Skip to main content
BETA — SUBJECT TO CHANGE. This API is in beta and may change without notice.
Socure Digital Intelligence (DI) is a device and behavioural risk-assessment script that runs in the participant’s browser or app during your KYC form. It produces a short-lived session_token that you include in POST /v1/kyc/start.
Audience: developers (with a product-team section below). The session_token is optional but strongly recommended — it is the single most effective lever for keeping your REVIEW rate low and your instant-approval rate high.

Why it matters

Socure’s evaluation combines the identity data you submit (PII) with device and behavioural context. The DI signals are what tip borderline cases into a clear ACCEPT:
  • More participants approved instantly. Without DI signals, Socure has less confidence in legitimate participants, and more of them land in REVIEW.
  • Lower REVIEW rate. A REVIEW means onboarding isn’t finished — the participant must either upload a photo ID (DocV, which adds friction and drop-off) or wait for a manual review (hours to days). Every reduction in REVIEW is a direct conversion win.
  • Device-level fraud detection. DI also flags velocity abuse, bot patterns, and fraud rings, improving the quality of your participant population.
Omitting the session_token will not cause an evaluation to fail — but expect a higher false-REVIEW rate.

What data DI collects

DI collects non-PII device and session signals only. PII (name, SSN, address) is transmitted solely when you call POST /v1/kyc/start.
Signal typeExamples
Device fingerprintBrowser type/version, OS, screen resolution, fonts
Network signalsIP address, ASN, proxy/VPN detection
Behavioural signalsTyping cadence, form-interaction timing, pointer patterns
Session metadataSession duration, page-interaction sequence

Implementation

The DI sdk_key is provided by the Polymarket US onboarding team. It is a public key and safe to include in client-side code. Initialise DI when the KYC form page loads, then call getSessionToken() immediately before submitting the form. 
// 1. On KYC form page load — initialise early
import { Socure } from '@socure-inc/socure-sdk';
Socure.init(sdkKey);

// 2. Just before form submission — get the token
const sessionToken = await Socure.getSessionToken();

// 3. Include it in your KYC request
await fetch('https://api.preprod.polymarketexchange.com/v1/kyc/start', {
  method: 'POST',
  headers: { Authorization: `Bearer ${accessToken}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({
    external_id: 'your-internal-user-id-123',
    // ...other fields...
    session_token: sessionToken,
    ip_address: userIpAddress,
  }),
});
Call init() when the form page loads so the signal collection is spread across the participant’s time on the page. getSessionToken() typically completes in under 100ms.

Addressing product-team concerns

The DI script is hosted by Socure and loaded from sdk.socure.com. Load it only on your KYC form page(s) — not site-wide. It runs during the KYC flow and collects non-PII signals.
No. The DI session token is cryptographically tied to Socure’s own collection event; it cannot be replicated by forwarding equivalent data through another channel.
No. The script loads asynchronously and getSessionToken() typically returns in under 100ms. Initialising on page load spreads the work across the participant’s time on the page.

Next steps

Verification Flow

Submit the participant with the session_token and handle each outcome.

Overview

How the Socure-backed KYC process fits together.