Security & Network Controls

Configure security and network controls for RiskOS™, including mTLS, payload encryption, and IP allowlisting for API communication.

RiskOS™ provides multiple layers of security to protect API communication and access to the Dashboard. Every API call is secured by default with TLS encryption and API key authentication. You can enable additional optional controls to meet your organization's compliance and security requirements.

Default security

All RiskOS™ API communication includes the following protections without any additional configuration:

Control	Description
TLS encryption	All API traffic is encrypted using TLS 1.2 or higher (TLS 1.3 recommended).
API key authentication	Every request requires a valid API key in the `Authorization` header.

Optional security controls

RiskOS™ offers three additional security controls that you can enable independently or together based on your requirements.

Payload encryption

Encrypt request and response payloads using JWE and JWS protocols. Protects sensitive identity data on the Evaluation and DocV endpoints.

mTLS

Enforce mutual TLS authentication so both client and server verify each other's identity using X.509 certificates.

IP filtering

Restrict API and Dashboard access to specific IP addresses or domains using an allowlist.

Choosing the right controls

Use the following table to determine which controls apply to your integration.

Requirement	Recommended control
Protect payload contents beyond TLS	Payload encryption
Verify client identity at the transport layer	mTLS
Restrict access by network origin	IP filtering
Meet regulatory or compliance mandates	Combine controls as required by your compliance team

📘
Note:
All three controls are independent and optional. You can enable any combination without affecting the others. API key authentication remains required regardless of which controls you enable.

Setup requirements

Each control requires a one-time setup process with Socure before you can use it.

Control	Setup requirement	Lead time
Payload encryption	X.509 certificate exchange with Socure for your RiskOS™ account	Contact Socure Support
mTLS	Share your client CA bundle with Socure for trust store configuration	3–5 business days
IP filtering	Self-service configuration in the RiskOS™ Dashboard	Immediate

Related resources

Security best practices — Broader guidance on encryption, API key management, RBAC, and monitoring for your RiskOS™ integration.
API reference — Complete endpoint specifications, parameters, and response schemas.

Updated about 1 month ago