipping address.
+          class UserSignals
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Signals describing the payment card used in this transaction.
+          # @!attribute [r] card_labels
+          #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::FraudSignals::CardSignals::CardLabel>]
+          #     Output only. The labels for the payment card in this transaction.
+          class CardSignals
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Risk labels describing the card being assessed, such as its funding
+            # mechanism.
+            module CardLabel
+              # No label specified.
+              CARD_LABEL_UNSPECIFIED = 0
+
+              # This card has been detected as prepaid.
+              PREPAID = 1
+
+              # This card has been detected as virtual, such as a card number generated
+              # for a single transaction or merchant.
+              VIRTUAL = 2
+
+              # This card has been detected as being used in an unexpected geographic
+              # location.
+              UNEXPECTED_LOCATION = 3
+            end
+          end
         end
 
         # Account defender risk assessment.
-        # @!attribute [rw] labels
+        # @!attribute [r] labels
         #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::AccountDefenderAssessment::AccountDefenderLabel>]
-        #     Labels for this request.
+        #     Output only. Labels for this request.
         class AccountDefenderAssessment
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -785,7 +950,7 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The name of the project in which the key will be created, in the
-        #     format "projects/\\{project}".
+        #     format `projects/{project}`.
         # @!attribute [rw] key
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::Key]
         #     Required. Information to create a reCAPTCHA Enterprise key.
@@ -798,7 +963,7 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The name of the project that contains the keys that will be
-        #     listed, in the format "projects/\\{project}".
+        #     listed, in the format `projects/{project}`.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Optional. The maximum number of keys to return. Default is 10. Max limit is
@@ -829,7 +994,7 @@ module Google
         # @!attribute [rw] key
         #   @return [::String]
         #     Required. The public key name linked to the requested secret key in the
-        #     format "projects/\\{project}/keys/\\{key}".
+        #     format `projects/{project}/keys/{key}`.
         class RetrieveLegacySecretKeyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -839,7 +1004,7 @@ module Google
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. The name of the requested key, in the format
-        #     "projects/\\{project}/keys/\\{key}".
+        #     `projects/{project}/keys/{key}`.
         class GetKeyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -862,17 +1027,94 @@ module Google
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. The name of the key to be deleted, in the format
-        #     "projects/\\{project}/keys/\\{key}".
+        #     `projects/{project}/keys/{key}`.
         class DeleteKeyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # The create firewall policy request message.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The name of the project this policy will apply to, in the format
+        #     `projects/{project}`.
+        # @!attribute [rw] firewall_policy
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallPolicy]
+        #     Required. Information to create the policy.
+        class CreateFirewallPolicyRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The list firewall policies request message.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The name of the project to list the policies for, in the format
+        #     `projects/{project}`.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Optional. The maximum number of policies to return. Default is 10. Max
+        #     limit is 1000.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Optional. The next_page_token value returned from a previous.
+        #     ListFirewallPoliciesRequest, if any.
+        class ListFirewallPoliciesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response to request to list firewall policies belonging to a key.
+        # @!attribute [rw] firewall_policies
+        #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::FirewallPolicy>]
+        #     Policy details.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     Token to retrieve the next page of results. It is set to empty if no
+        #     policies remain in results.
+        class ListFirewallPoliciesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The get firewall policy request message.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the requested policy, in the format
+        #     `projects/{project}/firewallpolicies/{firewallpolicy}`.
+        class GetFirewallPolicyRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The update firewall policy request message.
+        # @!attribute [rw] firewall_policy
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallPolicy]
+        #     Required. The policy to update.
+        # @!attribute [rw] update_mask
+        #   @return [::Google::Protobuf::FieldMask]
+        #     Optional. The mask to control which fields of the policy get updated. If
+        #     the mask is not present, all fields will be updated.
+        class UpdateFirewallPolicyRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The delete firewall policy request message.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the policy to be deleted, in the format
+        #     `projects/{project}/firewallpolicies/{firewallpolicy}`.
+        class DeleteFirewallPolicyRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # The migrate key request message.
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. The name of the key to be migrated, in the format
-        #     "projects/\\{project}/keys/\\{key}".
+        #     `projects/{project}/keys/{key}`.
         # @!attribute [rw] skip_billing_check
         #   @return [::Boolean]
         #     Optional. If true, skips the billing check.
@@ -892,7 +1134,7 @@ module Google
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. The name of the requested metrics, in the format
-        #     "projects/\\{project}/keys/\\{key}/metrics".
+        #     `projects/{project}/keys/{key}/metrics`.
         class GetMetricsRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -901,8 +1143,8 @@ module Google
         # Metrics for a single Key.
         # @!attribute [r] name
         #   @return [::String]
-        #     Output only. The name of the metrics, in the format
-        #     "projects/\\{project}/keys/\\{key}/metrics".
+        #     Output only. Identifier. The name of the metrics, in the format
+        #     `projects/{project}/keys/{key}/metrics`.
         # @!attribute [rw] start_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Inclusive start time aligned to a day (UTC).
@@ -937,11 +1179,11 @@ module Google
         # use reCAPTCHA Enterprise.
         # @!attribute [rw] name
         #   @return [::String]
-        #     The resource name for the Key in the format
-        #     "projects/\\{project}/keys/\\{key}".
+        #     Identifier. The resource name for the Key in the format
+        #     `projects/{project}/keys/{key}`.
         # @!attribute [rw] display_name
         #   @return [::String]
-        #     Human-readable display name of this key. Modifiable by user.
+        #     Required. Human-readable display name of this key. Modifiable by user.
         # @!attribute [rw] web_settings
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::WebKeySettings]
         #     Settings for keys that can be used by websites.
@@ -953,17 +1195,17 @@ module Google
         #     Settings for keys that can be used by iOS apps.
         # @!attribute [rw] labels
         #   @return [::Google::Protobuf::Map{::String => ::String}]
-        #     See <a href="https://cloud.google.com/recaptcha-enterprise/docs/labels">
-        #     Creating and managing labels</a>.
+        #     Optional. See [Creating and managing labels]
+        #     (https://cloud.google.com/recaptcha-enterprise/docs/labels).
         # @!attribute [r] create_time
         #   @return [::Google::Protobuf::Timestamp]
-        #     Output only. The timestamp corresponding to the creation of this Key.
+        #     Output only. The timestamp corresponding to the creation of this key.
         # @!attribute [rw] testing_options
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TestingOptions]
-        #     Options for user acceptance testing.
+        #     Optional. Options for user acceptance testing.
         # @!attribute [rw] waf_settings
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::WafSettings]
-        #     Settings for WAF
+        #     Optional. Settings for WAF
         class Key
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -981,13 +1223,13 @@ module Google
         # Options for user acceptance testing.
         # @!attribute [rw] testing_score
         #   @return [::Float]
-        #     All assessments for this Key will return this score. Must be between 0
-        #     (likely not legitimate) and 1 (likely legitimate) inclusive.
+        #     Optional. All assessments for this Key will return this score. Must be
+        #     between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.
         # @!attribute [rw] testing_challenge
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::TestingOptions::TestingChallenge]
-        #     For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests
-        #     for this site will return nocaptcha if NOCAPTCHA, or an unsolvable
-        #     challenge if CHALLENGE.
+        #     Optional. For challenge-based keys only (CHECKBOX, INVISIBLE), all
+        #     challenge requests for this site will return nocaptcha if NOCAPTCHA, or an
+        #     unsolvable challenge if CHALLENGE.
         class TestingOptions
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1012,25 +1254,25 @@ module Google
         # Settings specific to keys that can be used by websites.
         # @!attribute [rw] allow_all_domains
         #   @return [::Boolean]
-        #     If set to true, it means allowed_domains will not be enforced.
+        #     Optional. If set to true, it means allowed_domains will not be enforced.
         # @!attribute [rw] allowed_domains
         #   @return [::Array<::String>]
-        #     Domains or subdomains of websites allowed to use the key. All subdomains
-        #     of an allowed domain are automatically allowed. A valid domain requires a
-        #     host and must not include any path, port, query or fragment.
+        #     Optional. Domains or subdomains of websites allowed to use the key. All
+        #     subdomains of an allowed domain are automatically allowed. A valid domain
+        #     requires a host and must not include any path, port, query or fragment.
         #     Examples: 'example.com' or 'subdomain.example.com'
         # @!attribute [rw] allow_amp_traffic
         #   @return [::Boolean]
-        #     If set to true, the key can be used on AMP (Accelerated Mobile Pages)
-        #     websites. This is supported only for the SCORE integration type.
+        #     Optional. If set to true, the key can be used on AMP (Accelerated Mobile
+        #     Pages) websites. This is supported only for the SCORE integration type.
         # @!attribute [rw] integration_type
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::WebKeySettings::IntegrationType]
         #     Required. Describes how this key is integrated with the website.
         # @!attribute [rw] challenge_security_preference
         #   @return [::Google::Cloud::RecaptchaEnterprise::V1::WebKeySettings::ChallengeSecurityPreference]
-        #     Settings for the frequency and difficulty at which this key triggers
-        #     captcha challenges. This should only be specified for IntegrationTypes
-        #     CHECKBOX and INVISIBLE.
+        #     Optional. Settings for the frequency and difficulty at which this key
+        #     triggers captcha challenges. This should only be specified for
+        #     IntegrationTypes CHECKBOX and INVISIBLE.
         class WebKeySettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1075,11 +1317,16 @@ module Google
         # Settings specific to keys that can be used by Android apps.
         # @!attribute [rw] allow_all_package_names
         #   @return [::Boolean]
-        #     If set to true, allowed_package_names are not enforced.
+        #     Optional. If set to true, allowed_package_names are not enforced.
         # @!attribute [rw] allowed_package_names
         #   @return [::Array<::String>]
-        #     Android package names of apps allowed to use the key.
+        #     Optional. Android package names of apps allowed to use the key.
         #     Example: 'com.companyname.appname'
+        # @!attribute [rw] support_non_google_app_store_distribution
+        #   @return [::Boolean]
+        #     Optional. Set to true for keys that are used in an Android application that
+        #     is available for download in app stores in addition to the Google Play
+        #     Store.
         class AndroidKeySettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1088,16 +1335,41 @@ module Google
         # Settings specific to keys that can be used by iOS apps.
         # @!attribute [rw] allow_all_bundle_ids
         #   @return [::Boolean]
-        #     If set to true, allowed_bundle_ids are not enforced.
+        #     Optional. If set to true, allowed_bundle_ids are not enforced.
         # @!attribute [rw] allowed_bundle_ids
         #   @return [::Array<::String>]
-        #     iOS bundle ids of apps allowed to use the key.
+        #     Optional. iOS bundle ids of apps allowed to use the key.
         #     Example: 'com.companyname.productname.appname'
+        # @!attribute [rw] apple_developer_id
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::AppleDeveloperId]
+        #     Optional. Apple Developer account details for the app that is protected by
+        #     the reCAPTCHA Key. reCAPTCHA Enterprise leverages platform-specific checks
+        #     like Apple App Attest and Apple DeviceCheck to protect your app from abuse.
+        #     Providing these fields allows reCAPTCHA Enterprise to get a better
+        #     assessment of the integrity of your app.
         class IOSKeySettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Contains fields that are required to perform Apple-specific integrity checks.
+        # @!attribute [rw] private_key
+        #   @return [::String]
+        #     Required. Input only. A private key (downloaded as a text file with a .p8
+        #     file extension) generated for your Apple Developer account. Ensure that
+        #     Apple DeviceCheck is enabled for the private key.
+        # @!attribute [rw] key_id
+        #   @return [::String]
+        #     Required. The Apple developer key ID (10-character string).
+        # @!attribute [rw] team_id
+        #   @return [::String]
+        #     Required. The Apple team ID (10-character string) owning the provisioning
+        #     profile used to build your application.
+        class AppleDeveloperId
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Score distribution.
         # @!attribute [rw] score_buckets
         #   @return [::Google::Protobuf::Map{::Integer => ::Integer}]
@@ -1162,6 +1434,134 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Policy config assessment.
+        # @!attribute [r] error
+        #   @return [::Google::Rpc::Status]
+        #     Output only. If the processing of a policy config fails, an error will be
+        #     populated and the firewall_policy will be left empty.
+        # @!attribute [r] firewall_policy
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallPolicy]
+        #     Output only. The policy that matched the request. If more than one policy
+        #     may match, this is the first match. If no policy matches the incoming
+        #     request, the policy field will be left empty.
+        class FirewallPolicyAssessment
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # An individual action. Each action represents what to do if a policy
+        # matches.
+        # @!attribute [rw] allow
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallAction::AllowAction]
+        #     The user request did not match any policy and should be allowed
+        #     access to the requested resource.
+        # @!attribute [rw] block
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallAction::BlockAction]
+        #     This action will deny access to a given page. The user will get an HTTP
+        #     error code.
+        # @!attribute [rw] redirect
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallAction::RedirectAction]
+        #     This action will redirect the request to a ReCaptcha interstitial to
+        #     attach a token.
+        # @!attribute [rw] substitute
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallAction::SubstituteAction]
+        #     This action will transparently serve a different page to an offending
+        #     user.
+        # @!attribute [rw] set_header
+        #   @return [::Google::Cloud::RecaptchaEnterprise::V1::FirewallAction::SetHeaderAction]
+        #     This action will set a custom header but allow the request to continue
+        #     to the customer backend.
+        class FirewallAction
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # An allow action continues processing a request unimpeded.
+          class AllowAction
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # A block action serves an HTTP error code a prevents the request from
+          # hitting the backend.
+          class BlockAction
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # A redirect action returns a 307 (temporary redirect) response, pointing
+          # the user to a ReCaptcha interstitial page to attach a token.
+          class RedirectAction
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # A substitute action transparently serves a different page than the one
+          # requested.
+          # @!attribute [rw] path
+          #   @return [::String]
+          #     Optional. The address to redirect to. The target is a relative path in
+          #     the current host. Example: "/blog/404.html".
+          class SubstituteAction
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # A set header action sets a header and forwards the request to the
+          # backend. This can be used to trigger custom protection implemented on the
+          # backend.
+          # @!attribute [rw] key
+          #   @return [::String]
+          #     Optional. The header key to set in the request to the backend server.
+          # @!attribute [rw] value
+          #   @return [::String]
+          #     Optional. The header value to set in the request to the backend server.
+          class SetHeaderAction
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # A FirewallPolicy represents a single matching pattern and resulting actions
+        # to take.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Identifier. The resource name for the FirewallPolicy in the format
+        #     `projects/{project}/firewallpolicies/{firewallpolicy}`.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Optional. A description of what this policy aims to achieve, for
+        #     convenience purposes. The description can at most include 256 UTF-8
+        #     characters.
+        # @!attribute [rw] path
+        #   @return [::String]
+        #     Optional. The path for which this policy applies, specified as a glob
+        #     pattern. For more information on glob, see the [manual
+        #     page](https://man7.org/linux/man-pages/man7/glob.7.html).
+        #     A path has a max length of 200 characters.
+        # @!attribute [rw] condition
+        #   @return [::String]
+        #     Optional. A CEL (Common Expression Language) conditional expression that
+        #     specifies if this policy applies to an incoming user request. If this
+        #     condition evaluates to true and the requested path matched the path
+        #     pattern, the associated actions should be executed by the caller. The
+        #     condition string is checked for CEL syntax correctness on creation. For
+        #     more information, see the [CEL spec](https://github.com/google/cel-spec)
+        #     and its [language
+        #     definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md).
+        #     A condition has a max length of 500 characters.
+        # @!attribute [rw] actions
+        #   @return [::Array<::Google::Cloud::RecaptchaEnterprise::V1::FirewallAction>]
+        #     Optional. The actions that the caller should take regarding user access.
+        #     There should be at most one terminal action. A terminal action is any
+        #     action that forces a response, such as `AllowAction`,
+        #     `BlockAction` or `SubstituteAction`.
+        #     Zero or more non-terminal actions such as `SetHeader` might be
+        #     specified. A single policy can contain up to 16 actions.
+        class FirewallPolicy
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # The request message to list memberships in a related account group.
         # @!attribute [rw] parent
         #   @return [::String]
@@ -1202,7 +1602,7 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The name of the project to list related account groups from, in
-        #     the format "projects/\\{project}".
+        #     the format `projects/{project}`.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Optional. The maximum number of groups to return. The service might return
@@ -1239,12 +1639,21 @@ module Google
         #   @return [::String]
         #     Required. The name of the project to search related account group
         #     memberships from. Specify the project name in the following format:
-        #     "projects/\\{project}".
+        #     `projects/{project}`.
+        # @!attribute [rw] account_id
+        #   @return [::String]
+        #     Optional. The unique stable account identifier used to search connections.
+        #     The identifier should correspond to an `account_id` provided in a previous
+        #     `CreateAssessment` or `AnnotateAssessment` call. Either hashed_account_id
+        #     or account_id must be set, but not both.
         # @!attribute [rw] hashed_account_id
+        #   @deprecated This field is deprecated and may be removed in the next major version update.
         #   @return [::String]
-        #     Optional. The unique stable hashed user identifier we should search
-        #     connections to. The identifier should correspond to a `hashed_account_id`
-        #     provided in a previous `CreateAssessment` or `AnnotateAssessment` call.
+        #     Optional. Deprecated: use `account_id` instead.
+        #     The unique stable hashed account identifier used to search connections. The
+        #     identifier should correspond to a `hashed_account_id` provided in a
+        #     previous `CreateAssessment` or `AnnotateAssessment` call. Either
+        #     hashed_account_id or account_id must be set, but not both.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Optional. The maximum number of groups to return. The service might return
@@ -1280,11 +1689,18 @@ module Google
         # A membership in a group of related accounts.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name for this membership in the format
+        #     Required. Identifier. The resource name for this membership in the format
         #     `projects/{project}/relatedaccountgroups/{relatedaccountgroup}/memberships/{membership}`.
+        # @!attribute [rw] account_id
+        #   @return [::String]
+        #     The unique stable account identifier of the member. The identifier
+        #     corresponds to an `account_id` provided in a previous `CreateAssessment` or
+        #     `AnnotateAssessment` call.
         # @!attribute [rw] hashed_account_id
+        #   @deprecated This field is deprecated and may be removed in the next major version update.
         #   @return [::String]
-        #     The unique stable hashed user identifier of the member. The identifier
+        #     Deprecated: use `account_id` instead.
+        #     The unique stable hashed account identifier of the member. The identifier
         #     corresponds to a `hashed_account_id` provided in a previous
         #     `CreateAssessment` or `AnnotateAssessment` call.
         class RelatedAccountGroupMembership
@@ -1295,7 +1711,8 @@ module Google
         # A group of related accounts.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name for the related account group in the format
+        #     Required. Identifier. The resource name for the related account group in
+        #     the format
         #     `projects/{project}/relatedaccountgroups/{related_account_group}`.
         class RelatedAccountGroup
           include ::Google::Protobuf::MessageExts
@@ -1329,6 +1746,10 @@ module Google
 
             # Use reCAPTCHA action-tokens to protect user actions.
             ACTION_TOKEN = 3
+
+            # Use reCAPTCHA WAF express protection to protect any content other than
+            # web pages, like APIs and IoT devices.
+            EXPRESS = 5
           end
 
           # Web Application Firewalls supported by reCAPTCHA Enterprise.
@@ -1338,6 +1759,9 @@ module Google
 
             # Cloud Armor
             CA = 1
+
+            # Fastly
+            FASTLY = 3
           end
         end
       end