Integrate using Cursor / Claude Code (MCP Server)

The RiskOS™ Model Context Protocol (MCP) Server connects AI development tools directly to the RiskOS™ platform. It enables AI assistants to retrieve documentation, inspect workflows, and access API schemas from your RiskOS™ environment.

Key features

Embedded RiskOS™ documentation access:
Agents can retrieve the full RiskOS™ documentation set: concepts, fields, workflows, and API behavior.
Retrieve the latest API specification:
Retrieve the current RiskOS™ OpenAPI specification for code generation, validation, or starting a new integration.
Check RiskOS™ configuration (workflows):
List the use cases and workflows configured in your RiskOS™ account to confirm setup and reference workflow identifiers programmatically.
Use RiskOS™-specific prompts:
The server includes prompts tailored for RiskOS™ development, helping agents provide accurate, implementation-ready guidance.

📘
Note:
The RiskOS™ MCP Server is not yet available for users who sign in to RiskOS™ using Single Sign-On (SSO). At this time, MCP access requires username and password authentication for the RiskOS™ environment.

How it works

The RiskOS™ integration ecosystem uses a hybrid architecture of Logic and Data to provide AI assistants with both procedural expertise and real-time environment context.

High impact: the RiskOS Integration Skill

The RiskOS Integration Skill is a critical feature, acting as the "operating manual" for your assistant to integrate with RiskOS. It defines standard integration patterns to ensure your agent follows best practices for integration in a guided path rather than guessing integration steps.

Instructional Logic: Teaches agents to handle evaluation decisions from RiskOS (Accept, Reject, Review).
Task Automation: Guides assistants through multi-step integration sequences like managing API Keys or setting up webhooks.
Expert Mode Reasoning: Ensures integration code generation is seamless and manages error-handling effectively.

Install from here RiskOS Integration Skill

RiskOS™ MCP Server (the "Data Layer")

The RiskOS™ MCP Server provides a read-only interface to your environment, acting as the dynamic data source for all development tasks.

Real-time Retrieval: Fetch the latest documentation, API schemas, and workflow metadata directly from your account.
Account Discovery: Programmatically inspect your organization's specific solutions and active workflows.

Component comparison

Feature	RiskOS™ Agent Skill (Logic)	RiskOS™ MCP Server (Data)
Role	Procedural logic and expert instructions.	Standardized interface for platform data.
Primary Goal	Teaches the agent how to implement.	Shows the agent what is configured.
Capabilities	Decision patterns and error handling.	Live docs, API schemas, and workflows.
Data Scope	Static logic and reference artifacts.	Dynamic, read-only platform state.

📘
Note:
The RiskOS™ MCP Server provides read-only access to documentation, schemas, and configuration metadata. It does not modify RiskOS™ resources or execute transactions.

flowchart LR

    subgraph Client["Your environment"]
        A[AI assistant]
        B[RiskOS™ Skill]
        C[MCP client]
    end

    subgraph RiskOS["RiskOS™ platform"]
        D[RiskOS™ MCP server]
        E[Documentation]
        F[OpenAPI spec]
        G[Workflows]
    end

    A --> C --> D
    D --> E
    D --> F
    D --> G

    B -. enhances .-> A

Install and configure

The RiskOS™ MCP Server exposes a simple HTTP interface compatible with any MCP-enabled client, including VS Code, Cursor, and other AI-driven development tools. Once configured, your AI assistant can automatically access RiskOS™ documentation, API schemas, and development guidance.

Setting	Description	Value
Protocol & Base URL	All MCP requests are sent to this endpoint over standard HTTP.	`https://mcp.riskos.socure.com/mcp`
Authentication	Basic authentication using RiskOS™ Dashboard credentials.	`Authorization: Basic YOUR_USERNAME:YOUR_PASSWORD`

Client configuration examples

📘
Note:

Client configuration steps may differ slightly depending on the tool you are using.

The RiskOS™ MCP Server has been tested with:

Claude Desktop app

Claude Code (CLI)

Cursor

VS Code

Refer to your specific MCP client’s documentation for details on where to define the base URL and authentication headers.

Claude Desktop

Claude uses a static configuration for MCP servers. Because Claude does not support interactive credential prompts, you must provide your Base64-encoded credentials directly in the server configuration.

Prerequisites

Node.js v20.18.1+: Required for the mcp-remote transport layer.
Install RiskOS™ Skill (recommended): Before configuring the server, install RiskOS™ Skill. While the MCP server provides live data, RiskOS™ Skill provides the agent with "Expert Mode" logic for building integrations, handling errors, and following Socure best practices.
- Manual install: Clone or download the repo to ~/.claude/skills/riskos-skill/
- Via terminal: npx skills add socure-inc/riskos-skill -g

Configure the MCP server

In terminal, generate a Base64-encoded string of your RiskOS™ username:password:
```
echo -n "YOUR_USERNAME:YOUR_PASSWORD" | base64
```
Note: Replace the placeholders with your actual RiskOS™ Sandbox or Production credentials.
In Claude Desktop, go to Settings > Developer and click Edit Config. This will take you to the Claude Desktop config file in your filesystem claude_desktop_config.json.

Paste the following configuration into the mcpServers object. Replace YOUR_BASE64_STRING with the token output from Step 1.

{
  "mcpServers": {
    "socure-dev-assist": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.riskos.socure.com/mcp",
        "--header",
        "Authorization: Basic YOUR_BASE64_STRING"
      ]
    }
  }
}

Restart Claude to apply the configuration.
Once connected, start a new session with Claude to call RiskOS™ MCP tools using natural-language prompts.

Available tools

The RiskOS™ MCP Server provides the following tools for retrieving documentation, exploring workflows, and supporting integration development.

Tool	Description
`ask_docs`	General RiskOS™ documentation, feature explanations, and API guidance (not account-specific).
`add_webhook`	Create and configure a new webhook endpoint for this account.
`update_webhook`	Modify an existing webhook configuration for this account.
`list_webhooks`	Retrieve all webhooks currently configured in this account.
`list_events`	Retrieve webhook events available for RiskOS™ in general.
`list_testcases`	Retrieve test cases configured in this account to help with API Integration.
`list_usecases`	Retrieve use cases configured for this account.
`list_workflows`	Retrieve workflows configured for this account.
`integration_checklist`	View integration steps configured for this account to help integrate with RiskOS™. These steps are specific to the customer’s workflow.

Example usage:

What fields are required for Consumer Onboarding?

Which workflows are available for Business Onboarding?

What steps do I need to complete to integrate Verify Plus?

Advanced usage:

Use the list_use_cases tool to retrieve the list of available use cases.

Use the list_workflows tool to identify active workflows. If there are no workflows - remind me to activate one in the RiskOS™ Dashboard.

Prompts

Prompts guide how the assistant reasons, not what data it can access. They do not call MCP tools directly.

These modes help the assistant produce higher-quality explanations or integration-level code depending on your task.

Prompt	Description
`documentation`	Switches the assistant into “RiskOS™ documentation expert” mode. Best for conceptual explanations, workflow overviews, and clarifying platform behavior.
`integration`	Switches the assistant into “RiskOS™ integration engineer” mode. Best for generating code samples, request payloads, API calls, and step-by-step implementation guidance.

Example usage:

documentation: Explain how a RiskOS™ workflow evaluates a request.

integration: Generate a Python example for calling the Evaluation API.

Resources

Resources expose static, machine-readable artifacts suitable for code generation, schema validation, and IDE integration.

Resource	Description
`riskos_openapi_spec`	Returns the complete RiskOS™ OpenAPI specification, including endpoints, schemas, and workflow representations. Useful for generating typed clients or validating request/response structures.

Example usage:

riskos_openapi_spec: Return the schema for /api/evaluation/{eval_id}.

riskos_openapi_spec: Extract all workflow-related paths and schema objects.

Download and save the RiskOS™ OpenAPI specification into riskos_openapi.json using the riskos_openapi_spec resource.

Security best practices

The RiskOS™ MCP Server is designed for secure, read-only development assistance. The following best practices help ensure credentials and environments remain protected.

Protect your credentials

Never hard-code RiskOS™ usernames or passwords in source code, scripts, or documentation.
Use your MCP client’s secure input or secrets mechanism to supply credentials at runtime.
Do not paste credentials directly into AI prompts or chat messages.

Limit credential exposure

Configure MCP clients on trusted developer machines only.
Avoid sharing MCP configuration files that reference credential inputs.
If credentials are accidentally exposed, rotate them immediately in the RiskOS™ Dashboard.

Understand data access boundaries

The MCP server provides read-only access to:

RiskOS™ documentation
API schemas
Workflow and use case metadata

The server does not:

Access customer PII
Retrieve evaluation results
Modify RiskOS™ configurations
Execute transactions or workflows

Treat AI output as advisory

Code, payloads, and guidance generated by AI assistants should be reviewed before use.
Do not assume generated examples are production-ready without validation.
Always verify required fields, workflow IDs, and API behavior against official RiskOS™ documentation.

Secure your development environment

Keep your MCP client, editor, and dependencies up to date.
Follow your organization’s standard security policies for developer tools and credentials.
Remove MCP configurations from machines or projects that no longer require access.