I integrated reCAPTCHA Enterprise (score-based) in my web application. Everything is working fine, and I am getting the score. I want to configure "Account Defender" and "SMS toll fraud protection."  For "SMS toll fraud protection", I am sending the account identifier to the API. While configuring the account defender, getting an API error in "Annotate Login Events". Below is my code

1. First I created the reCAPTCHA Enterprise assessment, got the assessment_id (name field), and sent that assessment_id to annotate the assessment

const url = `https://recaptchaenterprise.googleapis.com/v1/${result}:annotate`;

const data = {
"annotation": "LEGITIMATE",
"reasons": "REASON_UNSPECIFIED"
};

fetch(url, {
method: 'POST',
mode: 'no-cors',
body: JSON.stringify(data),
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer APIKEY'
}

}).then(response => {
if (response.ok) {
return response.json();
}
else if (response.status === 404) {
console.error("Assessment ID not found:", assessmentId);
// Handle the case of a non-existent assessment
}
else {
throw new Error(`Error fetching reCAPTCHA Enterprise data: ${response.status}`);
}
}).then(result => {
console.log("result", result)
})
.catch(error => {
console.error("Error verifying reCAPTCHA token:", error);
});

 getting 403 error "https://recaptchaenterprise.googleapis.com/v1/projects/project_id/assessments/18ebc7dac6000000:annotate net::ERR_ABORTED 403 (Forbidden)"

Please let me know what I did wrong