The REST Admin API is a legacy API as of October 1, 2024. All apps and integrations should be built with the GraphQL Admin API. For details and migration steps, visit our migration guide.

Anchor to section titled 'undefined'

Order Risk

Requires orders access scope.

The Order Risk resource allows you to create, retrieve, update, and delete order risks. Order risks represent the results of fraud checks that have been completed for an order.

Usage notes

  • This resource is deprecated in version 2024-04. Please refer to the GraphQL api for Order#field-order-risk
  • When determining an order's risk level, Shopify takes into account only those order risks that have the display property set to true. Orders with a display set to false will not be returned through the Order Risk resource. It's not advised to create order risks with a display set to false. This property might be removed in future API versions.
  • Risk assessments will favor the most severe risk recommendation for an order. Keep this in mind when creating new order risks.
Was this section helpful?
#Endpoints
Anchor to section titled 'The Order Risk resource'

The Order Risk resource

Properties
cause_cancel
->recommendation
Whether this order risk is severe enough to force the cancellation of the order. If true, then this order risk is included in the Order canceled message that's shown on the details page of the canceled order.

Note: Setting this property to true does not cancel the order. Use this property only if your app automatically cancels the order using the Order resource. If your app doesn't automatically cancel orders based on order risks, then leave this property set to false.

checkout_id
deprecated
The ID of the checkout that the order risk belongs to.
display
deprecated
Whether the order risk is displayed on the order details page in the Shopify admin. If false, then this order risk is ignored when Shopify determines your app's overall risk level for the order.

It's not advised to create order risks with a display set to false.

id
deprecated
A unique numeric identifier for the order risk.
merchant_message
deprecated
The message that's displayed to the merchant to indicate the results of the fraud check. The message is displayed only if display is set totrue.
message
->description
The message that's displayed to the merchant to indicate the results of the fraud check. The message is displayed only if display is set totrue.
order_id
->id
The ID of the order that the order risk belongs to.
recommendation
->recommendation
The recommended action given to the merchant. Valid values:
score
string
->riskLevel
For internal use only. A number between 0 and 1 that's assigned to the order. The closer the score is to 1, the more likely it is that the order is fraudulent.
source
->provider
The source of the order risk.
Was this section helpful?
{}The Order Risk resource
{
  "cause_cancel": false,
  "checkout_id": 901414060,
  "display": true,
  "id": 284138680,
  "merchant_message": "This order came from an anonymous proxy.",
  "message": "This order came from an anonymous proxy.",
  "order_id": 450789469,
  "recommendation": "cancel",
  "score": "1.0",
  "source": "External"
}
Anchor to section titled 'POST request, Creates an order risk for an order'

post
Creates an order risk for an order

orderRiskAssessmentCreate
Creates an order risk for an order
Anchor to section titled 'Parameters of Creates an order risk for an order'

Parameters

api_version
string
required
order_id
string
required
Was this section helpful?
Anchor to section titled 'Examples of Creates an order risk for an order'

Examples

Path parameters
orderid=450789469
string
required
Was this section helpful?
post
/admin/api/2024-10/orders/450789469/risks.json
Copy
curl -d '{"risk":{"message":"This order came from an anonymous proxy","recommendation":"cancel","score":"1.0","source":"External","cause_cancel":true,"display":true}}' \
-X POST "https://your-development-store.myshopify.com/admin/api/2024-10/orders/450789469/risks.json" \
-H "X-Shopify-Access-Token: {access_token}" \
-H "Content-Type: application/json"
{}Response
JSON
HTTP/1.1 201 Created
{
  "risk": {
    "id": 1029151490,
    "order_id": 450789469,
    "checkout_id": 901414060,
    "source": "External",
    "score": "1.0",
    "recommendation": "cancel",
    "display": true,
    "cause_cancel": true,
    "message": "This order came from an anonymous proxy",
    "merchant_message": "This order came from an anonymous proxy"
  }
}
Anchor to section titled 'GET request, Retrieves a list of all order risks for an order'

get
Retrieves a list of all order risks for an order

order
Retrieves a list of all order risks for an order. Note: This endpoint implements pagination by using links that are provided in the response header. To learn more, refer to Make paginated requests to the REST Admin API.
Anchor to section titled 'Parameters of Retrieves a list of all order risks for an order'

Parameters

api_version
string
required
order_id
string
required
Was this section helpful?
Anchor to section titled 'Examples of Retrieves a list of all order risks for an order'

Examples

Path parameters
orderid=450789469
string
required
Was this section helpful?
get
/admin/api/2024-10/orders/450789469/risks.json
Copy
curl -X GET "https://your-development-store.myshopify.com/admin/api/2024-10/orders/450789469/risks.json" \
-H "X-Shopify-Access-Token: {access_token}"
{}Response
JSON
HTTP/1.1 200 OK
{
  "risks": [
    {
      "id": 284138680,
      "order_id": 450789469,
      "checkout_id": null,
      "source": "External",
      "score": "1.0",
      "recommendation": "cancel",
      "display": true,
      "cause_cancel": true,
      "message": "This order was placed from a proxy IP",
      "merchant_message": "This order was placed from a proxy IP"
    },
    {
      "id": 1029151489,
      "order_id": 450789469,
      "checkout_id": 901414060,
      "source": "External",
      "score": "1.0",
      "recommendation": "cancel",
      "display": true,
      "cause_cancel": true,
      "message": "This order came from an anonymous proxy",
      "merchant_message": "This order came from an anonymous proxy"
    }
  ]
}
Anchor to section titled 'GET request, Retrieves a single order risk by its ID'

get
Retrieves a single order risk by its ID
deprecated

Retrieves a single order risk by its ID
Anchor to section titled 'Parameters of Retrieves a single order risk by its ID'

Parameters

api_version
string
required
order_id
string
required
risk_id
string
required
Was this section helpful?
Anchor to section titled 'Examples of Retrieves a single order risk by its ID'

Examples

Was this section helpful?
get
/admin/api/2024-10/orders/450789469/risks/284138680.json
Copy
curl -X GET "https://your-development-store.myshopify.com/admin/api/2024-10/orders/450789469/risks/284138680.json" \
-H "X-Shopify-Access-Token: {access_token}"
{}Response
JSON
HTTP/1.1 200 OK
{
  "risk": {
    "id": 284138680,
    "order_id": 450789469,
    "checkout_id": null,
    "source": "External",
    "score": "1.0",
    "recommendation": "cancel",
    "display": true,
    "cause_cancel": true,
    "message": "This order was placed from a proxy IP",
    "merchant_message": "This order was placed from a proxy IP"
  }
}
Anchor to section titled 'PUT request, Updates an order risk'

put
Updates an order risk
deprecated

Updates an order risk


Anchor to section titled 'Parameters of Updates an order risk'

Parameters

api_version
string
required
order_id
string
required
risk_id
string
required
Was this section helpful?
Anchor to section titled 'Examples of Updates an order risk'

Examples

Was this section helpful?
put
/admin/api/2024-10/orders/450789469/risks/284138680.json
Copy
curl -d '{"risk":{"id":284138680,"message":"After further review, this is a legitimate order","recommendation":"accept","source":"External","cause_cancel":false,"score":"0.0"}}' \
-X PUT "https://your-development-store.myshopify.com/admin/api/2024-10/orders/450789469/risks/284138680.json" \
-H "X-Shopify-Access-Token: {access_token}" \
-H "Content-Type: application/json"
{}Response
JSON
HTTP/1.1 200 OK
{
  "risk": {
    "order_id": 450789469,
    "cause_cancel": false,
    "message": "After further review, this is a legitimate order",
    "recommendation": "accept",
    "score": "0.0",
    "source": "External",
    "id": 284138680,
    "checkout_id": null,
    "display": true,
    "merchant_message": "After further review, this is a legitimate order"
  }
}
Anchor to section titled 'DELETE request, Deletes an order risk for an order'

del
Deletes an order risk for an order
deprecated

Deletes an order risk for an order


Anchor to section titled 'Parameters of Deletes an order risk for an order'

Parameters

api_version
string
required
order_id
string
required
risk_id
string
required
Was this section helpful?
Anchor to section titled 'Examples of Deletes an order risk for an order'

Examples

Was this section helpful?
del
/admin/api/2024-10/orders/450789469/risks/284138680.json
Copy
curl -X DELETE "https://your-development-store.myshopify.com/admin/api/2024-10/orders/450789469/risks/284138680.json" \
-H "X-Shopify-Access-Token: {access_token}"
{}Response
JSON
HTTP/1.1 200 OK
{}