Riskified Documentation

API Integration Guide


This guide provides an overview of the integration process as well as step-by-step instructions to completing it. Please note that you can also use the instructions provided within the integration management application to guide you through the steps of the integration. You will gain access to the integration management application after an account is created for you by an account executive and an invitation to activate your account will be sent to your inbox. Technical integrations encompass development work in both the sandbox and production environments. After completing the technical requirements of the integration, the account’s settings will need to be finalized.

The main steps of the integration are:

  1. Technical integration with Riskified’s sandbox environment
  2. Activating your production account
  3. Technical integration with Riskified’s production environment
  4. Account settings

It is recommended that steps 1-3 be completed by a Developer, and step 4 be completed by the Account Owner.

Following this process, your account will be on hold while Riskified analytics and automation teams are building models and ensuring you receive the full benefits of the solution from the moment you begin submitting orders.



Integration overview

The integration with Riskified includes three main touch points used to communicate with your system:

Order data endpoints

Riskified’s endpoints enable your system to send data to Riskified about key stages in an order’s lifecycle. The endpoints are used to allow your system to notify Riskified whenever any of the following events occur:

  • Payment system response
  • Submission for review
  • Order updates
  • Order partial or full refunds

Order decision notifications

Riskified uses the notification endpoint to send order decisions back to your system. This allows you to streamline your order flow and completely automate the post-checkout process, both for approvals and declines.

Store front beacon

Riskified's store front beacon collects information about a customer’s device, IP address, and behavior and transmits it back to Riskified. This process occurs behind the scenes and does not have any negative effect on page load time for customers. Riskified offers the beacon for both websites and mobile native applications.

Riskified store front beacon

Data flow

Riskified’s endpoints receive information from your system about every order placed on your store. However, you retain full control over which orders are actually submitted for review. When an order is submitted for review, Riskified reviews it using machine learning models, elastic linking and data enrichment.

When a decision is made on a submitted order, Riskified notifies your store’s back-end via a simple REST call. This notification can be used to trigger events in your system that will synchronize the order status with Riskified’s system and trigger your own system’s post-decision processes.

Finally, Riskified is notified about the final status of the order, whether it is fulfilled, refunded, cancelled, or if a chargeback was incurred.

The following diagram illustrates the order creation, submission, and decision notification processes within Riskified's API.


Integration process - Development and testing

Step-by-step instructions and tools are provided within the integration management application to guide you through the integration process.

Detailed instructions for every step are listed below.

Step 1: Sandbox

Action 1: Connect to Riskified

In this step, you will be required to connect your sandbox environment to Riskified’s sandbox and send order data to Riskified. You will not be able to proceed to steps 2 and 3 until it is successfully completed.

Within the integration management application, you will be provided with:

  • Your shop URL as recorded in Riskified’s system
  • An authorization token
  • Riskified’s endpoint URL

Copy your shop URL and the authorization token into the code lines relevant to verifying requests to and from Riskified, as defined in Riskified API reference document. The endpoint URL is the root directory that contains all of Riskified’s endpoints.

Riskified offers several endpoints to enable you to create, submit, and manage orders throughout their lifecycle.

The Riskified API reference document contains all relevant information needed to interact with our system, including SDKs for PHP, Java, and .NET.

Order actions

Three order action are mandatory - “Create,” “Submit,” and “Update”. Riskified also offers four optional order actions - “Cancel / Full Refund”, “Partial Refund”, “Fulfill”, and “Decision”. Although these are optional, it is highly recommended that you implement them in order to maximize the benefits of the integration and reduce your manual workload.

The mandatory order actions are:

Create - Allows you to create an order in Riskified’s database.

Submit - Allows you to submit an order for review by Riskified. This action overrides any submission filters configured on your account. Submit also creates an order in Riskified’s database if it wasn’t created already.

Update - Allows you to update the details of an existing order in Riskified’s database. Use this to change an order’s details after its creation.

The optional order actions are:

Cancel / Full Refund - Allows you to notify Riskified when a submitted order is cancelled or fully refunded. Use this order action to trigger a reimbursement of Riskified’s approval fee when an ordered item is not shipped. Using this action for an order also cancels Riskified’s chargeback guarante

Partial Refund - Allows you to notify Riskified when an order is partially refunded. Use this in case some of the ordered items run out of stock or are not shipped for any other reason. Upon receiving this notification, Riskified will adjust the approval fee to reflect the new order value.

Fulfill - Allows you to notify Riskified when an order is successfully fulfilled. Use this to provide Riskified with insight into the order’s entire lifecycle and improve the accuracy of order decisions.

Decision - Allows you to notify Riskified when you approve, decline, or receive chargebacks for orders not submitted for review. It is highly recommended you use this order action to provide Riskified’s machine learning models with data integral to improving the accuracy of order decisions.

Action 2: Validate Order Data

In this step, you will be required to send several different orders to make sure the data in them is formatted properly and in accordance with Riskified’s requirements.

Submitting orders for validation

Once the order actions are implemented within your system, the data sent must be validated by Riskified to ensure there are no issues with its format, content, or structure.

Created orders will appear in the order validation table and be automatically scanned for data issues. Any issues found will appear in the table under the icon. To see the results for a specific order, click the red icon beside it.

To select an order from the table to be sent for manual validation, click the box beneath the word “Choose” appearing to its direct left. When you have finished selecting orders, click the “Validate” button. It is required that you send real order data as sent back by your system.

After requesting validation, the action status will automatically change to “Analysis in progress”. You will be unable to submit additional orders for validation until you receive a response from Riskified regarding those under review. Therefore, you should send orders from a variety of payment gateways, order flows and product types to ensure a complete validation.

Riskified will then analyze your submitted orders and provide you with feedback via email once the validation is complete. Below is a list of possible outcomes:

  • Issues found with your data: This means a problem with one or more submitted orders prevented a successful validation. In this case, you will be notified of the issues detected and informed of the changes necessary to format future orders in accordance with Riskified’s requirements. After implementing these changes, you must submit new, properly formatted, orders for validation.
  • Data Validation completed: This means that all orders submitted for review were validated, and there are no outstanding issues.

Action 3: Set sandbox notification endpoint

In this step you will set the designated URL to which Riskified will send order decisions. Riskified sends notifications to the endpoint in order to allow you to integrate these decisions directly into your fulfillment and payment processing systems.

Endpoint test

Riskified will send a message with a fabricated order ID to the endpoint. If a code 200 response is received from your server, the test will be considered successful.

Click the “Test Endpoint” button to troubleshoot problems. If the test is successful, Riskified will save the endpoint. If the test fails, a log describing the error type will appear.

Action 4: Test order flow

In this step, Riskified enables you to test your end-to-end order flow before setting up your production account. You can simulate “approve” or “decline” decisions and make sure post-decision processes work as expected.
Note: This test will only work after a notification endpoint has been set.

Follow these steps to perform an end-to-end test:

  1. Click on the “Submit” button. The order status will change to “Under Review”.
  2. Click either the "Approve" or "Decline" button. The order status will change accordingly and an email notification will be sent to your inbox.
  3. Check that the processes set to be triggered within your systems by an approve or decline decision work as expected.

After completing these 4 steps in the sandbox environment, your account is ready to be moved to production. In the sandbox menu, click “Activate my production account” in order to continue the integration process in Riskified’s production environment.


Step 2: Create your production account



In order to activate your production account, Riskified requires all users to set their production password. The user completing step 1 will be prompted to set their password within the integration management application. All other users we be sent an email inviting them to set their own password for their personal production login.


Step 3: Production

Action 1: Connect to Riskified

This step ensures your system can properly communicate with Riskified’s production environment. You will not be able to proceed to the next action until it is successfully completed.

Within the integration management application, you will be provided with:

  • Shop URL as recorded in Riskified’s system
  • an authorization token
  • Riskified’s endpoint URL.

Copy your shop domain and Riskified authorization token into the code lines relevant to verifying requests to and from Riskified, as defined in Riskified API reference document. The endpoint URL is the root directory that contains all of Riskified’s endpoints.

Sending Real-Time Orders in Shadow Mode:

It is highly recommended to start sending your real-time production orders in shadow mode (capture mode) at this point. Sending orders in real time should not interfere with any of your current flows - Riskified will not send any decisions on these orders until the integration process is completed.

Riskified requires five days of real-time data before going live, as this is the minimal time frame the automation and analytics teams need to analyze your data, and build your customized automation models. The data will help in detecting any data issues with production orders well before going live when data issues cost time and money.

Action 2: Set production notification endpoint

In this step you will set the designated URL to which Riskified will send order decisions when working with your production environment. Riskified sends notifications to the endpoint in order to allow you to integrate these decisions directly into your fulfillment and payment processing systems

Endpoint test

Riskified will send a message with a fabricated order ID to the endpoint. If a code 200 response is received from your server, the test will be considered successful.

Click the “Test Endpoint” button to troubleshoot problems. If the test is successful, Riskified will save the endpoint. If the test fails, a log describing the error type will appear.

Action 3 :Implement Riskified’s store front beacon

In this step you will implement the Riskified store front beacon on your website and/or any native mobile application available to your customers. Riskified’s beacon collects information about a customer’s device, IP address, and behavior and transmits it back to Riskified. This process occurs behind the scenes and does not have any negative effect on page load time for customers. Riskified offers the beacon for both websites and mobile native applications. For optimal performance, the beacon performance status should be at least “good.”

Detailed instructions for embedding the storefront beacon can be found here.
Detailed instructions for embedding the mobile beacon can be found here.

Action 4 :Send historical Orders

In this step, you will use Riskified’s historical endpoint to send your historical order data and statuses dating back to a minimum of 6 months prior to the integration. Riskified analyzes historical orders using elastic linking and machine learning engines. This process ensures you get the benefit of an optimal approval rate from the day you go live.

The status of the historical orders analysis will be communicated to you both by email and within the integration management application.

Required Data: All order parameters previously configured for the sandbox order data validation such as shipping address, billing address, payment details, etc. must be included in the order data of all orders sent for historical order analysis. In addition, you must provide Riskified with the status of every order - whether it was approved, declined, or if a chargeback was incurred.

You can provide an order’s final status via the “decision” object provided in Riskified’s API. For every order, add one of the following tags to the “external_status” field:

  • “approved” - approved orders
  • “declined_fraud”- declined orders (refunded or voided) due to suspected fraud
  • “cancelled” - declined orders (refunded or voided) for non-fraudulent reasons (e.g. item out of stock)
  • “chargeback_fraud” - orders for which a fraud-related chargeback was incurred (e.g. unauthorized card usage)
  • “chargeback_not_fraud” - orders for which a non-fraud-related chargeback was incurred (e.g. item not received)

Alternatively, you can upload a CSV file of order decisions as described in Action 5.

Once you have prepared all historical orders go to the integration management application, click “Send historical orders,” and choose the estimated number of historical orders to be sent to Riskified. Then, begin sending your orders to Riskified via the historical endpoint. Riskified will validate these orders in real-time as you send them. The status of the historical order analysis will be displayed on-screen within the integration management application.

If at any point, Riskified encounters an error or problem with the provided historical data, the process will be halted. When this occurs, you will be notified of the detected issues and informed of the changes required in order to be in compliance with Riskified’s requirements. You must re-start the process from the beginning, making all necessary corrections beforehand. Detailed instructions for sending historical orders can be found in Riskified’s API reference.

Action 5: Send historical chargebacks

In case you are unable to provide your historical chargebacks via the decision endpoint as explained in the last action, you can provide Riskified with historical in a CSV format.

The historical chargeback CSV should contain two columns:

  1. Order ID (the same parameter included in the order JSON as “id”)
  2. Final order status - This field can receive two parameters: “chargeback_fraud”, “chargeback_not_fraud”.

Once you have generated the CSV file, click “Upload” to send it to Riskified.

Action 6: Test order flow

We encourage you to test your end-to-end order flow in production, before going live. You can simulate “approve” or “decline” decisions and make sure post-decision processes work as expected within your production environment. Please make sure to set a notification endpoint before testing your order flow.

  1. You can create a test order by adding the order_type field to the order JSON and setting it to “test”. Alternatively, you can convert real-time orders to test orders while viewing the “real-time order” list. To do this, access the list, and then click the ‘Mark as test’ button that corresponds with the order you wish to convert. This will change the order type to “test”.
    Note: You will not be able to revert the order type back to live after having made the change.
  2. Click on the “Submit” button. The order status will change to “Under review”.
  3. Click on either the "Approve" or "Decline" button. The order status will change accordingly and a notification about the order decision will be sent via the notification endpoint you set in Action 2. An email notification will also be sent.
  4. Check to see that the processes set to be triggered within your systems by an “Approve” or “Decline” decision are functioning properly.

Important:
Riskified will not charge any fees for conducting tests in Production.
This test will only work after a notification endpoint has been set.
Test actions are only available for test orders.

After completing these steps, the technical integration with Riskified is complete. You are now ready to set the operational aspects of your account before going live.


Step 4: Set account



Only the account owner will be able to complete the actions in this step.

Action 1: Set users

Add the users to grant access to the Riskified management application, including respective roles. Please note that you can add users within this screen, but not configure their notification settings. Full user management capabilities will be available in your Riskified account, after the integration is complete.

More information about User Roles and Permissions can be found here.
More information about multiple user management can be found here.

Action 2: Provide billing details

In this action, you will perform these 3 steps:

  • Enter the billing information as you would like it to appear on your monthly invoice.
  • Enter the email addresses where you would like to receive invoices from Riskified. This can be done by clicking “Add” on the bottom right hand side of the screen.
  • Enter the credit card you will be using to make payments to Riskified. This can be done by clicking “Add card” at the bottom left hand side of the screen. Merchants who pay by other methods will be presented with their chosen method of payment.

Please note that all settings available here will continue to be available to you after the integration is complete.

Action 3: Read Chargeback Guarantee

In this action, you are required to read through a summary of Riskified’s chargeback guarantee.

You will be unable to complete the integration until certifying that you have read and understood Riskified's chargeback guarantee.

After completing the above steps, click the “Click here to complete setup” button in the set account menu to finalize the integration.


This concludes the integration.

Important: Riskified is committed to ensuring you receive the full benefits of the integration from the moment your account is live. To that end, the status of your account will be “On hold” for up to five days after real-time data begins flowing to Riskified. Our automation and analytics teams use this time period to research and analyze your order data and build your customized automation models. You will be notified when this process is complete and you can begin submitting orders for review.