Hosted Flow

Overview

The Hosted Flow lifecycle allows your platform to initiate a verification session, redirect the user to a Socure-hosted experience, and receive a final decision via webhook.

Your application does not collect identity data directly. RiskOS™ manages the full verification experience and returns control to your redirect_uri after the user completes the flow.

During the hosted experience, RiskOS™ orchestrates KYC, Fraud, Watchlist, and conditional step-up Document Verification when additional verification is required.

End-to-end flow

Create Hosted Flow session (POST /api/evaluation).
Receive response with redirect URL and initial evaluation state.
Redirect user to Hosted Flow.
RiskOS™ collects identity data, including phone number and date of birth.
RiskOS™ runs KYC, Fraud, and Watchlist screening.
If no additional verification is required, the evaluation resumes and completes after the hosted flow.
If additional verification is required, RiskOS™ triggers Predictive Document Verification (DocV), pauses the evaluation, and delivers the final decision asynchronously via webhook (evaluation_completed, data.decision).
(Optional) User redirected to redirect_uri.

sequenceDiagram
    autonumber
    participant User as End User
    participant App as Your Platform
    participant Socure as Socure

    User->>App: Start onboarding
    App->>Socure: POST /api/evaluation with workflow + redirect_uri
    Socure-->>App: REVIEW decision + hosted redirect_uri
    App-->>User: Redirect to Socure hosted experience

    User->>Socure: Complete hosted flow (PII, KYC, Watchlist)

    alt DocV Step-Up required
        Socure-->>User: Prompt for document capture + selfie
        User->>Socure: Submit document images and selfie
    end

    Socure->>Socure: Process evaluation
    User-->>App: Redirect back to redirect_uri

    activate Socure
    Socure-->>App: Webhook: evaluation_completed (ACCEPT / REJECT)
    deactivate Socure

    App-->>User: Show onboarding result

Evaluation processing

During the Hosted Flow, RiskOS™ orchestrates multiple products and verification steps:

KYC

Verifies identity against trusted data providers.

Fraud detection

Evaluates behavioral and device risk signals.

Watchlist screening

Screens against global sanctions, PEP, and adverse media lists.

DocV step-up

Triggers document verification when risk thresholds are met.

Key behaviors

Behavior	Detail
Decision delivery	Final decisions are delivered asynchronously via `evaluation_completed` webhook. The initial `POST` response contains a `REVIEW` decision and `redirect_uri`.
DocV step-up	If additional verification is required, users are prompted to capture a government-issued ID and selfie within the hosted experience.
Redirect	After the hosted flow completes, the user is redirected to your `redirect_uri`. The redirect indicates UX completion, not the final decision.

How document verification works

If additional verification is required during the hosted flow, RiskOS™ triggers Predictive Document Verification (DocV).

Users may be asked to:

Capture a government-issued ID
Take a biometric selfie
Complete liveness verification

Final decisions are delivered asynchronously via webhook. You must configure a webhook endpoint to receive evaluation_completed events.

Next steps

Start a new evaluation

Create a Hosted Flow session and launch the onboarding experience.

Handle results

Process webhook events and route users based on the final decision.

Updated about 11 hours ago