Risk.js SDK
Last updated: July 23, 2025
Version 2.3
The Risk.js SDK captures advanced fraud signals that are leveraged in our fraud-scoring machine-learning model for Fraud Detection.
Information
To enable access to the SDK, contact your account manager or request support.
For more information, see Integrate with Risk SDK.
Generate a public API key from your Dashboard.
- Import the SDK.
- Initialize the SDK.
- Publish the device data.
- Allow Content Security Policies.
- Attach the
risk.js
script tag to your Checkout.com page:
1<script2id="risk-js" defer3src="https://risk.sandbox.checkout.com/cdn/risk/2.3/risk.js"4integrity="sha384-ZGdiIppkJzwran7Bjk0sUZy5z1mZGpR/MJx7LC0xCTyFE2sBpPFeLu4r15yGVei6"5crossorigin="anonymous"6></script>
- Wait for the script to load and then use Risk.js:
1const script = document.getElementById('risk-js');23script.addEventListener('load', () => {4// Use Risk.js here5});
Before the customer selects Pay, initialize Risk.js using your public API key:
1const risk = await window.Risk.create("pk_XXXX");
- Publish the device data and retrieve the
deviceSessionId
:
1const deviceSessionId = await risk.publishRiskData(); // dsid_XXXX
Note
The data collection session expires if you do not perform a payment request within 20 minutes after the deviceSessionId
is issued.
Forward the
deviceSessionId
to your back-end server.When you call the Request a payment or payout endpoint, include the
deviceSessionId
in therisk
object:
1{2"source": {3"type": "card",4"number": "4242424242424242",5"expiry_month": "6",6"expiry_year": "2024",7"name": "John Smith"8},9"amount": "100",10"currency": "USD",11"risk": {12"device_session_id": "dsid_ipsmclhxwq72phhr32iwfvrflm"13},14"customer": {15"email": "[email protected]"16},17"reference": "order_1234",18"shipping": {19"address": {20"address_line1": "123 Anywhere St.",21"city": "Anytown",22"zip": "123456",23"country": "US"24}25},26"payment_ip": "10.3.1.1",27"metadata": {28"coupon_code": 123429}30}
If your website has Content Security Policy (CSP) headers set up, allow the following directives:
1script-src [...] https://risk.sandbox.checkout.com;2connect-src [...] https://fpjs.sandbox.checkout.com https://fpjscache.sandbox.checkout.com;3frame-src [...] https://risk.sandbox.checkout.com;