Integration Guide
Learn how to integrate Onboarding with Advanced Prefill using the RiskOS™ Evaluation API.
Socure Advanced Prefill API integration guide
This guide walks you through how to integrate with Socure’s /api/evaluation endpoint using the Advanced Prefill workflow. You’ll learn how to send minimal input data, parse the enriched response, and apply decision logic to support onboarding, fraud prevention, and conversion optimization workflows.
Onboarding with Advanced Prefill consists of two connected workflows:
Workflow: alt_advanced_pre_fill
Determines whether it’s safe to display verified identity data before onboarding continues.
Workflow: consumer_onboarding
Runs after the user confirms or enters their information. Performs full KYC and fraud checks and returns the final onboarding decision.
Before you start
Make sure your RiskOS™ environment is provisioned with:
di_session_token.Choose your environment
Start with Sandbox for development and testing, then move to Production for live applications.
https://riskos.sandbox.socure.com/api/evaluation- No real customer data
- Free testing environment
- Unlimited API calls
Get an API key
- In the Sandbox RiskOS™ Dashboard, go to Developer Workbench > API Keys.
- Copy your API key securely.
How it works
- Send a
POST /api/evaluationrequest using the Advanced Prefill workflow (alt_advanced_pre_fill) with minimal identity + device data. - RiskOS™ decides whether it’s safe to show prefilled identity details (
ACCEPT,REJECT, orON_HOLD). - If
ON_HOLD, complete One-Time Passcode (OTP) verification and resume the same evaluation withPATCH /api/evaluation/{eval_id}. - If
ACCEPT, display prefill results for user confirmation (keep sensitive fields read-only); ifREJECT, show a blank form. - After confirmation, start a new
POST /api/evaluationusing the Consumer Onboarding workflow (consumer_onboarding) to get the final onboarding decision.
Integration flow
sequenceDiagram
participant EU as End User
participant CP as Your Platform
participant SC as Socure
EU->>CP: Enter phone and DOB
CP->>SC: POST /api/evaluation alt_advanced_pre_fill
SC->>SC: Run DI → Phone Risk → SIM Swap → SNA / OTP → Prefill → Re-check
SC-->>CP: Decision (APPROVE / REJECT / ON_HOLD)
alt REJECT
CP-->>EU: Show blank form for manual entry
else APPROVE
CP-->>EU: Show prefilled form (lock phone and DOB)
else ON_HOLD
CP-->>EU: Prompt OTP entry
EU->>CP: Enter OTP
CP->>SC: PATCH /api/evaluation with OTP
SC->>SC: Validate OTP
SC-->>CP: Updated decision
CP-->>EU: Show prefilled if APPROVE, blank if REJECT
end
EU->>CP: Review and submit
CP->>SC: POST /api/evaluation consumer_onboarding (new eval_id)
SC->>SC: Run KYC and fraud checks
SC-->>CP: Final decision (APPROVE / REVIEW / REJECT)
CP-->>EU: Show onboarding result
Potential scenarios
| Scenario | Socure Response | User Experience |
|---|---|---|
| User fails Digital Intelligence checks | REJECT | User is shown a blank onboarding form |
| User fails Phone Risk + SIM Swap checks | REJECT | User is shown a blank onboarding form |
| User fails Silent Network Authentication | ON HOLD | User is prompted to enter an One-Time Passcode |
| User enters the wrong One-Time Passcode | REJECT | User is prompted to enter the correct One-Time Passcode |
| User fails One-Time Passcode | REJECT | User is shown a blank onboarding form for manual entry |
| User passes Digital Intelligence, Phone Risk, SIM Swap, Silent Network Authentication, or One-Time Passcode, but Prefill is unavailable for their profile and their second Phone Risk check fails | REJECT | User is shown a blank onboarding form for manual entry |
| User passes Digital Intelligence, Phone Risk, SIM Swap, Silent Network Authentication or One-Time Passcode, and Prefill is available for their profile | ACCEPT | User is shown an onboarding form with prefill data |
Step 1 - Collect minimal user input
Configure your platform to collect the following minimal input from the user:
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
phone_number | String | Required | User’s phone number in E.164 format. | "+1-415-555-1234" |
date_of_birth | String | Required | User’s date of birth in ISO 8601 format (YYYY-MM-DD). | "1990-05-20" |
di_session_token | String | Required | Token from the Digital Intelligence SDK that links the device session. | "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9..." |
email | String | Optional | User’s email address. | "[email protected]" |
address | Object | Optional | Mailing address fields. |
Tip:
Adding additional personally identifiable information (PII) can improve match accuracy.
Step 2 - Start a new evaluation
Endpoint
POST https://riskos.sandbox.socure.com/api/evaluationPOST https://riskos.socure.com/api/evaluationAuthentication and headers
Include your API key in the Authorization header as a Bearer token, along with standard JSON headers:
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Accept: application/json
X-API-Version: 2025-01-01.orion # optional – pins a specific API versionExample request
{
"id": "advanced-prefill-03f1de",
"timestamp": "2025-09-11T12:00:00Z",
"workflow": "alt_advanced_pre_fill",
"data": {
"individual": {
"phone_number": "+14155550001",
"date_of_birth": "1990-05-15",
"di_session_token": "sess_123",
"address": {
"country": "US"
}
}
}
}curl --location --request POST 'https://riskos.sandbox.socure.com/api/evaluation' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer YOUR_API_KEY' \
--data-raw '{
"id": "advanced-prefill-03f1de",
"timestamp": "2025-09-11T12:00:00Z",
"workflow": "alt_advanced_pre_fill",
"data": {
"individual": {
"phone_number": "+14155550001",
"date_of_birth": "1990-05-15",
"di_session_token": "sess_123",
"address": {
"country": "US"
}
}
}
}'Request schema
Top-level fields
Field | Type | Required | Description | Example |
|---|---|---|---|---|
| String | Required | Required, customer-defined unique identifier for the request. This value must be unique for each evaluation. Reusing an ID causes RiskOS™ to treat the request as a re-run and can impact processing behavior, results, and downstream workflows. |
|
| String | Required | RFC 3339 timestamp indicating when the evaluation request was initiated by your system. |
|
| String | Required | RiskOS™ workflow identifier for your environment. |
|
| Object | Required | Main payload containing consumer information, device data, and event details for evaluation. | See |
→ | Object | Required | Primary identity object containing individual's information. | See |
individual fields
individual fields| Field | Type | Required | Description | Example |
|---|---|---|---|---|
given_name | String | Optional | First name of the individual. | "Jonathan" |
family_name | String | Optional | Last name of the individual. | "Reyes" |
date_of_birth | String | Required | Date of birth in YYYY-MM-DD format. | "1979-07-30" |
email | String | Optional | Individual’s email address. | "[email protected]" |
phone_number | String | Required | Phone number in E.164 format. | "+639171234567" |
address | Object | Optional | Residential address of the individual. | See address schema below. |
address fields
address fields| Field | Type | Required | Description | Example |
|---|---|---|---|---|
line_1 | String | Required | Street address (max 255 characters). | "742 Evergreen Terrace" |
line_2 | String | Optional | Additional address info (apartment, suite, unit, etc.). | "Apt 2B" |
locality | String | Required | City or town name. | "Springfield" |
major_admin_division | String | Required | State or province code (2–3 characters). | "IL" |
country | String | Required | ISO 3166-1 alpha-2 country code. | "US" |
postal_code | String | Required | ZIP or postal code (5–10 alphanumeric characters). | "62704" |
Receive a decision
You’ll receive a decision and enrichment results from the Advanced Prefill workflow. Look for the following fields:
{
"eval_id": "126",
"decision": "ACCEPT",
"status": "COMPLETED",
"data_enrichments": {
"given_name": "Alex",
"family_name": "Martin",
"docv_status": "PASSED"
}{
"eval_id": "af-1a2b3c",
"workflow": "alt_advanced_pre_fill",
"status": "ON_HOLD",
"decision": "ON_HOLD",
"reasonCodes": ["OTP_REQUIRED"]
}{
"eval_id": "af-1a2b3c",
"workflow": "alt_advanced_pre_fill",
"status": "COMPLETED",
"decision": "REJECT",
}Key fields
| Field | Type | Description | Example |
|---|---|---|---|
eval_id | String (UUID) | Unique identifier for the evaluation run. | "7bc4b7c8-eb67-429b-919a-cdc9ab3c590f" |
decision | String | Final outcome of the evaluation. One of: ACCEPT, REJECT, REVIEW, RESUBMIT. | "ACCEPT" |
status | String | Current state of the evaluation case. One of: COMPLETED, ON_HOLD. | "COMPLETED" |
reasonCodes | Array of Strings | Machine-readable reason codes explaining the decision. | ["I555", "I602", "R223"] |
Prefill fields
| Field | Type | Description | Example |
|---|---|---|---|
name | String | Candidate’s full legal name enriched from third-party data. | "Alex Martin" |
ssn | String | U.S. Social Security Number (SSN) — available for U.S. records only. | "111-22-3333" |
address | String | Full normalized mailing address enriched during verification. | "123 Main St, Newark" |
Step 3 — Handle One-Time Passcode (if required)
If RiskOS™ can’t validate phone possession via Silent Network Authentication (SNA), the evaluation returns status: ON_HOLD and an One-Time Passcode is automatically sent to the user’s phone. Prompt the user to enter a 6-digit code to continue.
When the user submits the One-Time Passcode, resume the same evaluation with a PATCH to the /api/evaluation/{eval_id} endpoint. See One-Time Passcode Integration Guide for more information.
{
"id": "advanced-prefill-03f1de",
"timestamp": "2025-09-11T12:00:00Z",
"workflow": "alt_advanced_pre_fill",
"data": {
"individual": {
"otp": {
"code": "123456"
}
}
}
}curl --location --request PATCH 'https://riskos.sandbox.socure.com/api/evaluation/{eval_id}' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer YOUR_API_KEY' \
--data-raw '{
"id": "advanced-prefill-03f1de",
"timestamp": "2025-09-11T12:00:00Z",
"workflow": "alt_advanced_pre_fill",
"data": {
"individual": {
"otp": {
"code": "123456"
}
}
}
}'Request schema
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
id | String | Required | Unique request ID for tracking. | "advanced-prefill-03f1de" |
timestamp | String | Required | RFC 3339 timestamp. | "2025-09-11T12:00:00Z" |
workflow | String | Required | RiskOS™ workflow name. | "alt_advanced_pre_fill" |
data.individual | Object | Required | Primary identity object. | { "phone_number": "+14155550001" } |
→ individual.otp | Object | Optional | Container for One-Time Passcode verification data. | { "code": "123456" } |
→ individual.otp.code | String | Required | 6-digit One-Time Passcode entered by the user. | "123456" |
Receive a decision
You’ll receive a decision and enrichment results from the Advanced Prefill workflow.
When the One-Time Passcode is verified successfully, the response incldues "status": "approved".
{
"verification": {
"otp": {
"response": {
"attemptCount": 1,
"status": "approved",
"verificationId": "test-verification-001"
}
}
}
}Response schema
Top-level fields
decisionvalues are workflow-specific and may differ from the examples shown in this guide.
| Field | Type | Description | Example |
|---|---|---|---|
id | String | Unique evaluation identifier. | "OTP-Test" |
workflow | String | RiskOS™ workflow name used for the evaluation. | "individual_onboarding" |
decision | String (enum) | Final evaluation result. Possible values: • ACCEPT• REVIEW• REJECTNote: The fields returned can be customized to fit your integration or business needs. | "REJECT" |
decision_at | String (RFC 3339) | Timestamp of the final decision. | "2025-09-26T21:31:27.662218159Z" |
status | String (enum) | Case-level status of the evaluation. Possible values: • OPEN• CLOSED | "CLOSED" |
sub_status | String | Provides additional detail about the evaluation status. Example values: • Under Review• Pending Verification• Accept• Reject | "Accept" |
tags | Array of Strings | Descriptive labels summarizing the decision context. | ["OTP Unsuccessful"] |
review_queues | Array of Strings | Queues used for routing manual reviews. | ["Default Queue"] |
data_enrichments | Array of Objects | List of enrichment calls (e.g., One-Time Passcode send/verify attempts), including request/response details and provider metadata. | — |
eval_status | String (enum) | Internal RiskOS™ evaluation lifecycle state. Possible values: • evaluation_completed• evaluation_paused• evaluation_in_progress | "evaluation_completed" |
environment_name | String | Indicates which environment the evaluation ran in. Typically Sandbox for testing or Production for live traffic. | "Sandbox" |
data_enrichments fields
data_enrichments fields| Field | Type | Description | Example |
|---|---|---|---|
enrichment_name | String | Name of the enrichment product or data service executed during evaluation. | "Deliver OTP SMS" |
enrichment_endpoint | String | Full API endpoint used to perform the enrichment request. | "https://api.socure.com/api/3.0/EmailAuthScore" |
enrichment_provider | String | The provider or system responsible for the enrichment. | "Socure" |
status_code | Integer | HTTP response code returned from the enrichment provider. | 200 |
request | Object | JSON payload sent to the enrichment provider containing request parameters or applicant data. | |
response | Object | JSON payload returned by the enrichment provider containing verification or enrichment results. |
Resuming with missing identity data
If the One-Time Passcode is verified successfully but the response returns status: "ON_HOLD" with a sub_status: "More information needed", it indicates that the system has verified device possession but requires manual entry of PII to complete the prefill.
How to resume
Issue a PATCH request to the /api/evaluation/{eval_id} endpoint.
- URL: Append the
eval_idfrom the initial response to the endpoint. - Body: Include all mandatory top-level fields and the collected PII within the
individualobject.
Body: Include all mandatory top-level fields and the collected PII within the individual object.
Example Patch request to resume
{
"id": "advanced-prefill-03f1de",
"workflow": "alt_advanced_pre_fill",
"timestamp": "2026-02-13T16:38:37Z",
"data": {
"individual": {
"given_name": "Jane",
"family_name": "Smith",
"address": {
"line_1": "123 Main St",
"locality": "Newark",
"major_admin_division": "NJ",
"postal_code": "07102",
"country": "US"
}
}
}
}curl --location --request PATCH 'https://riskos.sandbox.socure.com/api/evaluation/ap_559771af-a321-4c67-ad53-27cd17f27b60' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer YOUR_API_KEY' \
--data-raw '{
"id": "advanced-prefill-03f1de",
"workflow": "alt_advanced_pre_fill",
"timestamp": "2026-02-13T16:38:37Z",
"data": {
"individual": {
"given_name": "Jane",
"family_name": "Smith",
"address": {
"line_1": "123 Main St",
"locality": "Newark",
"major_admin_division": "NJ",
"postal_code": "07102",
"country": "US"
}
}
}
}'Step 4 — Display the Prefill results
Once the Prefill evaluation completes, use the returned decision to determine how to display the form and collect user confirmation.
-
If
APPROVE: Display the prefilled data returned by RiskOS™. Lock sensitive fields such asphone_numberanddate_of_birthso the user cannot modify them. -
If
REJECT: Do not prefill any data. Present an empty form and allow the user to enter their information manually. -
If
ON_HOLD: Pause until the One-Time Passcode verification process completes and Socure returns an updated response.
After the prefilled data (if any) is shown, prompt the user to review and confirm their information:
- Users may edit or confirm non-sensitive fields (e.g., name, address, email).
- The original
phone_numberanddate_of_birthfields must remain read-only. - If Prefill was rejected, collect all required fields manually.
When the user submits the form:
- Capture all confirmed or manually entered fields.
- Prepare the payload for the next workflow,
consumer_onboarding. - Reuse the same
di_session_tokenfrom the original Prefill request.
Once complete, proceed to Step 5 — Start the Consumer Onboarding workflow to initiate full KYC and fraud checks.
Step 5 — Start the Consumer Onboarding workflow
After the user reviews and confirms their information, send a new POST request to the /api/evaluation endpoint using the Consumer Onboarding workflow. This workflow performs full KYC and fraud evaluations and returns the final onboarding decision.
See Consumer Onboarding for more information.
{
"id": "onb-12345",
"timestamp": "2023-12-01T08:15:30.456Z",
"workflow": "consumer_onboarding",
"data": {
"individual": {
"id": "ind-9876543",
"given_name": "Jane",
"family_name": "Smith",
"national_id": "123456789",
"date_of_birth": "1990-05-15",
"email": "[email protected]",
"phone_number": "+1-312-555-1234",
"di_session_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ...PiUsws9D6O3DjSjNDCbIJKciX44s",
"address": {
"line_1": "742 Evergreen Terrace",
"line_2": "Apt 12B",
"locality": "Springfield",
"major_admin_division": "IL",
"country": "US",
"postal_code": "62704"
}
},
"line_of_business": "ACME Inc",
"channel": "web",
"ip_address": "203.0.113.10"
}
}curl --request POST \
--url https://riskos.socure.com/api/evaluation \
--header 'Authorization: Bearer YOUR_API_KEY' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
"data": {
"individual": {
"address": {
"line_1": "742 Evergreen Terrace",
"line_2": "Apt 12B",
"locality": "Springfield",
"major_admin_division": "IL",
"country": "US",
"postal_code": "62704"
},
"id": "ind-9876543",
"given_name": "Jane",
"family_name": "Smith",
"national_id": "123456789",
"date_of_birth": "1990-05-15",
"email": "[email protected]",
"phone_number": "+1-312-555-1234",
"di_session_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ...PiUsws9D6O3DjSjNDCbIJKciX44s"
},
"line_of_business": "ACME Inc",
"channel": "web",
"ip_address": "203.0.113.10"
},
"id": "onb-12345",
"timestamp": "2023-12-01T08:15:30.456Z",
"workflow": "consumer_onboarding"
}'
Request schema
Top-level fields
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
eval_id | String | Required | Unique identifier for the evaluation request. | "onb-12345" |
timestamp | String (ISO 8601) | Required | Timestamp when the request was created. | "2023-12-01T08:15:30.456Z" |
workflow | String | Required | Workflow identifier for the Consumer Onboarding process. | "consumer_onboarding" |
| data` | Object | Required | Main payload containing business and individual information | |
→ individual | Object | Required | Primary identity object containing applicant information. | See individual object below. |
individualfields
individualfields| Field | Type | Required | Description | Example |
|---|---|---|---|---|
given_name | String | Required | First name of the individual. | "Jane" |
family_name | String | Required | Last name of the individual. | "Smith" |
national_id | String | Required | National identifier such as SSN or ITIN. | "123456789" |
date_of_birth | String | Required | Must match the date of birth provided during Prefill. | "1990-05-15" |
phone_number | String | Required | Must match the phone number provided during Prefill. | "+1-312-555-1234" |
address | Object | Preferred | Physical address fields. | See address object below. |
email | String | Optional | Primary email address of the individual. | "[email protected]" |
phone_number | String | Required | Consumer’s phone number in E.164 format (includes country code). | "+1-312-555-1234" |
date_of_birth | String | Required | ISO 8601 (YYYY-MM-DD) formatted date of birth. | "1990-05-15" |
di_session_token | String | Required | Session token returned by the Device Intelligence SDK. | "eyJraWQiOiJmMzRiN2YiLCJhbGciOiJIUzUxMiJ9..." |
additional_context.disclosure_purpose | String | Required | Must be set to GLBA_502(e) for First Party Fraud compliance. | "GLBA_502(e)" |
addressfields
addressfields| Field | Type | Required | Description | Example |
|---|---|---|---|---|
line_1 | String | Required | Street number/house name and street. | "742 Evergreen Terrace" |
line_2 | String | Optional | Additional address data (apartment, landmarks). | "Apt 12B" |
locality | String | Required | City, town, or village. | "Springfield" |
minor_admin_division | String | Required | District or borough. | "Downtown" |
major_admin_division | String | Required | State or province. | "IL" |
country | String (ISO 3166-1 alpha-2) | Required | Country code (e.g., US, CA). | "US" |
postal_code | String | Required | Postal or ZIP code. | "62704" |
Test in Sandbox
The Sandbox environment uses mock API requests and response. You can use Sandbox to simulate various identity and fraud scenarios.
- Endpoint:
POST /api/evaluation - Base URL (Sandbox):
https://riskos.sandbox.socure.com/api/evaluation - Auth:
Authorization: Bearer YOUR_SANDBOX_KEY
Sandbox personas
| Phone | DOB | Outcome |
|---|---|---|
+14155550001 | 1990-05-15 | APPROVE |
+14155550002 | 1985-03-30 | DECLINE |
+14155550003 | 1992-11-02 | REVIEW |
Validation checklist
Inputs
YYYY-MM-DD)
eval_id is reused across related requests
Routing & policy
APPROVE, ON_HOLD, REVIEW, DECLINE) are handled
Errors & resilience
Updated 11 days ago