Hosted Flows Troubleshooting & FAQs

A Hosted Flow is a configurable, Socure-hosted end-user experience that allows customers to collect identity and fraud-related information from applicants directly within RiskOS™ workflows.
It supports flexible branding, customizable pages, and seamless integration into customer applications.

Hosted Flows are available to all RiskOS™ customers. Configuration options such as creating and editing themes or customizing page layouts are available to users with the Developer role.

A theme defines the visual style of a Hosted Flow, including branding elements (colors, logo), typography, and UI component styles (buttons, inputs, links).

Yes. Every new RiskOS™ account comes with a default Socure theme in Sandbox.

Developers can create, duplicate, edit, and delete themes. When creating a theme, they must provide a unique name and can upload a logo or extract branding from a web URL.

Themes can configure branding (colors, logo), text (font, size, alignment), buttons (styles, states), and input fields (colors, borders, radius).

You can preview theme updates on four default page types: Consent Page, One Time Passcode (OTP), Basic PII Form, and Advanced PII Form. Changes are reflected immediately in preview mode.

• Save stores updates in Sandbox.
• Publish pushes changes to Production, making them visible to end-users. A warning will appear before publishing to confirm the impact.

Page Builder allows you to design and customize the layout of Hosted Flow pages, including the order and arrangement of components.

You can use pre-configured PII fields (name, email, phone, etc.), native UX components (text, dropdowns, date picker, checkbox, radio list, etc.), and branding elements such as images or spacers.

Yes. For each input, you can define copy, error messages, masking rules, and whether the field is required.

Pre-configured PII fields are auto-mapped to RiskOS™ schema (e.g., First Name → updated_data.individual.given_name).
Any additional input fields must be manually mapped to valid schema fields.

RiskOS™ will show a validation error if a field is mapped to the wrong schema type.

Yes. While a workflow has a default theme, you can override theme elements at a page level.

Yes. You can add translations for any copy or error messages. RiskOS™ will auto-populate defaults when a new language is enabled.

Yes. RiskOS™ comes with pre-configured active workflows such as:

• Consumer Onboarding with/without DocV
• Advanced Prefill Consumer Onboarding

These can be previewed and used as a starting point.

It is a workflow step that pauses the RiskOS™ workflow while awaiting user input in a Hosted Flow. Once input is captured, the workflow resumes.

RiskOS™ maintains session state. If the session hasn't expired, the user can resume from where they left off.

Yes. You can export reports showing which steps were completed and where users dropped off.

RiskOS™ automatically validates your workflow configuration. If a condition or transformation function references a field tied to an Async UX Wait Step (e.g., updated_data.individual.national_id), but no upstream UX page in the workflow has been configured to capture that input, RiskOS™ will detect the issue and flag it as an error.

This ensures workflows remain logically consistent and prevents runtime errors where business rules or conditions depend on end-user data that was never collected.

You must either:

1. Add the required field to the appropriate UX page in Page Builder, or
2. Remove or update the condition/transformation so it only references fields that are actually being collected.

This validation helps ensure smoother end-user experiences and reduces troubleshooting time during deployment.

Developers initiate a workflow using the RiskOS™ API with a Bearer token and workflow identifier. The API returns a unique, time-limited redirect URI for the Hosted Flow.

At the end of a Hosted Flow (completion or abandonment), users are redirected to a customer-specified URI. Custom query parameters can also be appended.

Yes. RiskOS™ sends webhook events when a Hosted Flow is completed or abandoned. You can also query workflow status at any time via API.

Yes. RiskOS™ allows you to configure which fields should be appended as query parameters to your redirect_uri. This ensures your application receives the exact information it needs when the user returns from the Hosted Flow.

When you initiate a workflow, you provide your custom redirect_uri. For example:

https://www.xyz.com/verify/socure/result/?state=33234

If you configure RiskOS™ to append eval_id and user_consent, the final redirect URI would be:

https://www.xyz.com/verify/socure/result/?state=33234&eval_id=38e11d56-8a12-4c14-a828-ea404df8d84b&user_consent=true

You can specify standard fields such as:

• eval_id (the workflow evaluation identifier)
• user_consent (whether end-user consent was captured)
• Other relevant workflow fields as required

This flexibility ensures Hosted Flows integrate seamlessly with your application logic.

End-users see the configured Hosted Flow with your branding, optimized for their device. All validation messages are clear and user-friendly.

End-users are redirected back to the host application using the redirect URI configured during workflow initiation.

Yes. Hosted Flows follow responsive design principles for optimal performance across devices and browsers.

Hosted Flows are monitored for availability, have disaster recovery support, and log all key actions (including user consent).