Integrating with RiskOS™
Learn how to integrate RiskOS™ workflows into your application, with detailed examples and configuration support.
RiskOS™ is Socure's real-time identity and risk decisioning platform. It connects your applications to Socure's products using REST APIs and webhooks, enabling you to evaluate users, detect fraud, and automate compliance decisions in real time.
What you can do with RiskOS™
Submit evaluation requests with user or transaction data to trigger real-time workflows.
Receive structured risk insights and decision outcomes: ACCEPT, REJECT, REVIEW, or RESUBMIT.
Subscribe to webhook events for completed evaluations, case updates, and watchlist changes.
How it works
flowchart LR
EndUser[Consumer]
Customer["Your Application"]
RiskOS["RiskOS™ Platform"]
EndUser -->|Initiates Action| Customer
Customer -->|Sends Data / Request| RiskOS
RiskOS -->|Returns Decision / Response| Customer
Customer -->|Delivers Result| EndUser
Your application sends a POST request to the Evaluation API with user data and a workflow name. RiskOS™ runs the workflow in real time and returns a JSON response containing a decision, risk scores, reason codes, and enrichment data.
Some workflows include asynchronous steps such as Document Verification (DocV) or One-Time Passcode (OTP) validation. In these cases, the evaluation pauses and resumes when the user completes the required action. You receive the final result through a webhook or by polling with a GET request.
Before you start
Confirm you have the following:
Step 1: Set up your environment
Choose your environment
Start with Sandbox for development and testing, then move to Production for live traffic.
| Environment | Base URL | Notes |
|---|---|---|
| Sandbox | https://riskos.sandbox.socure.com/api/evaluation | No real customer data. Free testing environment. |
| Production | https://riskos.socure.com/api/evaluation | Real customer data. API usage charges apply. |
Get your API key
- Log in to the RiskOS™ Dashboard for your environment:
- Go to Developer Workbench > API Keys.
- Copy your API key and store it securely.
(Optional) Configure IP allowlisting
Note:
IP allowlisting restricts which IPs can call the API. It is separate from your API key, which authenticates the caller. See the IP Filtering guide for details.
- Go to Developer Workbench > IP Filtering (Sandbox | Production).
- Add your IP addresses or domains, separated by commas, in the Domain Name field.
- Test access after configuration.
Step 2: Build a workflow
Workflows are automated decision strategies built visually in the RiskOS™ Dashboard using the Workflow Builder. Once published, a workflow runs when your application calls the Evaluation endpoint.
A typical workflow includes these step types:
| Step type | Purpose |
|---|---|
| Input | Collects applicant data |
| Enrichment | Pulls additional data from Socure products or third-party APIs |
| Condition | Applies logic to determine workflow branching |
| Decision | Finalizes the outcome (accept, reject, or route for manual review) |
Tip:
RiskOS™ provides pre-built workflow templates for common use cases. See the Integration Guides to get started.
Step 3: Send your first evaluation
Authentication and headers
Include your API key as a Bearer token and standard JSON headers:
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Accept: application/json
X-API-Version: 2025-01-01.orion # optional – pins a specific API versionExample request
curl -X POST https://riskos.sandbox.socure.com/api/evaluation \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{
"id": "onb-12345",
"timestamp": "2023-12-01T08:15:30.456Z",
"workflow": "consumer_onboarding",
"data": {
"individual": {
"id": "ind-9876543",
"given_name": "Jane",
"family_name": "Smith",
"national_id": "123456789",
"date_of_birth": "1990-05-15",
"email": "[email protected]",
"phone_number": "+1-312-555-1234",
"address": {
"line_1": "742 Evergreen Terrace",
"line_2": "Apt 12B",
"locality": "Springfield",
"major_admin_division": "IL",
"country": "US",
"postal_code": "62704"
},
"di_session_token": "eyJ0eXAiOiJKV1QiLCJhbGc..."
}
}
}'{
"id": "onb-12345",
"timestamp": "2023-12-01T08:15:30.456Z",
"workflow": "consumer_onboarding",
"data": {
"individual": {
"id": "ind-9876543",
"given_name": "Jane",
"family_name": "Smith",
"national_id": "123456789",
"date_of_birth": "1990-05-15",
"email": "[email protected]",
"phone_number": "+1-312-555-1234",
"address": {
"line_1": "742 Evergreen Terrace",
"line_2": "Apt 12B",
"locality": "Springfield",
"major_admin_division": "IL",
"country": "US",
"postal_code": "62704"
},
"di_session_token": "eyJ0eXAiOiJKV1QiLCJhbGc..."
}
}
}Request fields
| Field | Type | Required | Description |
|---|---|---|---|
id | String | Yes | Your unique identifier for this evaluation request |
timestamp | String | Yes | ISO 8601 timestamp when the request was initiated |
workflow | String | Yes | Name of the published workflow in your RiskOS™ Dashboard |
data | Object | Yes | Payload containing individual and contextual information |
data.individual | Object | Yes | Applicant information: name, identifiers, contact data, and address |
data.individual.di_session_token | String | No | Digital Intelligence session token for device fingerprinting |
Step 4: Handle the response
The response you receive depends on whether your workflow is synchronous (all steps complete inline) or asynchronous (contains steps that pause for user action).
Synchronous workflows return a final decision immediately. This is the typical flow for identity verification, fraud screening, and risk scoring without user interaction steps.
Response: HTTP 200 with the complete evaluation result.
{
"id": "onb-12345",
"eval_id": "6dc8f39c-ecc3-4fe0-9283-fc8e5f99e816",
"workflow": "consumer_onboarding",
"eval_status": "evaluation_completed",
"decision": "REJECT",
"status": "CLOSED",
"sub_status": "Reject",
"workflow_id": "472288ff-b3a8-4e69-89dd-069d5e2bcb41",
"workflow_version": "3.7.0",
"eval_source": "API",
"eval_start_time": "2024-12-02T10:28:24.456Z",
"eval_end_time": "2024-12-02T10:29:10.999Z",
"score": 146,
"tags": ["High Risk", "Bad Device"],
"review_queues": ["business_review"],
"data_enrichments": [
{
"enrichment_name": "Socure Address risk",
"enrichment_provider": "Socure",
"status_code": 200,
"request": { ... },
"response": {
"addressRisk": {
"reasonCodes": ["I704", "I705", "I708"],
"score": 0.01
},
"referenceId": "4ca693ee-af2a-45ef-9688-834683ac1b34"
}
}
],
"environment_name": "Sandbox"
}Response field reference
These tables describe the fields returned in every evaluation response. They apply to both synchronous and asynchronous flows.
Top-level fields
| Field | Type | Description |
|---|---|---|
id | String | Your original request id, echoed back |
eval_id | String (UUID) | RiskOS™-generated identifier for this evaluation. Use it for GET and PATCH follow-up requests. |
workflow | String | Workflow name that processed the evaluation |
workflow_id | String (UUID) | Internal workflow configuration identifier |
workflow_version | String | Version of the workflow used |
eval_source | String | How the evaluation was submitted (for example, "API") |
eval_start_time | String (RFC 3339) | When evaluation processing began |
eval_end_time | String (RFC 3339) | When evaluation processing completed |
decision | String | Final decision: ACCEPT, REJECT, REVIEW, or RESUBMIT |
decision_at | String (RFC 3339) | When the decision was rendered |
status | String | Case lifecycle status: OPEN, ON_HOLD, or CLOSED |
sub_status | String | Additional context for the status |
tags | Array of Strings | Risk or categorization labels |
notes | String | Freeform notes about the case |
review_queues | Array of Strings | Manual review queues assigned to the case |
score | Number | Computed numerical risk score |
data_enrichments | Array of Objects | All enrichment calls executed and their results (see below) |
eval_status | String | Processing status: evaluation_completed or evaluation_paused |
environment_name | String | Sandbox or Production |
data_enrichments fields
data_enrichments fieldsEach object in the data_enrichments array represents one enrichment call:
| Field | Type | Description |
|---|---|---|
enrichment_name | String | Name of the enrichment service executed |
enrichment_endpoint | String | URL endpoint called for this enrichment |
enrichment_provider | String | Vendor providing the enrichment |
status_code | Integer | HTTP status code from the enrichment call |
request | Object | Payload sent to the enrichment provider |
response | Object | Data returned by the enrichment provider |
error_message | String | Error description (present only on failure) |
is_source_cache | Boolean | Whether the result was served from cache |
total_attempts | Integer | Number of retry attempts before success or failure |
Enrichment response objects
The response object within each enrichment varies by product. See the integration guide for each enrichment:
| Response field | Enrichment | Guide |
|---|---|---|
addressRisk | Address Risk | Address Risk integration guide |
emailRisk | Email Risk | Email Risk integration guide |
phoneRisk | Phone Risk | Phone Risk integration guide |
fraud | Sigma Identity Fraud | Sigma Identity Fraud integration guide |
synthetic | Sigma Synthetic Fraud | Sigma Synthetic Fraud integration guide |
digitalIntelligence | Digital Intelligence | Digital Intelligence data dictionary |
documentVerification | Predictive DocV | DocV evaluation API call |
graphIntelligence | Graph Intelligence | Graph Intelligence |
Step 5: Handle manual review cases
When a workflow cannot reach an automatic decision, it returns "decision": "REVIEW" and routes the case to Case Management for human review.
Common triggers for manual review:
| Trigger | Example |
|---|---|
| Risk score threshold | Fraud, synthetic, or phone/email risk scores exceed a configured limit |
| Multiple risk signals | Uncorrelated PII, incorrect SSN, or conflicting data |
| Watchlist match | Applicant matches OFAC, PEP, or sanctions list |
| Document verification issue | Ambiguous or failed DocV results |
| Custom rule | A user-defined condition was not met for automatic decision |
Webhooks
RiskOS™ sends HTTPS POST requests to your configured endpoints when subscribed events occur, such as completed evaluations, case updates, or watchlist changes. Webhooks support Basic, Bearer, and OAuth 2.0 authentication with built-in retry logic.
Configure webhook endpoints and event subscriptions in the RiskOS™ Dashboard. See the Webhooks guide and Event subscription types for details.
Troubleshooting
| Issue | Cause | Fix |
|---|---|---|
401 Unauthorized | API key is missing, invalid, or does not match the environment (Sandbox vs. Production) | Verify you are using the correct API key for the target environment. Confirm your account has the required permissions. |
| Workflow not executing | The workflow is not published, contains errors, or the wrong workflow name is referenced | Confirm the workflow is saved without errors and set to LIVE status. Verify the workflow value in your request matches the Dashboard. |
400 Bad Request | Required fields are missing or incorrectly formatted | Confirm all required fields (id, timestamp, workflow, data.individual) are present and correctly formatted. |
| Request blocked | Your IP address is not on the allowlist or a firewall blocks outbound traffic | Verify your IP is allowlisted (if configured). Check for network restrictions blocking the Socure API endpoints. |
| Webhook not received | Endpoint is misconfigured, unreachable, or cannot process the payload | Confirm webhook endpoints are correctly configured. Test event delivery and review logs for failures. |
| Unexpected results in Production | Integration was not validated in Sandbox before going live | Use Sandbox with test data to validate all flows before switching to Production. |
| Persistent errors | Issue remains after basic troubleshooting | Contact Socure Support with error messages, request id, eval_id, and logs. |
Validation checklist
/api/evaluationAuthorization header includes a valid Bearer API key with standard JSON headersid, timestamp, workflow, and data.individualworkflow name matches an active, published workflow in the RiskOS™ Dashboardline_of_business, channel, ip_address)decision, status, sub_status, eval_id, data_enrichmentsACCEPT / REJECT / REVIEW)GET /api/evaluation/<eval_id>id, eval_id) for troubleshootingNext steps
Updated 4 days ago