Signals & Attributes
Canonical taxonomy of workflow-accessible data objects in RiskOS™: attributes, signals, reason codes, tags, and derived values.
RiskOS™ workflows process five distinct types of data during an evaluation. Each has a precise definition, a distinct runtime role, and a specific location in the API response.
Data taxonomy
| Term | Definition | Runtime role | Set by | API response location |
|---|---|---|---|---|
| Attribute | A normalized input field describing the entity being evaluated | Workflow input — defines what data enters the evaluation | Your application (via API request) | Request payload (data.*) |
| Signal | A discrete data point returned by an enrichment or external data service | Decision input — provides evidence for rules | Enrichment step | data_enrichments[].response.* |
| Reason code | A human-readable code explaining why a specific enrichment or decision outcome occurred | Explainability — traces the reasoning behind a decision | Enrichment response or Reason Code step | reason_codes[] and data_enrichments[].response.reason_codes[] |
| Tag | A metadata label conditionally attached to an evaluation | Operational grouping — classifies evaluations for filtering, routing, and reporting | Tag step (when its condition evaluates to true) | tags[] |
| Derived value | A value computed by a workflow step from attributes, signals, or other derived values | Intermediate computation — feeds downstream conditions and decisions | Transformation step or Rule Scorecard step | computed.* (requires feature flag) |
Attributes
An attribute is an input data point about the entity being evaluated — the information your application sends in the POST /api/evaluation request.
| Category | Example attributes | Payload path |
|---|---|---|
| Individual | first_name, last_name, dob, ssn, email, phone_number | data.individual.* |
| Address | street, city, state, zip, country | data.individual.address.* |
| Account | account_id, account_type, account_creation_date | data.individual.account.* |
| Business | business_name, ein, business_address | data.business.* |
| Device | ip_address, user_agent, device_id | data.device.* |
| Custom | Any key-value pairs in the custom object | data.custom.*, data.individual.custom.* |
The Input step of a workflow defines which attributes are required and optional. Attributes are available to all downstream steps as operands in conditions and rules.
Signals
A signal is a discrete data point returned by an enrichment during workflow execution. Signals are the primary evidence used by rules and conditions to reach a decision.
| Signal type | Example | Source |
|---|---|---|
| Risk score | sigma_identity_fraud.score = 0.92 | Sigma Identity Fraud enrichment |
| Validation result | phone_risk.phone_type = "mobile" | Phone Risk enrichment |
| Match indicator | verify.name_match = "exact" | Verify enrichment |
| Fraud flag | digital_intelligence.vpn_detected = true | Digital Intelligence enrichment |
| Compliance result | watchlist.match_count = 0 | Watchlist enrichment |
Signals appear in data_enrichments[].response.* in the evaluation API response.
Reason codes
A reason code is a human-readable identifier explaining a specific factor in an enrichment result or decision outcome. Reason codes provide explainability — they answer "why did this evaluation receive this decision?"
| Characteristic | Description |
|---|---|
| Format | Alphanumeric code (for example, I805, R301) |
| Source | Returned by enrichments or attached by a Reason Code workflow step |
| Purpose | Explain the factors behind a score or decision to reviewers and downstream systems |
| API location | Top-level reason_codes[] and per-enrichment data_enrichments[].response.reason_codes[] |
Reason codes are not decision inputs — they are decision explanations. Rules and conditions evaluate signals, not reason codes (though the has reason code operator enables reason-code-aware routing).
Tags
A tag is a metadata label conditionally attached to an evaluation by a Tag step in the workflow. Tags classify evaluations for operational purposes.
| Characteristic | Description |
|---|---|
| Behavior | Set only when the Tag step's condition evaluates to true |
| Purpose | Operational grouping — filter cases, trigger automation, segment analytics |
| Boolean output | Each Tag step produces a boolean output field indicating whether the tag was set |
| API location | tags[] in the evaluation response |
Tags are metadata, not decision inputs. They describe the evaluation after the fact, enabling downstream filtering and reporting.
Derived values
A derived value is a value computed during workflow execution from attributes, signals, or other derived values. Derived values are intermediate computations used by downstream rules and conditions.
| Source step | How it produces a derived value | Example |
|---|---|---|
| Transformation | Applies stateless functions (string, numeric, date, array) to input data | $age_at_application = DATEDIFF(dob, NOW(), "years") |
| Rule Scorecard | Sums numeric scores from matching rules | $risk_score = 45 |
| Condition | Produces a boolean output indicating the branch taken | $is_high_risk = true |
Derived values appear in the computed object of the API response (requires feature flag) and are referenced in downstream steps using the $output_field_name syntax.
How data flows through a workflow
flowchart TD
REQ["API Request"] --> ATTR["Attributes (input)"]
ATTR --> INPUT["Input Step"]
INPUT --> ENRICH["Enrichment Steps"]
ENRICH --> SIG["Signals"]
ENRICH --> RC["Reason Codes"]
INPUT --> TRANSFORM["Transformation Steps"]
TRANSFORM --> DV["Derived Values"]
SIG --> RULES["Rules & Conditions"]
DV --> RULES
RULES --> TAG["Tag Steps"]
TAG --> TAGS["Tags"]
RULES --> DECISION["Decision"]
SIG --> RESP["API Response"]
RC --> RESP
TAGS --> RESP
DV --> RESP
DECISION --> RESP
Entities and aggregations
RiskOS™ tracks certain attributes as entities — core data elements that represent a real-world actor (email address, phone number, SSN, account UUID). Entities enable:
- Aggregation features: Computations applied across evaluations sharing the same entity (count, average, sum, min, max, first seen, last seen, distinct count).
- Time windows: Aggregations can be scoped to specific periods (minutes, hours, days, or lifetime).
- Cross-journey linkage: The same entity connects evaluations across onboarding, authentication, and fraud review via SocureID.
For entity configuration and aggregation functions, see Entities and Aggregations.
Related concepts
- Enrichments — The data services that produce signals and reason codes
- Rules & Conditions — The logic that evaluates signals and derived values
- Evaluations — The execution context where all data types flow
- Decisions — The outcome that signals, rules, and derived values drive toward
- Statuses & Lifecycle — Lifecycle states vs data objects
- Terminology Governance — Canonical naming for data concepts
- Handling Dynamic Fields — Working with
data_enrichmentsandcomputedin the API response - Custom Fields — Passing custom attributes in the evaluation request
Updated 5 days ago