Integration Guide

Overview

This integration has two stages:

Advanced Prefill
- Collect phone_number, date_of_birth, and di_session_token.
- Send POST /api/evaluation with the Advanced Prefill workflow.
- If the response returns status: ON_HOLD, collect a One-Time Passcode and resume the same evaluation with PATCH /api/evaluation/{eval_id}.
- If the final Prefill decision is ACCEPT, display prefilled identity data.
- If the final Prefill decision is REJECT, display a blank onboarding form.
Consumer Onboarding
- Create a new evaluation.
- Send POST /api/evaluation with the Consumer Onboarding workflow.
- Reuse the confirmed phone_number, date_of_birth, and original di_session_token.
- Submit the full onboarding payload and use the final onboarding decision for routing.

Before you start

Make sure you have:

A workflow configured for the Advanced Prefill and Consumer Onboarding solutions.

Integration with the Digital Intelligence SDK to collect the required di_session_token.

A two-field identity form to collect the consumer’s phone number and date of birth to initiate the Prefill lookup.

An OTP submission form to collect a one-time passcode if the evaluation enters an ON_HOLD state.

A primary onboarding form to display and submit prefilled identity data to the Consumer Onboarding workflow.

Carrier approval, if using SIM Swap or Silent Network Authentication with supported U.S. carriers (AT&T, Verizon, and T-Mobile).

Advanced Prefill quickstart

Endpoint

Start with Sandbox for development and testing, then move to Production for live applications.

https://riskos.sandbox.socure.com/api/evaluation

No real customer data
Free testing environment
Unlimited API calls

Authentication

In the Sandbox RiskOS™ Dashboard, go to Developer Workbench > API Keys.
Copy your API key securely.

Include your API key in the Authorization header as a Bearer token, along with standard JSON headers:

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Accept: application/json
X-API-Version: 2025-01-01.orion   # optional – pins a specific API version

Minimum example request

{
  "id": "a86580cc-1733-4188-86b5-717166e1db8c",
  "timestamp": "2026-04-02T12:00:00Z",
  "workflow": "alt_advanced_pre_fill",
  "data": {
    "individual": {
      "phone_number": "+16673681976",
      "date_of_birth": "1992-03-11",
      "di_session_token": "YOUR_DI_SESSION_TOKEN"
    }
  }
}

curl --request POST \
  --url https://riskos.sandbox.socure.com/api/evaluation \
  --header "Authorization: Bearer YOUR_API_KEY" \
  --header "Content-Type: application/json" \
  --header "Accept: application/json" \
  --data '{
    "id": "a86580cc-1733-4188-86b5-717166e1db8c",
    "timestamp": "2026-04-02T12:00:00Z",
    "workflow": "alt_advanced_pre_fill",
    "data": {
      "individual": {
        "phone_number": "+16673681976",
        "date_of_birth": "1992-03-11",
        "di_session_token": "YOUR_DI_SESSION_TOKEN"
      }
    }
  }'

Decision handling (Advanced Prefill)

Decision	Action
`ACCEPT`	Display prefilled identity data and continue onboarding
`REJECT`	Do not display prefill — present blank form or fallback flow
`ON_HOLD`	Collect One-Time Passcode and resume evaluation using `PATCH /api/evaluation/{eval_id}`

Note: ON_HOLD is a temporary state triggered when additional verification (One-Time Passcode) is required.

Common outcomes

Scenario	RiskOS™ Decision	User Experience
User fails Digital Intelligence checks	`REJECT`	User is shown a blank onboarding form
User matches a deny list or fails Phone Risk / SIM Swap checks	`REJECT`	User is shown a blank onboarding form
Silent Network Authentication (SNA) fails and additional verification is required	`ON_HOLD`	User is prompted to enter a One-Time Passcode
One-Time Passcode verification does not complete successfully	`REJECT`	User is shown a blank onboarding form for manual entry
Prefill data is not available or cannot be safely returned	`REJECT`	User is shown a blank onboarding form for manual entry
Risk checks pass and Prefill data is available	`ACCEPT`	User is shown an onboarding form with prefilled identity data

What matters for your integration (Advanced Prefill)

Category	Fields	How to use
Required to send	`id`, `timestamp`, `workflow`, `data`	Minimum fields required to submit a valid Prefill request
Required to act on	`decision`, `status`	Use `decision` for logic; use `status = ON_HOLD` to detect OTP step-up
Required to store	`id`, `eval_id`	Persist for OTP resume (`PATCH`) and traceability
Optional but useful	`tags`, `notes`	Use for debugging, routing, and internal visibility
Diagnostic only	`data_enrichments`, `sub_status`	Use for debugging only — not for primary decisioning

📘
Key differences from Consumer Onboarding:

Prefill uses minimal inputs only (no full PII).

Prefill decisions are data disclosure decisions, not final KYC.

Prefill may enter ON_HOLD (One-Time Passcode step-up) — onboarding does not use this pattern.

A new evaluation must be created for the Consumer Onboarding workflow.

Advanced Prefill integration contract

endpoint: POST /api/evaluation
workflow: alt_advanced_pre_fill

authentication:
  type: Bearer token
  header: Authorization

content_type: application/json

required_top_level_fields:
  - id
  - timestamp
  - workflow
  - data

required_identity_fields:
  - phone_number
  - date_of_birth

required_device_field:
  - di_session_token

primary_decision_field: decision

important_response_fields:
  - decision
  - eval_id
  - status
  - tags

traceability_fields:
  - id
  - eval_id

do_not_use_for_primary_decision:
  - sub_status

How the workflow evaluates a user

After you submit an Advanced Prefill evaluation request, RiskOS™ determines whether it is safe to return prefilled identity data. This workflow performs risk-based gating using device, phone, and network signals before allowing any data disclosure.

Typical stages include:

Device and network risk
Review Digital Intelligence signals such as device integrity, network risk, velocity, and behavioral patterns.
Deny list screening
Check the user’s email, phone, device, and IP against configured deny lists.
Phone risk and SIM swap detection
Evaluate phone number risk and indicators of SIM swap or ineligible phone activity.
Silent Network Authentication (SNA)
Attempt to verify phone possession using carrier-based authentication. If SNA fails, the workflow may require step-up verification.
One-Time Passcode step-up verification (conditional)
If additional verification is required, the evaluation enters an ON_HOLD state and requires a one-time passcode to continue.
Prefill enrichment
Retrieve prefilled identity data from Socure. If required identity attributes are not returned, the evaluation is rejected.
Final decision
Return a data disclosure decision indicating whether prefilled identity data can be shown to the user.

sequenceDiagram
    participant EU as End User
    participant CP as Your Platform
    participant SC as Socure

    EU->>CP: Enter phone and DOB
    CP->>SC: POST /api/evaluation alt_advanced_pre_fill

    SC->>SC: Run DI → Deny Lists → Phone Risk / SIM Swap

    alt High risk or deny list match
        SC-->>CP: Decision (REJECT)
        CP-->>EU: Show blank form for manual entry
    else Pass initial checks
        SC->>SC: Attempt SNA

        alt SNA success
            SC->>SC: Run Prefill
            SC-->>CP: Decision (ACCEPT or REJECT)
        else SNA fail
            SC-->>CP: status = ON_HOLD (OTP required)
            CP-->>EU: Prompt OTP entry
            EU->>CP: Enter OTP
            CP->>SC: PATCH /api/evaluation with OTP
            SC->>SC: Resume → Run Prefill
            SC-->>CP: Decision (ACCEPT or REJECT)
        end

        alt ACCEPT
            CP-->>EU: Show prefilled form (lock phone and DOB)
        else REJECT
            CP-->>EU: Show blank form for manual entry
        end
    end

    EU->>CP: Review and submit
    CP->>SC: POST /api/evaluation consumer_onboarding (new evaluation)
    SC->>SC: Run KYC and fraud checks
    SC-->>CP: Final decision (ACCEPT / REVIEW / REJECT)
    CP-->>EU: Show onboarding result

Request schema

The example below shows a typical Advanced Prefill request using minimal inputs, including phone number, date of birth, and device data (di_session_token) to evaluate whether prefilled identity data can be returned.

Example request

{
  "id": "advanced-prefill-03f1de",
  "timestamp": "2025-09-11T12:00:00Z",
  "workflow": "alt_advanced_pre_fill",
  "data": {
    "individual": {
      "phone_number": "+14155550001",
      "date_of_birth": "1990-05-15",
      "di_session_token": "sess_123",
      "address": {
        "country": "US"
      }
    }
  }
}

curl --location --request POST 'https://riskos.sandbox.socure.com/api/evaluation' \
  --header 'Content-Type: application/json' \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --data-raw '{
    "id": "advanced-prefill-03f1de",
    "timestamp": "2025-09-11T12:00:00Z",
    "workflow": "alt_advanced_pre_fill",
    "data": {
      "individual": {
        "phone_number": "+14155550001",
        "date_of_birth": "1990-05-15",
        "di_session_token": "sess_123",
        "address": {
          "country": "US"
        }
      }
    }
  }'

Request structure overview

id
timestamp
workflow
data
└─ individual
  ├─ phone_number
  ├─ date_of_birth
  └─ di_session_token

Common identity and device fields

The table below lists the typical identity and device inputs that can be provided to the Advanced Prefill workflow.

Only a minimal subset is required to perform the Prefill lookup. Additional fields may be included to improve match accuracy and enable additional checks.

Field	Type	Description	Example
`phone_number`	String	Consumer's phone number. The API expects E.164 format but tolerates hyphens and spaces for user convenience.	`"+1-667-368-1976"`
`date_of_birth`	String	Consumer's date of birth in ISO 8601 format (`YYYY-MM-DD`).	`"1992-03-11"`
`di_session_token`	String	Token from the Digital Intelligence SDK that links the device session. Must be generated client-side before submitting the evaluation.	`"eyJraWQiOi_di_token"`
`email`	String	Consumer's email address. May be used for additional checks such as deny list screening.	`"[email protected]"`
`address`	Object	Consumer's mailing address. Including address data may improve Prefill match accuracy.	`"742 Evergreen Terrace, Springfield, IL 62704, US"`
`given_name`	String	Consumer's first name. Can improve match accuracy if provided.	`"Franky"`
`family_name`	String	Consumer's last name. Can improve match accuracy if provided.	`"Valley"`

Field reference

Top-level fields

Field	Type	Required	Description	Example
`id`	String	Required	Required, customer-defined unique identifier for the request. This value must be unique for each evaluation. Reusing an ID causes RiskOS™ to treat the request as a re-run and can impact processing behavior, results, and downstream workflows.	`"a86580cc-1733-4188-86b5-717166e1db8c"`
`timestamp`	String `<Date-Time>`	Required	RFC 3339 timestamp indicating when the evaluation request was initiated by your system.	`"2025-05-02T12:44:22.059Z"`
`workflow`	String	Required	Your environment-specific workflow identifier. You can find this value in the RiskOS™ Dashboard > Developer Workbench > Integration Checklist. Note: The workflow name must be unique within your RiskOS™ environment. It is not scoped by use case and must identify a single active workflow for each Evaluation API request.	`"alt_advanced_pre_fill"`
`data`	Object	Required	Main payload containing consumer information, device data, and event details for evaluation.
→`individual`	Object	Required	Primary identity object containing individual's information.	See `individual` schema below.

`individual` fields

👍
Tip:
Adding additional PII can improve match accuracy.

Field	Type	Required	Description	Example
`phone_number`	String	Required	Consumer's phone number. The API expects E.164 format but tolerates hyphens and spaces for user convenience.	`"+1-667-368-1976"`
`date_of_birth`	String	Required	Consumer's date of birth in ISO 8601 format (`YYYY-MM-DD`).	`"1992-03-11"`
`di_session_token`	String (UUID)	Required	Token from the Digital Intelligence SDK that links the device session. Must be generated client-side before submitting the evaluation.	`"eyJraWQiOi_di_token"`
`email`	String	Optional	Consumer's email address. May be used for additional checks such as deny list screening.	`"[email protected]"`
`address`	Object	Optional	Consumer's mailing address. Including address data may improve Prefill match accuracy.	See `address` schema below.
`given_name`	String	Optional	Consumer's first/given name. Can improve match accuracy if provided.	`"Franky"`
`family_name`	String	Optional	Consumer's last/family name. Can improve match accuracy if provided.	`"Valley"`
`id`	String	Optional	Customer-defined identifier that maps to `userId` in enrichments or internal systems.	`"username"`

`address` fields

Field	Type	Required	Description	Example
`line_1`	String	Optional	The first line of the consumer's address.	`"742 Evergreen Terrace"`
`line_2`	String	Optional	An optional second line for the address, such as apartment number, suite, or building landmarks.	`"Apt 2B"`
`locality`	String	Optional	City, town, or village name where the consumer resides.	`"Springfield"`
`major_admin_division`	String	Optional	The state, province, or region where the consumer resides.	`"IL"`
`country`	String	Optional	The country where the consumer resides, specified in ISO 3166-1 alpha-2 country code for international address standardization.	`"US"`
`postal_code`	String	Optional	The consumer's ZIP code, postal code, or equivalent regional identifier for mail delivery.	`"62704"`

Interpret the response

Use the Advanced Prefill response to decide whether to:

show prefilled identity data,
collect a One-Time Passcode, or
fall back to a blank onboarding form.

Response handling rules

Condition	What it means	Action
`decision = ACCEPT`	Prefilled identity data can be disclosed	Show the prefilled onboarding form
`decision = REJECT`	Prefilled identity data cannot be disclosed	Show a blank onboarding form
`status = ON_HOLD`	Additional verification is required	Collect One-Time Passcode and resume the same evaluation with `PATCH /api/evaluation/{eval_id}`

Example response

{
  "id": "advanced-prefill-03f1de",
  "workflow": "alt_advanced_pre_fill",
  "eval_id": "7bc4b7c8-eb67-429b-919a-cdc9ab3c590f",
  "decision": "ACCEPT",
  "status": "CLOSED",
  "data_enrichments": [
    {
      "enrichment_name": "Socure Prefill",
      "response": {
        "prefill": {
          "firstName": "Alex",
          "surName": "Martin"
        }
      }
    }
  ]
}

{
  "workflow": "alt_advanced_pre_fill",
  "status": "ON_HOLD",
  "sub_status": "Awaiting Customer OTP"
}

{
  "workflow": "alt_advanced_pre_fill",
  "decision": "REJECT"
}

Note: These examples are illustrative. Actual response payloads may include additional evaluation metadata such as id, eval_id, status, and sub_status.

Key fields

Field	Type	Description	Example
`eval_id`	String (UUID)	Unique identifier for the evaluation run. Persist this value for traceability and any required `PATCH` requests.	`"7bc4b7c8-eb67-429b-919a-cdc9ab3c590f"`
`decision`	String	Data disclosure decision returned by the Advanced Prefill workflow. Typically `ACCEPT` or `REJECT` when the evaluation is complete.	`"ACCEPT"`
`status`	String	Current evaluation state. `ON_HOLD` indicates One-Time Passcode verification is required before the evaluation can continue.	`"ON_HOLD"`
`sub_status`	String	Additional detail about the current evaluation state.	`"Awaiting Customer OTP"`
`data_enrichments`	Array of Objects	Enrichment outputs returned by the workflow, including Prefill and supporting checks.	See examples above

Prefill fields

The Prefill data is returned in the Socure Prefill enrichment response.

Note: Additional identity attributes (such as address or other profile data) may be returned depending on data availability and configuration.

Field	Type	Description	Example
`prefill.firstName`	String	Prefilled first name returned by the workflow	`"Alex"`
`prefill.surName`	String	Prefilled last name returned by the workflow	`"Martin"`

Handle One-Time Passcode (if required)

If the Advanced Prefill evaluation returns status: ON_HOLD (with sub_status = Awaiting Customer OTP), collect a One-Time Passcode and resume the same evaluation. See One-Time Passcode Integration Guide for more information.

Resume request

Use the eval_id returned from the initial Advanced Prefill response.

Send a PATCH request to:

/api/evaluation/{eval_id}

Required fields

Field	Required	Description	Example
`id`	Yes	Customer-defined request identifier	`"advanced-prefill-03f1de"`
`timestamp`	Yes	RFC 3339 timestamp	`"2025-09-11T12:00:00Z"`
`workflow`	Yes	`alt_advanced_pre_fill`	`"alt_advanced_pre_fill"`
`data.individual.otp.code`	Yes	One-Time Passcode entered by the user	`"123456"`

Outcome handling

After the PATCH request, RiskOS™ resumes the same evaluation and returns an updated response.

Condition	Action
`decision = ACCEPT`	Show prefilled identity data and continue onboarding
`decision = REJECT`	Show a blank onboarding form or fallback flow

Display the Prefill results

Once the Advanced Prefill evaluation completes, use the returned outcome to determine how to display the form and collect user confirmation.

If ACCEPT: Display the prefilled data returned by RiskOS™.
If REJECT: Do not prefill any data. Present an empty form and allow the user to enter their information manually.

After prefilled data is shown, prompt the user to review and confirm their information.

Users may edit or confirm non-sensitive fields such as name, address, or email.
The original phone_number and date_of_birth values should remain read-only.
If Prefill is rejected, collect the required onboarding fields manually.

When the user submits the form:

Capture all confirmed or manually entered fields.
Prepare the payload for the Consumer Onboarding workflow.
Reuse the original di_session_token from the Advanced Prefill request.

Then create a new evaluation using the Consumer Onboarding workflow.

Start the Consumer Onboarding workflow

After the user reviews and confirms their information, create a new evaluation and send a new POST /api/evaluation request using workflow: consumer_onboarding.

What to carry forward from Advanced Prefill

Create a new top-level id
Reuse the confirmed phone_number
Reuse the confirmed date_of_birth
Reuse the original di_session_token
Include any prefilled or user-confirmed identity fields required by your Consumer Onboarding workflow
Do not reuse the Advanced Prefill eval_id

See Consumer Onboarding for complete request and response details.

{
  "id": "onb-12345",
  "timestamp": "2023-12-01T08:15:30.456Z",
  "workflow": "consumer_onboarding",
  "data": {
    "individual": {
      "given_name": "Jane",
      "family_name": "Smith",
      "national_id": "123456789",
      "date_of_birth": "1990-05-15",
      "email": "[email protected]",
      "phone_number": "+1-312-555-1234",
      "di_session_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ...PiUsws9D6O3DjSjNDCbIJKciX44s",
      "address": {
        "line_1": "742 Evergreen Terrace",
        "line_2": "Apt 12B",
        "locality": "Springfield",
        "major_admin_division": "IL",
        "country": "US",
        "postal_code": "62704"
      },
      "additional_context": {
        "disclosure_purpose": "GLBA_502(e)"
      }
    }
  }
}

curl --request POST \
  --url https://riskos.sandbox.socure.com/api/evaluation \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
    "id": "onb-12345",
    "timestamp": "2023-12-01T08:15:30.456Z",
    "workflow": "consumer_onboarding",
    "data": {
      "individual": {
        "given_name": "Jane",
        "family_name": "Smith",
        "email": "[email protected]",
        "phone_number": "+1-312-555-1234",
        "date_of_birth": "1990-05-15",
        "national_id": "123456789",
        "di_session_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ...PiUsws9D6O3DjSjNDCbIJKciX44s",
        "address": {
          "line_1": "742 Evergreen Terrace",
          "line_2": "Apt 12B",
          "locality": "Springfield",
          "major_admin_division": "IL",
          "country": "US",
          "postal_code": "62704"
        },
        "additional_context": {
          "disclosure_purpose": "GLBA_502(e)"
        }
      }
    }
  }'

Validation checklist

Inputs

Phone number is in E.164 format

Date of birth is in ISO 8601 (YYYY-MM-DD) format

di_session_token is collected from an active Digital Intelligence session

eval_id is stored and reused only for OTP PATCH requests

A new evaluation is created for the consumer_onboarding workflow

Routing & policy

Phone number and date of birth remain immutable after the initial Prefill request

All Advanced Prefill outcomes (ACCEPT, REJECT, ON_HOLD) are handled correctly

A new evaluation is created for the consumer_onboarding workflow

Errors & resilience

Error responses are captured and logged safely

Retry and backoff logic are implemented where appropriate

Overview

Before you start

Advanced Prefill quickstart

Endpoint

Authentication

Minimum example request

Decision handling (Advanced Prefill)

Common outcomes

What matters for your integration (Advanced Prefill)

Advanced Prefill integration contract

How the workflow evaluates a user

Request schema

Example request

Request structure overview

Common identity and device fields

Field reference

Top-level fields

individual fields

address fields

Interpret the response

Response handling rules

Example response

Key fields

Prefill fields

Handle One-Time Passcode (if required)

Resume request

Required fields

Outcome handling

Display the Prefill results

Start the Consumer Onboarding workflow

What to carry forward from Advanced Prefill

Validation checklist

Inputs

Routing & policy

Errors & resilience

`individual` fields

`address` fields