Riskified Documentation

Synchronous API Integration Guide


This guide provides an overview of the integration process as well as step-by-step instructions to completing it. Please note that you can also use the instructions provided within the integration management application to guide you through the steps of the integration. You will gain access to the integration management application after an account is created for you by an account executive and an invitation to activate your account will be sent to your inbox. Technical integrations encompass development work in both the sandbox and production environments. After completing the technical requirements of the integration, the account’s settings will need to be finalized.

The main steps of the integration are:

  1. Technical integration with Riskified’s sandbox environment
  2. Activating your production account
  3. Technical integration with Riskified’s production environment
  4. Account settings

It is recommended that steps 1-3 be completed by a Developer, and step 4 be completed by the Account Owner.

Following this process, your account will be on hold while Riskified analytics and automation teams are building models and ensuring you receive the full benefits of the solution from the moment you begin submitting orders.



Integration overview

The integration with Riskified includes two main touch points used to communicate with your system:

Order data endpoints

Riskified’s endpoints enable your system to send data to Riskified about key stages in an order’s lifecycle. The endpoints are used to allow your system to notify Riskified whenever any of the following events occur:

  • Payment system response
  • Submission for review
  • Order updates
  • Order partial or full refunds

Store front beacon

Riskified's storefront beacon collects information about a customer’s device, IP address, and behavior and transmits it back to Riskified. This process occurs behind the scenes and does not have any negative effect on page load time for customers. Riskified offers the beacon for both websites and mobile native applications.


Data flow

Riskified’s endpoints receive information from your system about every order placed on your store. However, you retain full control over which orders are actually submitted for review. When an order is submitted for review, Riskified reviews it using machine learning models, elastic linking and data enrichment.

Riskified will synchronously review every order submitted and provide an instant approve or decline decision.

Riskified should be notified once the merchant has made a decision about the final order status (whether it is fulfilled, refunded, cancelled, or if a chargeback was incurred).

The below diagram illustrates the order creation, submission, and decision process within Riskified's API.


Integration process

Below are detailed instructions to guide you through the integration process. Step-by-step instructions and tools are also provided within the integration management application.

Step 1: Sandbox

Action 1: Connect to Riskified

In this step, you will be required to connect your sandbox environment to Riskified’s sandbox and send order data to Riskified. You will not be able to proceed to steps 2 and 3 until it is successfully completed.

Within the integration management application, you will be provided with:

  • Your shop URL as recorded in Riskified’s system
  • An authorization token
  • Riskified’s endpoint URL

Copy your shop URL and the authorization token into the code lines relevant to verifying requests to and from Riskified. The endpoint URL is the root directory that contains all of Riskified’s endpoints.

Riskified offers several endpoints to enable you to create, submit, and manage orders throughout their lifecycle.

Order actions

Four order actions are mandatory - “Checkout Create”, “Create,” “Submit,” and “Update”. Riskified also offers four optional order actions - “Cancel / Full Refund”, “Partial Refund”, “Fulfill”, and “Decision”. Although these are optional, it is highly recommended that you implement them in order to maximize the benefits of the integration and reduce your manual workload.

The mandatory order actions are:

Checkout Create - Allows Riskified to enrich data points prior to review, leading to faster decision making.

Create - Allows you to create an order in Riskified’s database.

Submit - Allows you to submit an order for review by Riskified. This action overrides any submission filters configured on your account. Submit also creates an order in Riskified’s database if it wasn’t created already.

Update - Allows you to update the details of an existing order in Riskified’s database. Use this to change an order’s details after its creation.

The optional order actions are:

Cancel / Full Refund - Allows you to notify Riskified when a submitted order is cancelled or fully refunded. Use this order action to trigger a reimbursement of Riskified’s approval fee when an ordered item is not shipped. Using this action for an order also cancels Riskified’s chargeback guarantee.

Partial Refund - Allows you to notify Riskified when an order is partially refunded. Use this in case some of the ordered items run out of stock or are not shipped for any other reason. Upon receiving this notification, Riskified will adjust the approval fee to reflect the new order value.

Fulfill - Allows you to notify Riskified when an order is successfully fulfilled. Use this to provide Riskified with insight into the order’s entire lifecycle and improve the accuracy of order decisions.

Decision - Allows you to notify Riskified when you approve, decline, or receive chargebacks for orders not submitted for review. It is highly recommended you use this order action to provide Riskified’s machine learning models with data integral to improving the accuracy of order decisions.

Action 2: Validate Order Data

In this step, you will be required to send several different orders to make sure the data in them is formatted properly and in accordance with Riskified’s requirements.

Submitting orders for validation

Once the order actions are implemented within your system, the data sent must be validated by Riskified to ensure there are no issues with its format, content, or structure.

Created orders will appear in the order validation table and be automatically scanned for data issues. Any issues found will appear in the table under the icon. To see the results for a specific order, click the red icon beside it.

To select an order from the table to be sent for manual validation, click the box beneath the word “Choose” appearing to its direct left. When you have finished selecting orders, click the “Validate” button. It is required that you send real order data as sent back by your system.

After requesting validation, the action status will automatically change to “Analysis in progress”. You will be unable to submit additional orders for validation until you receive a response from Riskified regarding those under review. Therefore, you should send orders from a variety of payment gateways, order flows and product types to ensure a complete validation.

Riskified will then analyze your submitted orders and provide you with feedback via email once the validation is complete. Below is a list of possible outcomes:

  • Issues found with your data: This means a problem with one or more submitted orders prevented a successful validation. In this case, you will be notified of the issues detected and informed of the changes necessary to format future orders in accordance with Riskified’s requirements. After implementing these changes, you must submit new, properly formatted, orders for validation.
  • Data Validation completed: This means that all orders submitted for review were validated, and there are no outstanding issues.

After completing the above steps in the sandbox environment, your account is ready to be moved to production. In the sandbox menu, click “Activate my production account” in order to continue the integration process in Riskified’s production environment.


Step 2: Create your production account



In order to activate your production account, Riskified requires all users to set their production password. The user completing step 1 will be prompted to set their password within the integration management application. All other users will be sent an email inviting them to set their own password for their personal production login.


Step 3: Production

Action 1: Connect to Riskified

This step ensures your system can properly communicate with Riskified’s production environment. You will not be able to proceed to the next action until it is successfully completed.

Within the integration management application, you will be provided with:

  • Shop URL as recorded in Riskified's system
  • an authorization token
  • Riskified’s endpoint URL.

Copy your shop domain and Riskified authorization token into the code lines relevant to verifying requests to and from Riskified. The endpoint URL is the root directory that contains all of Riskified’s endpoints.

Sending real-time orders in shadow mode:

It is highly recommended to start sending your real-time production orders in shadow mode (capture mode) at this point. Sending orders in real time should not interfere with any of your current flows - Riskified will not send any decisions on these orders until the integration process is completed.

Riskified requires five days of real-time data before going live, as this is the minimal time frame the automation and analytics teams need to analyze your data, and build your customized automation models. The data will help in detecting any data issues with production orders well before going live when data issues cost time and money.

Action 2: Implement Riskified’s storefront beacon

In this step you will implement the Riskified storefront beacon on your website and/or any native mobile application available to your customers. Riskified’s beacon collects information about a customer’s device, IP address, and behavior and transmits it back to Riskified. This process occurs behind the scenes and does not have any negative effect on page load time for customers. Riskified offers the beacon for both websites and mobile native applications. For optimal performance, the beacon performance status should be at least "good."

Detailed instructions for embedding the storefront beacon can be found here.
Detailed instructions for embedding the mobile beacon can be found here.

Action 3: Send historical orders

In this step, you will use Riskified’s historical endpoint to send your historical order data and statuses dating back to a minimum of 6 months prior to the integration. Riskified analyzes historical orders using elastic linking and machine learning engines. This process ensures you get the benefit of an optimal approval rate from the day you go live.

The status of the historical orders analysis will be communicated to you both by email and within the integration management application.

Required Data: All order parameters previously configured for the sandbox order data validation such as shipping address, billing address, payment details, etc. must be included in the order data of all orders sent for historical order analysis. In addition, you must provide Riskified with the status of every order - whether it was approved, declined, or if a chargeback was incurred.

You can provide an order’s final status via the “decision” object provided in Riskified’s API. For every order, add one of the following tags to the “external_status” field:

  • “approved” - approved orders
  • “declined_fraud”- declined orders (refunded or voided) due to suspected fraud
  • “cancelled” - declined orders (refunded or voided) for non-fraudulent reasons (e.g. item out of stock)
  • “chargeback_fraud” - orders for which a fraud-related chargeback was incurred (e.g. unauthorized card usage)
  • “chargeback_not_fraud” - orders for which a non-fraud-related chargeback was incurred (e.g. item not received)

Alternatively, you can upload a CSV file of order decisions as described in Action 4.

Once you have prepared all historical orders go to the integration management application, click “Send historical orders,” and choose the estimated number of historical orders to be sent to Riskified. Then, begin sending your orders to Riskified via the historical endpoint. Riskified will validate these orders in real-time as you send them. The status of the historical order analysis will be displayed on-screen within the integration management application.

If at any point, Riskified encounters an error or problem with the provided historical data, the process will be halted. When this occurs, you will be notified of the detected issues and informed of the changes required in order to be in compliance with Riskified’s requirements. You must re-start the process from the beginning, making all necessary corrections beforehand.

Action 4: Send historical chargebacks

In case you are unable to provide your historical chargebacks via the decision endpoint as explained in the last action, you can provide Riskified with historical in a CSV format.

The historical chargeback CSV should contain two columns:

  1. Order ID (the same parameter included in the order JSON as “id”)
  2. Final order status - This field can receive two parameters: “chargeback_fraud”, “chargeback_not_fraud”.

Once you have generated the CSV file, click “Upload” to send it to Riskified.


Step 4: Set account



Only the account owner will be able to complete the actions in this step.

Action 1: Set users

Add the users to grant access to the Riskified management application, including respective roles. Please note that you can add users within this screen, but not configure their notification settings. Full user management capabilities will be available in your Riskified account, after the integration is complete.

More information about User Roles and Permissions can be found here.
More information about multiple user management can be found here.

Action 2: Provide billing details

In this action, you will perform these 3 steps:

  • Enter the billing information as you would like it to appear on your monthly invoice.
  • Enter the email addresses where you would like to receive invoices from Riskified. This can be done by clicking “Add” on the bottom right hand side of the screen.
  • Enter the credit card you will be using to make payments to Riskified. This can be done by clicking “Add card” at the bottom left hand side of the screen. Merchants who pay by other methods will be presented with their chosen method of payment.

Please note that all settings available here will continue to be available to you after the integration is complete.

Action 3: Read chargeback guarantee

In this action, you are required to read through a summary of Riskified’s chargeback guarantee.

You will be unable to complete the integration until certifying that you have read and understood Riskified's chargeback guarantee.

After completing the above steps, click the “Click here to complete setup” button in the set account menu to finalize the integration.


This concludes the integration.

Important: Riskified is committed to ensuring you receive the full benefits of the integration from the moment your account is live. To that end, the status of your account will be “On hold” for up to five days after real-time data begins flowing to Riskified. Our automation and analytics teams use this time period to research and analyze your order data and build your customized automation models. You will be notified when this process is complete and you can begin submitting orders for review.