Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Back to blog
Blog · June 16, 2026

Implementing a Real-Time Identity Risk Scoring API: A Developer's Guide

This guide provides developers with a comprehensive overview of how to integrate and leverage an identity risk scoring API to enhance fraud detection and compliance within their applications. Learn about key features, integration

By DiditUpdated
didit-thumb-89420.png

An identity risk scoring API provides a programmatic interface for assessing the risk associated with a user's identity in real time, helping businesses prevent fraud, meet regulatory obligations like KYC (Know Your Customer) and AML (Anti-Money Laundering), and make informed decisions during user onboarding and transactions.

Understanding Identity Risk Scoring

Identity risk scoring involves evaluating various data points related to an individual's identity to generate a numerical score that indicates the likelihood of fraudulent activity or non-compliance. This score is dynamic and can incorporate a multitude of factors, ranging from basic identity attributes to behavioral patterns and historical data.

What Factors Contribute to an Identity Risk Score?

A reliable identity risk scoring API considers numerous inputs to construct a comprehensive risk profile. These can include:

  • Identity Document Verification: Authenticity checks on government-issued IDs like passports and driver's licenses, including liveness detection for selfie comparisons.
  • Data Consistency Checks: Cross-referencing provided information (name, address, date of birth) against multiple authoritative data sources to identify discrepancies.
  • Sanctions and PEP Screening: Checking against global watchlists for sanctioned individuals or politically exposed persons (PEPs).
  • Address Verification: Confirming the validity and existence of a provided address, often using utility bills or public records (proof of address, PoA).
  • Email and Phone Verification: Assessing the age, reputation, and activity associated with contact details.
  • Behavioral Biometrics: Analyzing user interaction patterns (typing speed, mouse movements) during the onboarding process to detect anomalies.
  • Device Fingerprinting: Identifying unique device attributes to detect suspicious devices or those associated with past fraudulent activity.
  • Geospatial Analysis: Comparing the user's reported location with IP address data.

The Role of Real-Time Processing

For many applications, particularly in financial services, gaming, or e-commerce, real-time risk assessment is critical. Waiting for manual reviews can lead to poor user experiences, lost conversions, and increased exposure to fraud. A real-time identity risk scoring API allows businesses to:

  • Automate Decisions: Instantly approve, deny, or flag transactions/onboardings for further review.
  • Improve User Experience: Reduce friction for legitimate users by offering instant verification.
  • Mitigate Fraud Immediately: Block suspicious activities before they cause financial damage.
  • Optimize Resource Allocation: Focus human review efforts on truly high-risk cases.

Integrating an Identity Risk Scoring API: A Developer's Workflow

Integrating an identity risk scoring API typically follows a structured approach, allowing developers to embed capable fraud and compliance checks directly into their application workflows.

1. API Key and Authentication

First, you'll need an API key and understand the authentication mechanism, usually an API key sent in the header or as a query parameter. For instance, Didit uses an Authorization header with a bearer token.

2. Data Collection and Preparation

Gather the necessary user data from your application's frontend or backend. This might include:

  • Personal details: firstName, lastName, dateOfBirth, address, email, phoneNumber
  • Identity document details: documentType, documentNumber, issueDate, expiryDate, countryOfIssuance
  • Images: documentFrontImage, documentBackImage, selfieImage
  • Contextual data: ipAddress, deviceFingerprint

Ensure data is correctly formatted according to the API's specifications. Often, identity document images are sent as base64 encoded strings or direct file uploads.

3. Making API Requests

Send a POST request to the identity risk scoring API endpoint. The request body will contain the collected user data. Here's a conceptual example using a JSON payload:

{
  "customer_id": "user_abc123",
  "first_name": "Jane",
  "last_name": "Doe",
  "dob": "1990-01-15",
  "address": {
    "street": "123 Main St",
    "city": "Anytown",
    "state": "CA",
    "zip": "90210",
    "country": "US"
  },
  "email": "jane.doe@example.com",
  "phone_number": "+15551234567",
  "document_verification": {
    "document_type": "PASSPORT",
    "document_front_image": "data:image/jpeg;base64,...",
    "selfie_image": "data:image/jpeg;base64,..."
  },
  "ip_address": "203.0.113.45",
  "transaction_context": {
    "amount": 100.00,
    "currency": "USD"
  }
}

4. Processing API Responses

Upon receiving a response, parse the JSON payload. The response will typically include:

  • A risk_score (e.g., 0-100, where higher means higher risk).
  • A risk_level (e.g., LOW, MEDIUM, HIGH).
  • Detailed checks or flags indicating specific findings (e.g., DOCUMENT_EXPIRED, SANCTIONS_MATCH, ADDRESS_MISMATCH).
  • A recommendation (e.g., APPROVE, REVIEW, REJECT).
{
  "status": "success",
  "verification_id": "didit_check_xyz789",
  "risk_score": 75,
  "risk_level": "HIGH",
  "recommendation": "REVIEW",
  "checks": [
    {
      "type": "DOCUMENT_AUTHENTICITY",
      "status": "PASS",
      "details": "Document appears authentic"
    },
    {
      "type": "LIVENESS",
      "status": "PASS",
      "details": "Liveness detected"
    },
    {
      "type": "SANCTIONS_SCREENING",
      "status": "FLAGGED",
      "details": "Potential match found on OFAC list"
    },
    {
      "type": "ADDRESS_VERIFICATION",
      "status": "FAIL",
      "details": "Address not found in public records"
    }
  ],
  "metadata": {
    "timestamp": "2024-04-23T10:30:00Z"
  }
}

5. Implementing Decision Logic

Based on the risk_score, risk_level, and recommendation from the identity risk scoring API, your application's backend will execute appropriate actions:

  • Low Risk: Proceed with user onboarding or transaction.
  • Medium Risk: Route to a manual review queue, request additional documentation, or apply step-up authentication.
  • High Risk: Immediately block the user/transaction and potentially generate a SAR (suspicious activity report) if required by regulations.

Best Practices for Using an Identity Risk Scoring API

To maximize the effectiveness of your identity risk scoring API integration:

  • Define Clear Risk Thresholds: Work with compliance and fraud teams to establish what scores correspond to LOW, MEDIUM, and HIGH risk for your specific business context.
  • Implement Fallback Mechanisms: What happens if the API is temporarily unavailable? Ensure your system can gracefully handle failures.
  • Monitor and Iterate: Regularly review the performance of your risk scoring model. Are you catching fraud effectively? Are you rejecting too many legitimate users? Adjust your thresholds and data inputs as needed.
  • Secure API Keys: Treat API keys as sensitive credentials. Store them securely (e.g., environment variables, secret management services) and avoid embedding them directly in client-side code.
  • Handle Data Privacy: Ensure all data collected and sent to the API complies with relevant data protection regulations (e.g., GDPR, CCPA). Only collect data essential for the risk assessment.
  • Leverage Webhooks: If the API offers webhooks, use them for asynchronous updates, especially for checks that might take longer (e.g., extensive background checks).

Didit's Approach to Identity Risk Scoring

Didit provides infrastructure for identity and fraud, offering a capable identity risk scoring API that integrates smoothly into your existing workflows. Our platform consolidates over 1,000 data sources and leverages an open marketplace of modules to provide comprehensive risk assessments across 220+ countries and territories, supporting 14,000+ document types and 48+ languages.

Our API returns a precise risk score and detailed insights, allowing you to make automated, real-time decisions for user verification (Know Your Customer / KYC, Know Your Business / KYB) and fraud prevention (Transaction Monitoring, Wallet Screening / KYT (Know Your Transaction)). Whether you need to authenticate a user, verify their identity, or monitor their transactions, Didit's identity risk scoring API provides the necessary intelligence.

Integration can be achieved in as little as 5 minutes. Didit operates on a public pay-per-use pricing model with no minimums, and we offer 500 free checks every month to get you started. A full identity verification, including risk scoring, starts from just $0.30.

Didit is SOC 2 Type 1 and ISO/IEC 27001 certified, and our iBeta Level 1 PAD attestation ensures reliable liveness detection. We are also the only provider formally attested by an EU member-state government (Spain's Tesoro / SEPBLAC / CNMV) as safer than in-person verification, underscoring our commitment to security and compliance.

Key Takeaways

  • An identity risk scoring API is crucial for real-time fraud prevention and compliance adherence.
  • It aggregates data from multiple sources to provide a comprehensive risk assessment.
  • Integration involves API key management, data preparation, making requests, and processing responses.
  • Effective implementation requires clear risk thresholds, fallback mechanisms, continuous monitoring, and strict data privacy.
  • Didit offers a reliable identity risk scoring API as part of its identity and fraud infrastructure, featuring fast integration, transparent pricing, and extensive global coverage.

Frequently Asked Questions

What is identity risk scoring?

Identity risk scoring is the process of evaluating various data points associated with an individual's identity to generate a numerical score that predicts the likelihood of fraudulent activity or non-compliance.

How does a real-time identity risk scoring API benefit my business?

It enables instant decision-making for user onboarding and transactions, reduces manual review queues, improves user experience by minimizing friction for legitimate users, and immediately mitigates fraud risks.

What data do I need to send to an identity risk scoring API?

You typically send personal details (name, address, DOB), identity document information (type, number, images), contact details (email, phone), and contextual data like IP address or device fingerprints.

Is an identity risk scoring API compliant with regulations like KYC and AML?

Yes, a good identity risk scoring API is designed to support KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance by providing the necessary checks for sanctions, PEP (politically exposed person) screening, document verification, and data consistency.

How quickly can I integrate Didit's identity risk scoring API?

Didit is designed for rapid integration, typically taking as little as 5 minutes to get started with our API. Our comprehensive documentation and SDKs facilitate a smooth developer experience.

Get started with Didit

Didit is infrastructure for identity and fraud — one API, public pay-per-use pricing, and 500 free verifications every month. Add User Verification to your flow and integrate in 5 minutes.

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page
Identity Risk Scoring API: A Developer's Guide to Implementation