The Magento Fraud Protection Extension by Riskified was developed to support a simple and efficient integration process using Magento’s backend infrastructure.
This guide provides an overview of the integration process as well as step-by-step instructions to complete it. Please note that you can also use the instructions provided within the integration management application to guide you through the steps of the integration. You will gain access to the integration management application after an account is created for you by an account executive and an invitation to activate your account will be sent to your inbox.
Technical integrations encompass development work in both the sandbox and production environments. After completing the technical requirements of the integration, the account’s settings will need to be finalized.
The main steps of the integration are:
- Technical integration with Riskified’s sandbox environment
- Validating the order data and flow
- Deploying to Riskified’s production environment
- Shadow Mode
- Account Settings
It is recommended that steps 1-3 be completed by a Developer, and step 4 be completed by the Account Owner.
Following this process, your account will be on hold while Riskified analytics and automation teams are building models and ensuring you receive the full benefits of the solution from the moment you begin submitting orders.
Integration Overview
The two main technical components required for full integration are the Riskified Magento extension and the notification endpoint. Through the extension, your shop will share with Riskified all order data, including user behavior and session data. The notification endpoint will allow you to automatically receive Riskified's order decision and to streamline the post-checkout for all your order flows.
Data Flow
Riskified’s Magento extension receives information from your system about every order placed on your store. However, you retain full control over which orders are actually submitted for review.
When an order is submitted for review, Riskified reviews it using machine learning models, elastic linking and data enrichment.
When a decision is made on a submitted order, Riskified notifies your store’s back-end via the notification endpoint. This notification can be used to trigger events in your system that will synchronize the order status with Riskified’s system and trigger post-decision processes.
Finally, Riskified is notified about the final status of the order, whether it is fulfilled, refunded, cancelled, or if a chargeback was incurred.
Integration Process - Development and testing
The Riskified Magento extension was developed to support a simple and efficient integration process. While it saves substantial development time, it does require significant attention and effort to complete testing and ensure the integration’s coverage answers your needs and order flows.
Before starting any work with the extension, we strongly recommend that you define your UAT (user acceptance testing) by mapping all your end-to-end use cases and order flows (gateways, sources etc). You can find more information about testing below.
Step-by-step instructions and tools are provided within the integration management application to guide you through the integration process.
Detailed instructions for every step are listed below.
Step 1: Installation and Configuration (Sandbox)
Action 1: Install the Riskified Extension
Riskified offers two extensions that support Magento version 2 -- Magento2 and Magento2new:
- Magento2 is installed via unzipping the code within your server environment.
- Magento2new can be installed this way but is also available to be installed via Composer.
Possible Installation Methods:
Installation Method | Supported Extension Version | Comments |
Un-zipping code from Github into your environment | Magento2, Magento2New | |
Composer | Magento2New | https://devdocs.magento.com/guides/v2.4/extension-dev-guide/intro/intro-composer.html |
You may install the extension by cloning the repository, downloading the ZIP file, or by using Composer - see options below:
Github installation instructions:
You can install Riskified's Magento2 extension by cloning the repository or downloading ZIP into the server code environment.
Go to Riskified Public Github and go to Magento2 repository, and click on "Code" - see screenshot:
Composer installation instructions:
Another option to install the Riskified Magento2new extension via Composer:
To use Composer, follow these steps in the command line:
1. composer config repositories.riskified-decider git git@github.com:Riskified/magento2new.git
2. composer require Riskified/magento2new dev-master
3. php bin/magento module:enable Riskified_Decider
4. php bin/magento setup:upgrade
Action 2: Configure the Riskified Extension
In this step, you will need to configure your Magento Sandbox environment so that it points to Riskified’s Sandbox, using your store credentials. This will allow you to send Riskified order data. You will not be able to proceed to steps 3 and 4 until it is successfully completed.
Click 'stores' to open the store panel:
Click 'configuration' to access different configurations for extensions:
Go to 'Riskified → Settings' to examine Riskified Configuration:
Riskified configuration:
Configure your Riskified credentials
Within Riskified's Integration Webapp, you will be provided with:
- Shop URL as recorded in Riskified’s system
- An authorization token
Go to your Magento Admin - Copy your shop URL and the Riskified authorization token into the Magento configuration settings (see screenshot below). Make sure you are set to the sandbox environment.
* This window will also later be used for synchronizing Riskified’s decisions with your Magento account.
* For further settings breakdown, please see here
Action 3: Set notification endpoint
In this step, you will set the designated URL that will receive Riskified’s decisions. Riskified sends notifications to the endpoint in order to allow you to integrate these decisions directly into your fulfillment and payment processing systems.
On Riskified's Integration Wizard go to 'Set sandbox notification endpoint' and configure it according to the following general URL format:
https://mymagentoshop.com/decider/response/get
Endpoint Test
Riskified will send a message with a fabricated order ID to the endpoint. If a code 200 response is received from your server, the test will be considered successful.
Click the “Test Endpoint” button to troubleshoot problems. If the test is successful, Riskified will save the endpoint. If the test fails, a log describing the error type will appear.
In case this test fails - Please check if the URL allows receiving requests. for further debugging please check your Magento logs which could be found at the following locations:
Transactional logs:
/var/log/riskified_decider.log
Logs for exceptions:
/var/log/exception.log
Action 4: Validate Order Data
In this step, you will be required to send several different orders to make sure the data in them is formatted properly in accordance with Riskified’s requirements.
Submitting Orders for Validation
Once you have successfully configured the Riskified extension, the data sent must be validated by Riskified to ensure there are no issues with its format, content, or structure. These orders should be a full representation of how you expect a person to check out in production. You can submit the orders to Riskified using the "Submit to Riskified" button on your Magento Admin. Once the orders are submitted, they will be created on Riskified's database.
Created orders will appear in the order validation table and be automatically scanned for data issues. Any issues found will appear in the table under the icon. To see the results for a specific order, click the red icon beside it.
To select an order from the table to be sent for manual validation, click the box beneath the word “Choose” appearing to its direct left. When you have finished selecting orders, click the “Validate” button. It is required that you send real order data as received by your system.
After requesting validation, the action status will automatically change to “Analysis in progress”. You will be unable to submit additional orders for validation until you receive a response from Riskified regarding those under review. Therefore, you should send orders from a variety of payment gateways, order flows, and product types to ensure complete validation.
Riskified will then analyze your submitted orders and provide you with feedback via email once the validation is complete. Below is a list of possible outcomes:
Issues found with your data: This means a problem with one or more submitted orders prevented a successful validation. In this case, you will be notified of the issues detected and informed of the changes necessary to format future orders in accordance with Riskified’s requirements. After implementing these changes, you must submit new, properly formatted, orders for validation.
Data Validation completed: This means that all orders submitted for review were validated, and there are no outstanding issues.
Action 5: Test order flow
This is one of the most important steps in the integration process. As a prerequisite, we recommend defining your UAT (user acceptance testing) by mapping all your order flows, so that every step is familiar and clear. As a general guideline, make sure you test an approved order as well as a declined order flow for each of your payment gateways and order sources.
Please see an example of a suggested order flow:
Order Status Sync
The Riskified ‘Order Status Sync’ feature allows you to sync your Magento status with Riskified’s decisions. Once enabled, orders being reviewed by Riskified (Processing) will be labeled “On Hold.” When Riskified decides on an order, the status will be updated accordingly in Magento.
The following Magento statuses correspond to stages in Riskified’s order review process:
- Orders submitted to Riskified will be labeled 'On Hold'
- Orders approved by Riskified will be labeled 'Processed'
- Orders declined by Riskified will be labeled 'Cancelled'
To enable this feature:
Make sure that your notifications endpoint is set up correctly
On your Magento Admin panel, click Riskified → Settings
Click on the arrow to expand > Change 'Order Status Sync' to 'Enable'
Auto Capture
The Riskified ‘Auto capture’ feature (Automatic Invoice creation) allows you to fully automate your order flow. Once enabled, an invoice will automatically be created when Riskified approves an order, and the funds captured. All orders declined by Riskified will be labeled as 'Cancelled'.
To enable this feature:
Before enabling ‘Auto Capture’, please ensure you have enabled Order Status Sync
(see instructions above)
On your Magento Admin panel, click Riskified → Settings
Under 'Automatic Invoice Creation' choose 'Yes' to enable the feature and make sure 'Capture Case' is set to 'Online Capture' (see animated gif below).
Simulating Riskified decisions
Riskified enables you to test your end-to-end order flow before setting up your production account. You can simulate “approve” or “decline” decisions and make sure post-decision processes work as expected.
Note: This test will only work after a notification endpoint has been set, and is only applicable on Sandbox.
Follow these steps to perform an end-to-end test:
Use your Magento Admin to submit an order to Riskified
Click either the "Approve" or "Decline" button in the Riskified integration management application. The order status will change accordingly and an email notification will be sent to your inbox (see screenshot below)
Check that the processes set to be triggered within your systems by an approve or decline decision work as expected
Once the testing process is completed, your account is ready to be moved to production. In the sandbox menu, click “Activate my production account” to continue the integration process in Riskified’s production environment.
Step 3: Production
Create your production account
In order to activate your production account, Riskified requires all users to set their production passwords. After completing step 1, the user will be prompted to set his or her password within the integration management application. All other users will receive an email inviting them to set their own password for their personal production login.
You will need to install the Riskified extension on your Production Magento environment, as you previously did in Sandbox.
Please repeat the same actions with the needed configuration settings:
- Environment
- Shop URL as recorded in Riskified’s system
- An authorization token
Configuration settings breakdown:
Setting Name |
Breakdown |
Module enabled |
Turning on the Riskified extension -- if disabled, Riskified will not be receiving order information |
Riskified environment |
Which environment will you be sending order data to -- Sandbox for test orders, Production for live orders |
Shop Domain & Auth Token |
Your store details provided by Riskified -- keep in mind that the shop domain is static regardless of the environment but the Auth Token needs to be re-configured when the Environment changes |
Order Status Sync |
Should be enabled for Riskified’s extension to automatically modify the status of the order with our decision. Default is enabled. |
Approved State & Status |
The state and status of your order when it has been approved by Riskified. The default state is “processing”; the Default status is “Approved (Riskified)” |
Declined State & Status |
The state and status of your order when it has been declined by Riskified. The default state is “canceled”; Default status is Canceled. Note: if an order’s state is canceled in Magento there can be no further action to this order. |
Auto-Invoice |
Creates an invoice for an order automatically when Riskified approves. Default is enabled. |
Debug Logs |
Writes logs for the extension as it runs for debugging purposes. Default is enabled. |
Step 4: Shadow Mode
Sending Real-Time Orders in Shadow Mode:
It is highly recommended to start sending your real-time production orders in shadow mode (capture mode) at this point. Sending orders in real-time should not interfere with any of your current flows - Riskified will not send any decisions on these orders until the integration process is completed.
Riskified requires five days of real-time data before going live, as this is the minimal time frame the automation and analytics teams need to analyze your data and build your customized automation models. The data will help in detecting any data issues with production orders well before going live when data issues cost time and money.
Technically, this can be done by disabling 'Order Status Sync' on your Magento admin.
Step 5: Set account
Only the account owner will be able to complete the actions in this step.
Action 1: Set users
Add the users to grant access to the Riskified management application, including respective roles. Please note that you can add users within this screen, but not configure their notification settings. Full user management capabilities will be available in your Riskified account after the integration is complete.
More information about User Roles and Permissions can be found here.
More information about multiple user management can be found here.
Action 2: Provide billing details
In this action, you will perform these 3 steps:
- Enter the billing information as you would like it to appear on your monthly invoice.
- Enter the email addresses where you would like to receive invoices from Riskified. This can be done by clicking “Add” on the bottom right-hand side of the screen.
- Enter the credit card you will be using to make payments to Riskified. This can be done by clicking “Add card” at the bottom left-hand side of the screen. Merchants who pay by other methods will be presented with their chosen method of payment.
Please note that all settings available here will continue to be available to you after the integration is complete.
Action 3: Read Chargeback Guarantee
In this action, you are required to read through a summary of Riskified’s chargeback guarantee.
This step should be performed by the Account Owner. You will be unable to complete the integration until certifying that you have read and understood its terms and conditions.
After completing these steps, click the “Click here to complete setup” button in the set account menu to finalize the integration.
This concludes the integration.
Important: Riskified is committed to ensuring you receive the full benefits of the integration from the moment your account is live. To that end, the status of your account will be “On hold” for up to five days after real-time data begins flowing to Riskified. Our automation and analytics teams use this time period to research and analyze your order data and build your customized automation models. You will be notified when this process is complete and you can begin submitting orders for review.
For additional information or for any questions, email integrations@riskified.com