DocV Direct API Integration
The end-to-end SDK integration path: create an evaluation, receive the docvTransactionToken, and launch capture with a native or Web SDK.
Use the SDK path when you want to embed Socure's document capture UI directly in your app — most mobile and web onboarding flows. Your app launches the SDK with a docvTransactionToken from the evaluation response, and the SDK guides the consumer through document and selfie capture.
This guide covers the SDK path end to end. For the fully hosted, no-SDK alternative, see Integrate DocV with Hosted Flows.
Your workflow sets the path:
You select the SDK path by calling a workflow configured for the SDK — not by a request field. That workflow returns the
docvTransactionTokenyour app passes to the SDK.
Before you start
ACCEPT, REVIEW, REJECT).evaluation_completed events for asynchronous decisions and optional case_notes_added events for status updates.Test with Postman
Use this Postman collection to send sample requests to the Evaluation API and validate your Direct API integration in Sandbox.
Step 1: Create the evaluation
Submit consumer data to the RiskOS™ Evaluation API. Because your workflow contains a Document Request step, RiskOS™ pauses the evaluation and returns the docvTransactionToken your app uses to launch capture.
Endpoint and authentication
Start with Sandbox for development and testing, then move to Production for live applications.
POST https://riskos.sandbox.socure.com/api/evaluationPOST https://riskos.socure.com/api/evaluationInclude your API key as a Bearer token:
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Accept: application/json
X-API-Version: 2025-01-01.orion # optional – pins a specific API versionExample request
Send the consumer's PII and your docv.config capture settings. The SDK path does not use data.individual.custom.redirect_uri — that field is for Hosted Flows.
curl --request POST \
--url https://riskos.sandbox.socure.com/api/evaluation \
--header "Authorization: Bearer YOUR_API_KEY" \
--header "Content-Type: application/json" \
--data '{
"id": "APP-123456",
"timestamp": "2025-07-31T15:00:10.761Z",
"workflow": "consumer_onboarding",
"data": {
"individual": {
"given_name": "John",
"family_name": "Smith",
"date_of_birth": "1989-05-07",
"phone_number": "+19998887777",
"address": {
"line_1": "1234 N College Ave",
"locality": "New York City",
"major_admin_division": "NY",
"country": "US",
"postal_code": "10001"
},
"docv": {
"config": {
"use_case_key": "your-use-case-key",
"document_type": "license",
"language": "en-us"
}
}
}
}
}'{
"id": "APP-123456",
"timestamp": "2025-07-31T15:00:10.761Z",
"workflow": "consumer_onboarding",
"data": {
"individual": {
"given_name": "John",
"family_name": "Smith",
"date_of_birth": "1989-05-07",
"phone_number": "+19998887777",
"address": {
"line_1": "1234 N College Ave",
"locality": "New York City",
"major_admin_division": "NY",
"country": "US",
"postal_code": "10001"
},
"docv": {
"config": {
"use_case_key": "your-use-case-key",
"document_type": "license",
"language": "en-us"
}
}
}
}
}Configure by DocV product
DocV supports four flow types. They share the same PII fields described earlier in this topic, but each requires different docv configuration, and the result returns a different enrichment object. You select the flow with the use_case_key from your published Capture App flow — the rest of the request changes as shown in the following tabs.
| Flow type | Distinguishing request fields | Result enrichment object |
|---|---|---|
| Document Verification | config.document_type (license | passport) to skip the selection screen | documentVerification |
| Secondary Document Capture | config.use_case_key for a secondary-document flow; no document_type | secondaryDocument |
| Selfie Intelligence | config.use_case_key for a selfie flow; no document_type | selfieIntelligence |
| Selfie Reverification | config.use_case_key and additional_context.previous_reference_id | selfieReverification |
Captures a government-issued ID and a selfie. Set document_type to skip the document-selection screen, or omit it to let the consumer choose.
// ...excerpt of the full request body — data.individual shown
"individual": {
"given_name": "John",
"family_name": "Smith",
"phone_number": "+19998887777",
"address": { "country": "US" },
"docv": {
"config": {
"document_type": "license",
"language": "en-us"
}
}
}The result enrichment object varies by flow:
The final decision payload nests the DocV result under a flow-specific key —
documentVerification,secondaryDocument,selfieIntelligence, orselfieReverification. Parse the object that matches the flow you ran. See Receive DocV Results.
Request fields
Minimum required for DocV: given_name, family_name, phone_number (E.164), and address.country. Add date_of_birth, email, and the remaining address fields for the highest match accuracy.
Top-level fields (path: root request object)
| Field | Type | Required | Description |
|---|---|---|---|
id | String | Required | Customer-defined unique identifier for the request. Must be unique per evaluation — reusing an ID causes RiskOS™ to treat the request as a re-run and can affect results. |
timestamp | String <Date-Time> | Required | RFC 3339 timestamp indicating when the evaluation request was initiated. |
workflow | String | Required | Environment-specific workflow identifier from RiskOS™. Must identify a single active workflow. |
data.ip_address | String | Optional | Client IP address (IPv4/IPv6). Used for device intelligence. |
Individual fields (path: data.individual)
| Field | Type | Required | Description |
|---|---|---|---|
given_name | String | Required | Consumer's first/given name. |
family_name | String | Required | Consumer's last/family name. |
date_of_birth | String | Optional | Date of birth in ISO 8601 format (YYYY-MM-DD). |
phone_number | String | Required | Phone number. The API expects E.164 format but tolerates hyphens and spaces. |
email | String | Optional | Consumer's email address. |
additional_context | Object | Optional | Passes additional data required by specific Socure products. See Additional context fields. |
Address fields (path: data.individual.address)
| Field | Type | Required | Description |
|---|---|---|---|
line_1 | String | Optional | The first line of the consumer's address. |
line_2 | String | Optional | An optional second line, such as apartment or suite number. |
locality | String | Optional | City, town, or village where the consumer resides. |
major_admin_division | String | Optional | State, province, or region (ISO 3166-2). |
postal_code | String | Optional | ZIP, postal code, or equivalent regional identifier. |
country | String | Required | Country in ISO 3166-1 alpha-2 country code format. |
Predictive DocV fields (path: data.individual.docv)
DocV behavior is configured server-side through the docv object and its nested config object. All fields are optional or conditional:
| Field | Type | Required | Description |
|---|---|---|---|
transaction_token | String | Conditional | Transaction token from the Document Request API response (v5). Use this if integrated with Socure's DocV solution. |
config | Object | Optional | Configuration options controlling Capture App behavior and the document verification flow. |
config.document_type | String (license | passport) | Optional | Restrict capture to a single type to skip the document selection screen. |
config.use_case_key | String | Optional | Deploy a specific Capture App flow. Defaults to your account's default flow. |
config.send_message | Boolean | Optional | Set to true to send the consumer an SMS with the document request URL. Defaults to false. Sent from short code 33436 in the US & Canada; from +1 (510) 330-19xx in other countries. |
config.language | String | Optional | Capture App UI language. Defaults to en-us. |
config.redirect.url | String (URL) | Conditional | Destination URL the Capture App sends the consumer to after capture completes or is canceled. Required if redirect is provided. |
config.redirect.method | String (GET | POST) | Conditional | HTTP method for the redirect. Required if redirect is provided. |
config.transaction_token | String | Conditional | Used primarily in Sandbox testing to indicate the expected decision outcome. Required when simulating test results. See Test Your Integration. |
Additional context fields (path: data.individual.additional_context)
The additional_context object passes extra data required by specific Socure products and flows:
| Field | Type | Required | Description |
|---|---|---|---|
driver_license | String | Optional | Driver's license number. |
driver_license_state | String | Optional | Two-letter issuing state code. |
previous_reference_id | String (UUID) | Conditional | Reference to a prior evaluation. Required when using the Selfie Reverification enrichment. |
Note:
For the complete field schema, see the Evaluation API Reference.
Step 2: Handle the paused response
When the workflow reaches the Document Request step, RiskOS™ pauses the evaluation and returns decision: "REVIEW", status: "ON_HOLD", and eval_status: "evaluation_paused". The docvTransactionToken is returned inside data_enrichments, under the SocureDocRequest enrichment.
This response is non-terminal:
The
REVIEWdecision is not the final outcome — the evaluation resumes automatically after capture and resolves toACCEPTorREJECT. Do not route the consumer on this response.
{
"id": "APP-123456",
"workflow": "consumer_onboarding",
"eval_id": "d48bcc0e-ab3c-43a4-b03e-67208458ec62",
"decision": "REVIEW",
"status": "ON_HOLD",
"eval_status": "evaluation_paused",
"data_enrichments": [
{
"enrichment_provider": "SocureDocRequest",
"status_code": 200,
"response": {
"data": {
"docvTransactionToken": "1e89eec0-f7a3-4210-b74b-a76bc9556c50"
},
"referenceId": "3639f9ad-e1fe-4e3e-9202-18faf20ace56"
}
}
]
}These fields confirm the workflow is waiting for capture:
| Field | Value | Meaning |
|---|---|---|
eval_id | UUID | The evaluation identifier. Persist this — you need it to correlate the result webhook. |
decision | REVIEW | The workflow is paused, not finished. Do not treat this as a final decision. |
status | ON_HOLD | The evaluation is held, waiting for the consumer to complete capture. |
eval_status | evaluation_paused | Confirms the pause at the Document Request step. |
The launch asset for the SDK path is the docvTransactionToken:
| Field | Location | Description |
|---|---|---|
docvTransactionToken | data_enrichments[n].response.data (SocureDocRequest) | Pass this to the SDK with your SDK key to start capture. |
Persist the launch asset and the
eval_id:Store the
eval_idin your backend to match the result webhook to this evaluation. Also store thedocvTransactionTokento launch capture. For tracking and reconciliation, persistid,eval_id,decision,status,eval_status, andworkflow.
Step 3: Launch the SDK
For consumers capturing on a device with a camera — most mobile and web onboarding flows — embed a DocV SDK. Socure offers native SDKs for iOS, Android, and React Native, plus a Web SDK for browser-based flows. Each renders Socure's built-in capture UI, guides the consumer through document and selfie capture, and handles image upload. RiskOS™ then resumes the paused evaluation automatically.
At launch, pass the SDK two values:
docvTransactionToken— from the evaluation response (data_enrichments[n].response.data.docvTransactionToken).- Your SDK key — from the RiskOS™ Dashboard.
For installation, initialization, platform-specific setup, supported devices, and the full launch API for each platform, see the DocV SDK documentation.
The SDK does not return a decision:
The SDK is a client-side handoff step only. Your backend still creates the evaluation and receives the final decision by webhook. Once capture launches, the consumer completes it without further backend interaction — RiskOS™ automatically resumes the paused evaluation when capture finishes or the session expires.
Step 4: Receive the result
Once capture finishes, RiskOS™ resumes the evaluation and delivers the final ACCEPT, REVIEW, or REJECT decision through the evaluation_completed webhook. You can also retrieve the result with a GET request using the eval_id you persisted in Step 2.
For the webhook payload, the enrichment objects returned per flow type, and how to retrieve results, see Receive DocV Results.
Retry behavior
Document Verification runs once per evaluation. If the capture session does not reach SESSION_COMPLETE — it expires, the consumer declines consent, or DocV returns reject or resubmit — the evaluation resolves to REJECT. To retry Document Verification, create a new evaluation.
Error handling
If the API returns an HTTP error (4xx or 5xx), handle it before processing any evaluation logic:
| Status code | Meaning | What to do |
|---|---|---|
400 | Bad request — missing or invalid fields | Check the request body against the required fields above. |
401 | Unauthorized — invalid or missing API key | Verify your Authorization header and that the key matches the environment. |
404 | Not found — invalid eval_id or endpoint | Confirm the eval_id and endpoint URL. |
429 | Rate limited | Back off and retry after the Retry-After header value. |
500 | Internal server error | Retry with exponential backoff (max three attempts). |
For the full error schema and all error codes, see the Errors Reference.
Troubleshooting
SDK fails to start or returns "launch failed"
Invalid or expired docvTransactionToken
- Initialize the SDK with a current, unused token.
- Regenerate a new token if the previous one expired, you consumed it, or you invalidated it. A token from a completed or expired evaluation can't be reused — create a new evaluation.
Network or firewall restrictions
- The SDK must reach Socure backend services over HTTPS. Review corporate firewall and proxy rules to allow outbound HTTPS traffic.
- Ask the consumer to temporarily disable ad-blockers, VPNs, or content filters that might block SDK scripts or domains.
FAQs
Does the Android SDK support 16 KB memory page size requirements?
Yes. The Android SDK supports 16 KB page sizes starting with v5.1.1. If you're on an older version, upgrade to v5.1.1 or later to maintain compliance with Google's latest requirements.
Do the SDKs validate images at capture time?
Yes. The DocV SDKs guide consumers and apply immediate quality checks — framing, glare, blur, and document presence — before submitting images to backend verification. Consumers may be prompted to retake an image to improve quality, which reduces downstream failures and abandonment.
Related
Updated about 2 hours ago