Risk.js SDK

Last updated: July 23, 2025

Version 2.3

The Risk.js SDK supports th Fraud Detection solution by capturing advanced fraud signals that are leveraged in Checkout.com's machine learning model for risk scores.

Information

To enable access to the SDK, contact your account manager or request support.

For more information, see Integrate with Risk SDK.

Generate a public API key from your Dashboard.

Import the SDK.
Initialize the SDK.
Publish the device data.
Allow Content Security Policies.

Attach the risk.js script tag to your Checkout.com page:


1<script
2  id="risk-js" defer
3  src="https://risk.sandbox.checkout.com/cdn/risk/2.3/risk.js"
4  integrity="sha384-ZGdiIppkJzwran7Bjk0sUZy5z1mZGpR/MJx7LC0xCTyFE2sBpPFeLu4r15yGVei6"
5  crossorigin="anonymous"
6></script>


1<script
2  id="risk-js" defer
3  src="https://risk.checkout.com/cdn/risk/2.3/risk.js"
4  integrity="sha384-5MxwBLDYNCSe1Hu+REgSSz12/VIydFkxhDdiodk/dc+QMD3hr1dmn+fbHOZ4g9cB"
5  crossorigin="anonymous"
6></script>

Wait for the script to load and then use Risk.js:


1const script = document.getElementById('risk-js');
2
3script.addEventListener('load', () => {
4  // Use Risk.js here
5});

Before the customer selects Pay, initialize Risk.js using your public API key:


1const risk = await window.Risk.create("pk_XXXX");

Publish the device data and retrieve the deviceSessionId:


1const deviceSessionId = await risk.publishRiskData(); // dsid_XXXX

Note

The data collection session expires if you do not perform a payment request within 20 minutes after the deviceSessionId is issued.

Forward the deviceSessionId to your back-end server.
When you call the Request a payment or payout endpoint, include the deviceSessionId in the risk object:


1{
2  "source": {
3    "type": "card",
4    "number": "4242424242424242",
5    "expiry_month": "6",
6    "expiry_year": "2024",
7    "name": "John Smith"
8  },
9  "amount": "100",
10  "currency": "USD",
11  "risk": {
12    "device_session_id": "dsid_ipsmclhxwq72phhr32iwfvrflm"
13  },
14  "customer": {
15    "email": "[email protected]"
16  },
17  "reference": "order_1234",
18  "shipping": {
19    "address": {
20      "address_line1": "123 Anywhere St.",
21      "city": "Anytown",
22      "zip": "123456",
23      "country": "US"
24    }
25  },
26  "payment_ip": "10.3.1.1",
27  "metadata": {
28    "coupon_code": 1234
29  }
30}

If your website has Content Security Policy (CSP) headers set up, allow the following directives:


1script-src [...] https://risk.sandbox.checkout.com;
2connect-src [...] https://fpjs.sandbox.checkout.com https://fpjscache.sandbox.checkout.com;
3frame-src [...] https://risk.sandbox.checkout.com;


1script-src [...] https://risk.checkout.com;
2connect-src [...] https://fpjs.checkout.com https://fpjscache.checkout.com;
3frame-src [...] https://risk.checkout.com;

Risk.js SDK

Information

Before you begin

How it works

Import the SDK

Initialize the SDK

Publish the device data

Note

Request example

Allow Content Security Policies