Order Risk

Order risks show the results of fraud checks that have been completed on an order. They appear in the Fraud analysis section of an order's details page in the Shopify admin.

The fraud analysis from your app shows each of the resulting messages from the order risks that your app has completed. It also shows the overall risk level for the order, which is determined by the order risk with the most severe recommendation. When determining an order's risk level, Shopify takes into account only those order risks that have the display property set to true.

What you can do with Order Risk

The Shopify API lets you do the following with the Order Risk resource. More detailed versions of these general actions may be available:

Order Risk properties

cause_cancel
"cause_cancel": false

Whether this order risk is severe enough to force the cancellation of the order. If true, then this order risk is included in the Order canceled message that's shown on the details page of the canceled order.

Note: Setting this property to true does not cancel the order. Use this property only if your app automatically cancels the order using the Order resource. If your app doesn't automatically cancel orders based on order risks, then leave this property set to false.

display
"display": true

Whether the order risk is displayed on the order details page in the Shopify admin. If false, then this order risk is ignored when Shopify determines your app's overall risk level for the order.

This property can't be changed after an order risk is created.

id
"id": 284138680

A unique numeric identifier for the order risk.

message
"message": "This order came from an anonymous proxy."

The message that's displayed to the merchant to indicate the results of the fraud check. The message is displayed only if display is set totrue.

order_id
"order_id": 450789469

The ID of the order that the order risk belongs to.

recommendation
"recommendation": "cancel"

The recommended action given to the merchant. Valid values:

  • cancel: There is a high level of risk that this order is fraudulent. The merchant should cancel the order.
  • investigate: There is a medium level of risk that this order is fraudulent. The merchant should investigate the order.
  • accept: There is a low level of risk that this order is fraudulent. The order risk found no indication of fraud.

score
"score": 1.0

For internal use only. A number between 0 and 1 that's assigned to the order. The closer the score is to 1, the more likely it is that the order is fraudulent.

source
"source": "External"

The source of the order risk.

Endpoints

POST /admin/orders/450789469/risks.json
Creates an order risk for an order

Create an order risk showing a fraud risk for proxy detection

POST /admin/orders/#{order_id}/risks.json
{
  "risk": {
    "message": "This order came from an anonymous proxy",
    "recommendation": "cancel",
    "score": 1.0,
    "source": "External",
    "cause_cancel": true,
    "display": true
  }
}
View Response
HTTP/1.1 201 Created
{
  "risk": {
    "id": 700140151,
    "order_id": 450789469,
    "checkout_id": 901414060,
    "source": "External",
    "score": "1.0",
    "recommendation": "cancel",
    "display": true,
    "cause_cancel": true,
    "message": "This order came from an anonymous proxy",
    "merchant_message": "This order came from an anonymous proxy"
  }
}
GET /admin/orders/450789469/risks.json
Retrieves a list of all order risks for an order

Retrieve all order risks for an order

GET /admin/orders/#{order_id}/risks.json
View Response
HTTP/1.1 200 OK
{
  "risks": [
    {
      "id": 284138680,
      "order_id": 450789469,
      "checkout_id": null,
      "source": "External",
      "score": "1.0",
      "recommendation": "cancel",
      "display": true,
      "cause_cancel": true,
      "message": "This order was placed from a proxy IP",
      "merchant_message": "This order was placed from a proxy IP"
    },
    {
      "id": 700140152,
      "order_id": 450789469,
      "checkout_id": 901414060,
      "source": "External",
      "score": "1.0",
      "recommendation": "cancel",
      "display": true,
      "cause_cancel": true,
      "message": "This order came from an anonymous proxy",
      "merchant_message": "This order came from an anonymous proxy"
    }
  ]
}
GET /admin/orders/450789469/risks/284138680.json
Retrieves a single order risk by its ID

Retrieve a single order risk

GET /admin/orders/#{order_id}/risks/#{risk_id}.json
View Response
HTTP/1.1 200 OK
{
  "risk": {
    "id": 284138680,
    "order_id": 450789469,
    "checkout_id": null,
    "source": "External",
    "score": "1.0",
    "recommendation": "cancel",
    "display": true,
    "cause_cancel": true,
    "message": "This order was placed from a proxy IP",
    "merchant_message": "This order was placed from a proxy IP"
  }
}
PUT /admin/orders/450789469/risks/284138680.json
Updates an order risk

Update an existing order risk for an order

PUT /admin/orders/#{order_id}/risks/#{risk_id}.json
{
  "risk": {
    "id": 284138680,
    "message": "After further review, this is a legitimate order",
    "recommendation": "accept",
    "source": "External",
    "cause_cancel": false,
    "score": 0.0
  }
}
View Response
HTTP/1.1 200 OK
{
  "risk": {
    "id": 284138680,
    "order_id": 450789469,
    "checkout_id": null,
    "source": "External",
    "score": "0.0",
    "recommendation": "accept",
    "display": true,
    "cause_cancel": false,
    "message": "After further review, this is a legitimate order",
    "merchant_message": "After further review, this is a legitimate order"
  }
}
DELETE /admin/orders/450789469/risks/284138680.json
Deletes an order risk for an order

Delete an order risk for an order

DELETE /admin/orders/#{order_id}/risks/#{risk_id}.json
View Response
HTTP/1.1 200 OK
{
}