# Riskified Riskified connects to Hyperswitch as a `FraudAndRiskManagementProvider`. It provides machine-learning-powered ecommerce fraud prevention with guaranteed real-time decisions. Like Signifyd, Riskified takes on chargeback liability for approved orders. Riskified is not a payment processor; it evaluates orders independently. ### Authentication Riskified uses `BodyKey` authentication — two credentials are required: a secret token for HMAC request signing, and a domain name that identifies your Riskified merchant account. | Credential | Description | | -------------------------- | -------------------------------------------------------------------------------------------------------------------- | | **Secret Token (API Key)** | Used to generate HMAC-SHA256 signatures on request bodies. Found in your Riskified merchant portal. | | **Domain Name (Key1)** | Your shop's domain as registered with Riskified (e.g. `yourshop.com`). Sent as the `X-RISKIFIED-SHOP-DOMAIN` header. | ### FRM Flows Riskified participates in the following Hyperswitch FRM flows: | Flow | Description | | ---------------- | ------------------------------------------------------------------------------- | | **Checkout** | Fraud evaluation at checkout, before payment is submitted | | **Transaction** | Post-authorization evaluation of a completed transaction | | **Fulfillment** | Signal to Riskified that an order has been fulfilled (triggers liability shift) | | **RecordReturn** | Notify Riskified of a return or refund on a previously approved order | ### Request Signing Every request to Riskified is signed with HMAC-SHA256 using the secret token. The signature is sent in the `X-RISKIFIED-HMAC-SHA256` header. Hyperswitch handles this signing automatically. ### Common Failure Modes **HMAC signature mismatch** Symptom: Riskified rejects requests with a 401 or signature error. Fix: Verify the Secret Token stored in Hyperswitch exactly matches the token in your Riskified merchant portal. Trailing whitespace or encoding differences will cause failures. **Domain not recognized** Symptom: Riskified returns a merchant not found error. Fix: Ensure the Domain Name (Key1) matches the domain registered in your Riskified account exactly, including subdomain and TLD. **Liability shift not applied** Symptom: Order approved but chargeback liability not shifted. Fix: Confirm the Fulfillment flow is triggered after shipment. Riskified requires a fulfillment notification to complete the liability transfer. *** ### Activating Riskified via Hyperswitch #### Prerequisites 1. A registered Riskified merchant account. Contact [riskified.com](https://www.riskified.com/) for onboarding. 2. A registered Hyperswitch account, accessible from the [Hyperswitch control center](https://app.hyperswitch.io/). 3. Secret Token and registered Domain Name from the Riskified merchant portal. [Steps to activate a connector on the Hyperswitch control center](/integrations/connectors-integrations/activate-connector-on-hyperswitch.md) *** Connector implementation: `crates/hyperswitch_connectors/src/connectors/riskified.rs`. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hyperswitch.io/integrations/connectors-integrations/fraud-providers/riskified.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.