Create reCAPTCHA Enterprise assessments via the REST API to score user actions

Verified steps

1. Enable the reCAPTCHA Enterprise API in your Google Cloud project and create a site key in the Google Cloud Console under Security > reCAPTCHA Enterprise; choose the key type appropriate to your use case (score-based for invisible or checkbox-based for challenge).
2. On your web page, load the reCAPTCHA Enterprise JavaScript with your site key and call grecaptcha.enterprise.execute(YOUR_SITE_KEY, {action: 'YOUR_ACTION_NAME'}) to obtain a token; the action name (login, signup, checkout) is used to build per-action models.
3. Send the token from the client to your backend; your backend calls the projects.assessments.create method: POST to https://recaptchaenterprise.googleapis.com/v1/projects/YOUR_PROJECT_ID/assessments with an API key or service account credential in the Authorization header.
4. The request body contains event.token (the client token), event.siteKey, and optionally event.userAgent and event.userIpAddress for improved accuracy; include event.expectedAction to validate that the token was created for the expected action.
5. Parse the response: tokenProperties.valid must be true (false means the token is invalid or expired); riskAnalysis.score ranges from 0.0 (likely bot) to 1.0 (likely human); riskAnalysis.reasons[] provides additional signals such as AUTOMATION or LOW_CONFIDENCE_SCORE.
6. Call projects.assessments.annotate after you confirm whether the action was fraudulent or legitimate; annotations improve the site-specific model over time and are a best-practice requirement for Enterprise accounts.