Start a New Evaluation
Use the Direct API to collect identity data, verify users, and screen against global watchlists with full control over your onboarding experience.
Before you start
riskos.sandbox.socure.com for all requests.evaluation_completed events for asynchronous decisions.Test with Postman
Use this Postman collection to send sample requests to the Evaluation API and validate your Direct API integration in Sandbox.
Step 1: Set up the Digital Intelligence session token
Before submitting an evaluation, generate a device-specific di_session_token. This short-lived token helps verify device integrity and is required for certain RiskOS™ evaluations.
Install the Digital Intelligence SDK
Add the Digital Intelligence Web SDK to your project using npm:
npm install --save @socure-inc/device-risk-sdkInitialize the SDK once per session
Mount the SocureInit component in a high-level file (such as layout.tsx) to initialize the SDK once per session. This prevents redundant re-initialization during navigation.
"use client";
import { useEffect, useRef } from "react";
import { SigmaDeviceManager, SigmaDeviceOptions } from "@socure-inc/device-risk-sdk";
export function SocureInit() {
const initializedRef = useRef(false);
useEffect(() => {
if (initializedRef.current) return;
const sdkKey = process.env.NEXT_PUBLIC_SOCURE_SDK_KEY;
if (sdkKey) {
SigmaDeviceManager.initialize({ sdkKey } as SigmaDeviceOptions);
initializedRef.current = true;
}
}, []);
return null;
}Generate a session token
Immediately before submitting a form to your backend, call getSessionToken(). Include the resulting string in your API request payload as the di_session_token field.
// Call this inside your form submission handler
export async function getSessionToken() {
return SigmaDeviceManager.getSessionToken();
}Step 2: Collect and submit identity data
Use the Consumer Onboarding workflow to verify PII while minimizing user friction.
Collect required input
Your application must collect the required fields before initiating the workflow. Validate the following client-side before submission:
Minimum required
given_namefamily_nameaddress.countrydi_session_token(must be generated from the active Digital Intelligence session)- Plus at least one of:
date_of_birthphone_number- Address fields (for example,
address.line_1,address.locality, etc.)
Recommended (highest match accuracy)
Include all minimum required fields in addition to the fields below.
date_of_birth(must be inYYYY-MM-DDformat)phone_number(must be in E.164 format)emailaddress.line_1address.locality(city)address.major_admin_division(region/state)address.postal_codenational_id(e.g., SSN)
Tip:
Adding additional personally identifiable information (PII) can improve match accuracy.
Step 3: Create an evaluation
Make a POST request to the Evaluation endpoint using the Consumer Onboarding workflow. This request starts the evaluation using the identity data collected in your application.
Endpoint
Start with Sandbox for development and testing, then move to Production for live applications.
POST https://riskos.sandbox.socure.com/api/evaluationPOST https://riskos.socure.com/api/evaluationMinimum working request
curl --request POST \
--url https://riskos.socure.com/api/evaluation \
--header "Authorization: Bearer YOUR_API_KEY" \
--header "Content-Type: application/json" \
--data '{
"id": "fb428165-6a1c-4d36-afbc-c8a946c1287d",
"timestamp": "2026-02-17T14:22:06.628Z",
"workflow": "consumer_onboarding",
"data": {
"individual": {
"given_name": "Stanley",
"family_name": "Brown",
"date_of_birth": "1944-03-30",
"address": {
"country": "US"
},
"di_session_token": "fadsadfassdjhbwf-2232-dsdwd2-212e235"
}
}
}'{
"id": "fb428165-6a1c-4d36-afbc-c8a946c1287d",
"timestamp": "2026-02-17T14:22:06.628Z",
"workflow": "consumer_onboarding",
"data": {
"individual": {
"given_name": "Stanley",
"family_name": "Brown",
"date_of_birth": "1944-03-30",
"address": {
"country": "US"
},
"di_session_token": "fadsadfassdjhbwf-2232-dsdwd2-212e235"
}
}
}Field definitions
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
id | String | Required | Unique identifier for the evaluation. Must be unique per request; reused IDs trigger re-runs and may affect downstream behavior. | "fb428165-6a1c-4d36-afbc-c8a946c1287d" |
timestamp | String <Date-Time> | Required | RFC 3339 timestamp when the evaluation was initiated. | "2026-02-17T14:22:06.628Z" |
workflow | String | Required | Environment-specific workflow identifier configured in RiskOS™. Must map to a single active workflow. | "KYC & Watchlist Screening: Direct API Integration" |
data.individual.id | String | Optional | Internal or external user identifier mapped to enrichments (userId). | "ID-f04426be-bad6-41ec-a154-00fd9ce6ee19" |
data.individual.given_name | String | Required | Consumer’s first name (max 240 characters). | "Stanley" |
data.individual.family_name | String | Required | Consumer’s last name (max 240 characters). | "Brown" |
data.individual.email | String | Required | Valid email address. | "[email protected]" |
data.individual.phone_number | String | Required | Phone number in E.164 format. | "+15012345677" |
data.individual.national_id | String | Required | National identifier (e.g., SSN, SIN). | "666478381" |
data.individual.date_of_birth | String | Required | Date of birth in YYYY-MM-DD format. | "1944-03-30" |
data.individual.di_session_token | String (UUID) | Required | Digital Intelligence session token linking device data. | "8ceed175-37ae-4eb4-9ee5-b7fc5d7c1799" |
data.individual.address.line_1 | String | Optional | Address line 1. | "6383 Brown Avenue" |
data.individual.address.line_2 | String | Optional | Address line 2 (apt, suite, etc.). | "" |
data.individual.address.locality | String | Optional | City or locality. | "Springfield" |
data.individual.address.major_admin_division | String | Optional | State or region. | "NY" |
data.individual.address.country | String | Required | Country (ISO 3166-1 alpha-2). | "US" |
data.individual.address.postal_code | String | Optional | ZIP or postal code. | "10552" |
Optional: Document Verification
The following fields are nested under data.individual.config. Use these optional fields to customize document verification behavior.
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
send_message | Boolean | Optional | Set to true to send an SMS to the provided phone number with the document request URL. Defaults to false.- US & Canada: sent from short code 33436 - Other countries: sent from +1 (510) 330-19xx | true |
language | String | Optional | Determines Capture App UI language. Defaults to en-us. | en-us |
use_case_key | String | Optional | Deploys a specific Capture App flow created in RiskOS™. | default_docv_flow |
document_type | String (Enum: license | passport) | Optional | Restrict the flow to a single document type. When provided, users skip the document type selection screen. | passport |
redirect.url | String (URL) | Conditional | Destination URL to send the consumer after capture. Required if redirect is provided. Can include query strings for transaction tracking. | https://example.com/complete |
redirect.method | String (Enum: GET | POST) | Conditional | HTTP method used for the redirect. Required if redirect is provided. | POST |
Step 4: Continue based on the response
After you create an evaluation, RiskOS™ returns a response that determines the next step in your flow.
Use decision, sub_status, and tags to determine whether to:
- Accept the user
- Stop the flow
- Collect additional identity data
- Continue with additional verification
For response handling patterns and routing logic, see Handle Results.
Updated about 13 hours ago