Integration Guide
Learn how to call the RiskOS™ Evaluation API for identity enrichment with Basic or Advanced Prefill.
Socure Prefill API integration guide
This guide walks you through how to integrate with Socure’s /api/evaluation endpoint using the Prefill enrichment. You’ll learn how to send minimal identity data, parse the response, and apply the results to streamline onboarding, back-office operations, and global enrichment workflows.
Before you start
Make sure your RiskOS™ environment is provisioned with:
A workflow configured for the Prefill enrichment.
Regional support coverage for the Prefills enrichment.
Postman Collection
The following Postman collection can be used to test the Prefill enrichment with the Evaluation endpoint.
How it works
- Send a
POSTrequest to/api/evaluationwith identity data. - Socure runs the request through your configured RiskOS™ workflow with Prefill enrichment.
- Receive either enriched identity data (full name, DOB, address, etc.) or an empty object.
- Use the returned data to auto-populate forms and accelerate your workflow.
Choose your environment
Start with Sandbox for development and testing, then move to Production for live applications.
https://riskos.sandbox.socure.com/api/evaluation- No real customer data
- Free testing environment
- Unlimited API calls
Get an API key
- In the Sandbox RiskOS™ Dashboard, go to Developer Workbench > API Keys.
- Copy your API key securely.
Input signals
| Field | Type | Description | Example |
|---|---|---|---|
phone_number | String | Consumer's phone number in E.164 format (with country code) | "+1-415-555-1234" |
email | String | Consumer's email address. | "[email protected]" |
date_of_birth | String | Consumer's date of birth in ISO 8601 format (YYYY-MM-DD). | "1990-05-20" |
address | Object | Consumer's physical address (full or partial). | {"line_1": "123 Main St", "locality": "SF", "postal_code": "94105"} |
national_id | String | Consumer's government-issued ID (last 4 SSN for U.S., full ID for others). | "4987" |
Note :
One or a combination of the above input signals must be provided. Additional PII is required when only the last 4 digits of SSN are used as input. In International market, name, phone number + DOB is supported.
Resolution rules
- If all signals align → return best-matched identity (full name, DOB, address, etc.)
- If signals conflict, are incomplete, or have low confidence → return
{}(empty object) - If signals resemble a synthetic or fraudulent identity → return
{} - Prefill never returns partial or ambiguous matches
This ensures Prefill only returns data when inputs resolve with high confidence to one SocureID.
Matching logic flow
- Conflicting signals → no match →
{} - Synthetic identity detected → no trust →
{} - Match confirmed → one SocureID → identity data returned
Prefill guarantees clear outcomes only — never partial, guessed, or inconsistent responses.
Common integration patterns
The table below outlines common integration patterns for Socure Prefill across different markets and use cases.
| Example | Required Inputs | Response Returned | Markets supported |
|---|---|---|---|
| Example 1 | Name + National ID + Phone Number | DOB, Address, Email | US |
| Example 2 | Name + Last 4 of SSN + Phone | DOB, Address, Email | US |
| Example 3 | Email + Phone number + Last 4 of SSN | Name, Address | US |
| Example 4 | Phone number + DOB | Name, Address, Email, National ID (in US) | US and International |
Note:
Get in touch with your account support rep to set up Prefill enrichment using other inputs.
Example frontend input form (mapped to /api/evaluation payload)
/api/evaluation payload)This example screen shows how a mobile app might capture minimal user information, then use Prefill to auto-complete additional PII during onboarding using a RiskOS™ /api/evaluation request.
See the Advanced Prefill solution guide for more details on setting up OTP and incorporating device risk signals. Note that additional consent language is required from customer.
Each field maps to required parameters in the data.individual object:
- Email →
email - Date of Birth →
date_of_birth - Phone Number →
phone_number
You can configure which fields are required per workflow by adjusting module-level match logic in RiskOS™.
Start a new evaluation
Endpoint
POST https://riskos.sandbox.socure.com/api/evaluationPOST https://riskos.socure.com/api/evaluationAuthentication and headers
Include your API key in the Authorization header as a Bearer token, along with standard JSON headers:
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Accept: application/json
X-API-Version: 2025-01-01.orion # optional – pins a specific API versionExample request
{
"id": "prefill_test_case_01_Name_Phoneno_4SSN",
"timestamp": "2025-11-25T20:50:21.000Z",
"workflow": "individual_onboarding",
"data": {
"modules": [
"prefill"
],
"line_of_business": "onboarding",
"channel": "mobile",
"individual": {
"given_name": "Sarah",
"family_name": "Miles",
"date_of_birth": "1988-07-22",
"national_id": "4987",
"id": "",
"phone_number": "14155553311",
"address": {
"line_1": "",
"line_2": "",
"locality": "",
"major_admin_division": "",
"postal_code": "",
"country": "US"
}
}
}
}curl --location --request POST 'https://riskos.sandbox.socure.com/api/evaluation' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer YOUR_API_KEY' \
--data-raw '{
"id": "prefill_test_case_01_Name_Phoneno_4SSN",
"timestamp": "2025-11-25T20:51:06.000Z",
"workflow": "individual_onboarding",
"data": {
"modules": [
"prefill"
],
"line_of_business": "onboarding",
"channel": "mobile",
"individual": {
"given_name": "Sarah",
"family_name": "Miles",
"date_of_birth": "1988-07-22",
"national_id": "4987",
"id": "",
"phone_number": "14155553311",
"address": {
"line_1": "",
"line_2": "",
"locality": "",
"major_admin_division": "",
"postal_code": "",
"country": "US"
}
}
}
}'Request schema
Top-level fields
Field | Type | Required | Description | Example |
|---|---|---|---|---|
| String | Required | Required, customer-defined unique identifier for the request. This value must be unique for each evaluation. Reusing an ID causes RiskOS™ to treat the request as a re-run and can impact processing behavior, results, and downstream workflows. |
|
| String | Required | RFC 3339 timestamp when the request was created. |
|
| String | Required | RiskOS™ workflow name configured in your environment. |
|
| Object | Required | Main payload containing business and individual information | |
→ | Array | Required | Must include |
|
→ | String | Optional | Business context (for example, |
|
→ | String | Optional | Channel context (for example, |
|
→ | Object | Required | Primary identity object. | See |
individual fields
individual fields| Field | Type | Required | Description | Example |
|---|---|---|---|---|
given_name | String | Optional | First name of the individual. | "Sarah" |
family_name | String | Optional | Last name of the individual. | "Miles" |
national_id | String | Optional | Government-issued ID (last 4 SSN for U.S., full ID for others). | "4987" |
date_of_birth | String | Optional | Date of birth in YYYY-MM-DD format. | "1988-07-22" |
address | Object | Optional | Residential address of the individual. | See address schema below. |
phone_number | String | Optional | Phone number in E.164 format. | "14155553311" |
email | String | Optional | Individual’s email address. | "[email protected]" |
address
address| Field | Type | Required | Description | Example |
|---|---|---|---|---|
line_1 | String | Optional | Street address line 1. | "812 N 5th Ave" |
line_2 | String | Optional | Street address line 2. | "Apt 12" |
locality | String | Optional | City. | "Seattle" |
major_admin_division | String | Optional | State, province, or region. | "WA" |
postal_code | String | Optional | Postal or ZIP code. | "98109" |
country | String | Required | Two-letter ISO country code. | "US" |
Example response
When you call the Evaluation API, RiskOS™ returns a JSON payload that includes the final decision, evaluation metadata, and enrichment-specific results.
{
"id": "prefill_test_case_01_Name_Phoneno_4SSN",
"eval_id": "6d004b47-e9c7-4f5d-b8c9-79d7039dd161",
"workflow": "individual_onboarding",
"workflow_id": "dc7f261e-b158-477e-9770-7e4eae066156",
"eval_start_time": "2025-10-07T23:50:03.60187976Z",
"eval_end_time": "2025-10-07T23:50:03.738794253Z",
"workflow_version": "28.16.0",
"eval_source": "API",
"status": "CLOSED",
"sub_status": "Accept",
"decision": "APPROVE",
"decision_at": "2025-10-07T23:50:03.738648201Z",
"tags": [],
"review_queues": [],
"data_enrichments": [
{
"enrichment_name": "Socure Prefill",
"enrichment_endpoint": "https://sandbox.socure.com/api/3.0/EmailAuthScore",
"enrichment_provider": "Socure",
"status_code": 200,
"request": {
"country": "US",
"dob": "1988-07-22",
"firstName": "Sarah",
"mobileNumber": "14155553311",
"modules": [
"prefill"
],
"nationalId": "4987",
"parentTxnId": "6d004b47-e9c7-4f5d-b8c9-79d7039dd161",
"riskOSId": "prefill_test_case_01_Name_Phoneno_4SSN",
"surName": "Miles",
"workflow": "individual_onboarding"
},
"response": {
"prefill": {
"aliases": [
"S Miles",
"Sar Miles"
],
"associatedAddresses": [
{
"city": "Seattle",
"firstSeenDate": "2020-01-15",
"state": "WA",
"streetAddress": "812 N 5th Ave Apt 12",
"zip": "98109"
},
{
"city": "Portland",
"firstSeenDate": "2019-09-30",
"state": "OR",
"streetAddress": "23 Ridgeway Blvd",
"zip": "97204"
}
],
"associatedEmails": [
{
"emailAddress": "[email protected]",
"firstSeenDate": "2015-05-18",
"lastSeenDate": "2024-01-10"
},
{
"emailAddress": "[email protected]",
"firstSeenDate": "2012-11-02",
"lastSeenDate": ""
}
],
"associatedPhoneNumbers": [
{
"firstSeenDate": "2016-06-12",
"lastSeenDate": "2024-03-14",
"phoneNumber": "+14155553311"
},
{
"firstSeenDate": "2017-02-11",
"lastSeenDate": "2024-03-10",
"phoneNumber": "+14155558789"
}
],
"city": "Seattle",
"dob": "1988-07-22",
"firstName": "Sarah",
"mobileNumber": "+198765432100",
"nationalId": "321654987",
"state": "WA",
"streetAddress": "812 N 5th Ave Apt 12",
"surName": "Miles",
"zip": "98109"
},
"referenceId": "536efe69-d36c-4393-ac1b-dde96ed27860"
},
"is_source_cache": false,
"total_attempts": 1
}
],
"eval_status": "evaluation_completed",
"environment_name": "Sandbox"
}
Key response fields
RiskOS™ returns a consistent set of top-level fields that describe the outcome of an evaluation, along with enrichment-specific results that depend on your workflow configuration.
Where to find specific results
| Area | Fields | How to use it |
|---|---|---|
| Decision and routing | decision, decision_at, tags, review_queues, notes, score | Primary control signals. Branch application logic using decision. Use tags, queues, notes, and score for secondary routing, review, and explanation. |
| Module results | Module-specific fields (for example: reasonCodes, scores, extracted attributes) | Evidence and signals produced by workflow modules. Use for escalation, compliance review, investigation, and audit. |
| Identifiers and traceability | id, eval_id | Persist these identifiers to correlate API calls, logs, webhooks, GET requests, and support cases. |
| Enrichment execution | data_enrichments[] (response, status_code, total_attempts, is_source_cache) | Inspect enrichment outputs and detect provisioning issues, partial failures, retries, or cached responses. |
| Workflow context | workflow, workflow_id, workflow_version | Understand which workflow ran and which version produced the result. Useful for debugging and historical analysis. |
| Evaluation lifecycle | eval_status, status, sub_status | Execution and case state only. Useful for monitoring and asynchronous workflows. Do not use for business decisions. |
| Execution context | eval_source, eval_start_time, eval_end_time, environment_name | Observability and performance metadata for latency tracking, environment validation, and API vs Dashboard attribution. |
Decision and routing (primary control signals)
Use these fields to determine what action your application should take.
decisionvalues are workflow-specific and may differ from the examples shown in this guide.
| Field | Type | Description | Example |
|---|---|---|---|
decision | String enum | Final evaluation result. Possible values: • ACCEPT• REVIEW• REJECTNote: The fields returned can be customized to fit your integration or business needs. | "ACCEPT" |
decision_at | String <Date-Time> | RFC 3339 timestamp when the decision was finalized. | "2025-10-07T23:50:03.738648201Z" |
score | Number | If configured for a workflow, provides an aggregate score of all steps. This can be used for risk banding, additional routing, or analytics alongside the primary decision value. | 0.91 |
tags | Array of Strings | Array of labels applied during the workflow to highlight routing choices, notable signals, or rule outcomes. Useful for reporting, segmentation, or UI highlighting in the RiskOS™ Dashboard. | [] |
review_queues | Array of Strings | Lists any manual review queues the evaluation was sent to. Empty when the case is fully auto-resolved without human review. | [] |
notes | String | Freeform text field for analyst or system comments about the evaluation. Often used to capture manual review rationale or investigation context. | "Identity verified with high confidence" |
Evaluation lifecycle and status
These fields describe where the evaluation is in its lifecycle and are useful for monitoring and asynchronous workflows.
| Field | Type | Description | Example |
|---|---|---|---|
eval_status | String enum | Indicates the current state of an evaluation in RiskOS™. Possible values: • evaluation_completed• evaluation_paused• evaluation_in_progress | "evaluation_completed" |
status | String enum | Indicates the current state of an evaluation or case. Possible values: • OPEN• CLOSED | "CLOSED" |
sub_status | String | Provides additional detail about the evaluation status. Example values: • Under Review• Pending Verification• Accept• Reject | "Accept" |
Identifiers and traceability
Use these fields to correlate requests, logs, webhooks, and support cases.
| Field | Type | Description | Example |
|---|---|---|---|
id | String (UUID or custom string) | Your evaluation identifier within RiskOS™. Note: This is customer-generated. | "prefill_test_case_01_Name_Phoneno_4SSN" |
eval_id | String (UUID) | RiskOS-generated unique identifier for the evaluation. | "6d004b47-e9c7-4f5d-b8c9-79d7039dd161" |
workflow | String | Name of the workflow executed. | "individual_onboarding" |
workflow_id | String (UUID) | Unique identifier for the workflow run. | "dc7f261e-b158-477e-9770-7e4eae066156" |
workflow_version | String | Version of the executed workflow. | "28.16.0" |
Execution context
These fields provide timing and environment context for the evaluation.
| Field | Type | Description | Example |
|---|---|---|---|
eval_source | String enum | Indicates where the evaluation was initiated from. Possible values: • API: Request submitted via the Evaluation API.• Dashboard: Case created or evaluated through the RiskOS™ Dashboard. | "API" |
eval_start_time | String <Date-Time> | RFC 3339 timestamp for when RiskOS™ started processing the evaluation. Useful for latency and performance monitoring. | "2025-10-07T23:50:03.60187976Z" |
eval_end_time | String <Date-Time> | RFC 3339 timestamp for when RiskOS™ finished processing the evaluation. Can be paired with eval_start_time to compute total processing time. | "2025-10-07T23:50:03.738794253Z" |
environment_name | String | Indicates which environment the evaluation ran in. Typically Sandbox for testing or Production for live traffic. | "Sandbox" |
Enrichment results
Enrichment outputs are returned in the data_enrichments array.
| Field | Type | Description | Example |
|---|---|---|---|
enrichment_name | String | Name of the module or service executed (e.g., Digital Intelligence, Verify Plus, Sigma Synthetic). | "Socure Prefill" |
enrichment_endpoint | String | API endpoint that processed the enrichment. | "https://sandbox.socure.com/api/3.0/EmailAuthScore" |
enrichment_provider | String | Provider of the enrichment service (Socure, RestAPI, etc.). | "Socure" |
status_code | Integer | HTTP status returned by the enrichment API call. | 200 |
request | Object | Request payload sent to the enrichment service. | See request schema below. |
response | Object | Normalized response data from the enrichment service. | See response schema below. |
error | String | Populated only if the enrichment encountered an error. | |
is_source_cache | Boolean | Indicates whether cached data was used instead of a live API call. | false |
total_attempts | Integer | Number of attempts made to retrieve the enrichment data. | 1 |
request fields
request fields| Field | Type | Description | Example |
|---|---|---|---|
country | String | Country code (ISO 3166). | "US" |
firstName | String | First name submitted. | "Sarah" |
surName | String | Last name submitted. | "Miles" |
nationalId | String | National identifier (e.g., SSN). | "4987" |
dob | String (YYYY-MM-DD) | Date of birth. | "1988-07-22" |
modules | Array of Strings | Modules requested. | ["prefill"] |
parentTxnId | String (UUID) | Parent transaction ID. | "6d004b47-e9c7-4f5d-b8c9-79d7039dd161" |
riskOSId | String | RiskOS™ transaction ID. | "prefill_test_case_01_Name_Phoneno_4SSN" |
workflow | String | Workflow name. | "individual_onboarding" |
response fields
response fields| Field | Type | Description | Example |
|---|---|---|---|
prefill | Object | Prefill data block. | See prefill schema. |
referenceId | String (UUID) | Unique identifier assigned to each enrichment after a RiskOS™ workflow is finalized. | "536efe69-d36c-4393-ac1b-dde96ed27860" |
prefill fields
prefill fields| Field | Type | Description | Example |
|---|---|---|---|
firstName | String | Resolved first name. | "Sarah" |
middleName | String or Null | Resolved middle name. | null |
surName | String | Resolved last name. | "Miles" |
suffix | String or Null | Suffix (for example, "Jr."). | null |
nationalId | String | Resolved SSN or equivalent. | "321654987" |
ssnFirst5 | String | First 5 digits of SSN (if available). | "32165" |
dob | String (YYYY-MM-DD) | Resolved date of birth. | "1988-07-22" |
mobileNumber | String | Resolved mobile phone number. | "+198765432100" |
socureId | String (UUID) | Socure’s persistent identity ID. Used for Graph Intelligence correlations. | "a1b2c3d4-5678-9e0f-gh12-ijklmnop3456" |
aliases | Array of Strings | Known aliases. | ["S Miles", "Sar Miles"] |
associatedPhoneNumbers | Array of Objects | Phones linked to the identity. | See schema below. |
associatedAddresses | Array of Objects | Addresses linked to the identity. | See schema below. |
associatedEmails | Array of Objects | Emails linked to the identity. | See schema below. |
associatedPhoneNumbers fields
associatedPhoneNumbers fieldsSupports up to 10 phone numbers to provide flexibility for either manual entry or selection of known phone numbers. The most recent phone number should be prefilled by default, with the option for the user to:
- Replace it with another address, or
- Select from the last three known phone number via a radio button option.
- Most recent phone number might not match the input phone number
| Field | Type | Description | Example |
|---|---|---|---|
phoneNumber | String | The phone number in E.164 format, including country code. | "+12063588927" |
firstSeenDate | String (YYYY-MM-DD) | The date the phone number was first observed. | "2010-03-01" |
lastSeenDate | String (YYYY-MM-DD) | The timestamp of the most recent presentation of the data. | "2023-05-08" |
isMatched | Boolean | Indicates whether the phone number was matched to the best-matched entity. | true |
isLatest | Boolean | Indicates whether this phone number is the most recent (current) number associated with the best-matched entity. | true |
associatedAddresses fields
associatedAddresses fieldsSupports up to 10 addresses to provide flexibility for either manual entry or selection of known addresses. The most recent address should be prefilled by default, with the option for the user to:
- Replace it with another address, or
- Select from the last three known addresses via a radio button option.
| Field | Type | Description | Example |
|---|---|---|---|
streetAddress | String | The street address, including house number and street name. | "108 Smokerise Blvd" |
city | String | The city in which the address is located. | "Longwood" |
state | String | The two-letter U.S. state abbreviation. | "FL" |
zip | String | The ZIP code or postal code for the address. | "32779-3315" |
county | String | The county associated with the best-matched entity’s address. | "US" |
firstSeenDate | String (YYYY-MM-DD) | The date the address was first observed. | "2022-03-01" |
lastSeenDate | String (YYYY-MM-DD) | The date of the most recent presentation of the data. | "2024-11-18" |
isMatched | Boolean | Indicates whether the address was matched to the best-matched entity. | true |
isLatest | Boolean | Indicates whether this address is the most recent (current) address associated with the best-matched entity. | false |
associatedEmails fields
associatedEmails fieldsSupports up to 10 email addresses to provide flexibility for either manual entry or selection of known email address. The most recent email address should be prefilled by default, with the option for the user to:
- Replace it with another address, or
- Select from the last three known email addresses via a radio button option.
- Most recent email address might not match the input phone number
| Field | Type | Description | Example |
|---|---|---|---|
emailAddress | String | The email address associated with the best-matched entity. | "[email protected]" |
firstSeenDate | String (YYYY-MM-DD) | The date the email address was first observed. | "1999-09-12" |
lastSeenDate | String (YYYY-MM-DD) | The date of the most recent presentation of the data. | "2010-09-13" |
isMatched | Boolean | Indicates whether the email was matched to the best-matched entity. | true |
isLatest | Boolean | Indicates whether this is the most recent (current) associated email. | false |
Best practices
Integration and maintenance
- Implement fallback logic for cases where Prefill fails
- Allow user override of prefilled data to maintain user control
- Log Prefill results for analytics and continuous improvement
User experience
- Clearly indicate prefilled fields to users (e.g., with visual cues)
- Provide easy edit functionality for all prefilled data
Security and compliance
- Store minimal PII — use Prefill data to populate forms but avoid unnecessary persistence
- Implement proper data retention policies for Prefill responses
- Use secure transmission (TLS 1.2+) for all API communications
Performance optimization
- Set appropriate timeouts for API calls
- Monitor API response times and optimize accordingly
Validation checklist
Validation
You’re provisioned for Prefill
Input formatting follows API specs (e.g., E.164 for phone)
Your integration handles null / empty responses
You’ve tested against known-good and synthetic inputs in Sandbox
Test coverage
Complete form population with prefill scenarios
Partial form population with user confirmation
No match scenarios → Manual entry fallback
Edge cases (missing data, API timeouts, etc.) → Graceful degradation
User experience
Clear visual indication of prefilled vs. user-entered data
Easy edit functionality for all prefilled fields
Fallback to manual entry when Prefill fails
Logging and observability
Log full request/response for debugging
Track Prefill success rates and user acceptance rates
For batch/parallel use cases, contact your Solutions Engineer
Updated 11 days ago