PHPackages                             riskified/php\_sdk - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. riskified/php\_sdk

ActiveLibrary[API Development](/categories/api)

riskified/php\_sdk
==================

Implementation of the Riskified API in php

v1.12.0(3w ago)7962.7k↓54.5%19[7 issues](https://github.com/Riskified/php_sdk/issues)[1 PRs](https://github.com/Riskified/php_sdk/pulls)1PHP

Since Apr 19Pushed 5d ago32 watchersCompare

[ Source](https://github.com/Riskified/php_sdk)[ Packagist](https://packagist.org/packages/riskified/php_sdk)[ RSS](/packages/riskified-php-sdk/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (10)Dependencies (2)Versions (37)Used By (1)

Riskified PHP SDK
=================

[](#riskified-php-sdk)

A PHP client for the [Riskified](https://www.riskified.com) API. It lets you send orders, checkouts and account/lifecycle events to Riskified for fraud and chargeback protection, and verify the decision notifications Riskified sends back to your application.

- **Current version:** v1.12.0
- **API version:** 2

For full API details, see the [Riskified API reference](https://developers.riskified.com/reference/api-overview).

Requirements
------------

[](#requirements)

- PHP &gt;= 7.0
- The `curl` and `json` PHP extensions

Installation
------------

[](#installation)

Install via [Composer](https://getcomposer.org):

```
composer require riskified/php_sdk
```

Getting started
---------------

[](#getting-started)

Initialize the SDK once with your shop domain and authentication token (both available in the Riskified web app under **Settings**), then build and submit an order.

See [`sample/order_simple_submit.php`](sample/order_simple_submit.php) for a complete working example.

### Environments

[](#environments)

`Riskified::init()` accepts an environment as its third argument:

ConstantTarget`Env::SANDBOX`Riskified sandbox (default)`Env::PROD`Riskified production`Env::DEV`Local development (`localhost`)### Validation modes

[](#validation-modes)

The fourth argument controls how strictly the SDK validates models before sending them:

ConstantBehavior`Validations::SKIP`No client-side validation`Validations::IGNORE_MISSING`Validate present fields, ignore missing (default)`Validations::ALL`Require all mandatory fieldsAvailable operations
--------------------

[](#available-operations)

The `Transport\CurlTransport` exposes a method per Riskified API endpoint, including:

- **Orders:** `createOrder`, `updateOrder`, `submitOrder`, `cancelOrder`, `refundOrder`, `fulfillOrder`, `decideOrder`, `chargebackOrder`, `sendHistoricalOrders`
- **Checkout:** `createCheckout`, `deniedCheckout`, `advise`, `checkout_decide`
- **Account &amp; lifecycle:** `login`, `logout`, `customerCreate`, `customerUpdate`, `verification`, `wishlistChanges`, `redeem`, `eligible`, `opt_in`

Decision notifications
----------------------

[](#decision-notifications)

Riskified sends decision notifications to a callback endpoint you configure. Use the `DecisionNotification\Model\Notification` class to verify the request signature and parse the payload. Pass an associative array of the request's HTTP headers (matching the format returned by [`getallheaders()`](https://www.php.net/manual/en/function.getallheaders.php)):

```
use Riskified\Common\Riskified;
use Riskified\Common\Signature;
use Riskified\DecisionNotification\Model;

Riskified::init('your-shop-domain.com', 'your-auth-token');

$signature = new Signature\HttpDataSignature();
$headers   = getallheaders();
$body      = file_get_contents('php://input');

$notification = new Model\Notification($signature, $headers, $body);

echo "Order #{$notification->id} -> {$notification->status}: {$notification->description}";
```

Development
-----------

[](#development)

Install dependencies and run the tooling via Composer:

```
composer install

composer lint           # check coding standards (PHP_CodeSniffer)
composer fix            # auto-fix coding standards (PHPCBF)
composer analyse        # run static analysis (PHPStan)
composer check          # lint + analyse

vendor/bin/phpunit      # run the test suite
```

Migrating to API Version 2
--------------------------

[](#migrating-to-api-version-2)

API Version 2 introduces new features (and breaks some old ones).

### Order Webhook

[](#order-webhook)

This version represents a shift from data-driven order handling to multiple API endpoints, each designed for a specific purpose. These include:

- `/api/create` - served by `$transport->createOrder()`
- `/api/update` - served by `$transport->updateOrder()`
- `/api/submit` - served by `$transport->submitOrder()`
- `/api/refund` - served by `$transport->refundOrder()`
- `/api/cancel` - served by `$transport->cancelOrder()`

Refer to the online [documentation](https://developers.riskified.com/reference/api-overview) for more details. When migrating from version 1, you'll need to separate the different calls to Riskified's API to support this new process.

### Decision Notifications

[](#decision-notifications-1)

#### Constructor `$headers` argument format

[](#constructor-headers-argument-format)

The format of the `$headers` argument when constructing a new `Riskified\DecisionNotification\Notification` instance has changed. The constructor now expects an associative array of all the HTTP headers of the request, and *not* a flat array of strings, as in previous versions of this SDK.

This change should simplify integration since the argument now follows the format of the return value of the popular PHP/Apache function [`getallheaders()`](https://www.php.net/manual/en/function.getallheaders.php).

#### API v2 payload format

[](#api-v2-payload-format)

Notification requests in API version 2 now contain a JSON encoded payload which is more flexible and easily extended.

If you are already using the `Notification` class in version 1, there are no additional actions required to support the migration to JSON, as this SDK handles the new data format seamlessly.

###  Health Score

61

—

FairBetter than 98% of packages

Maintenance77

Regular maintenance activity

Popularity47

Moderate usage in the ecosystem

Community31

Small or concentrated contributor base

Maturity75

Established project with proven stability

 Bus Factor3

3 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~148 days

Recently: every ~24 days

Total

26

Last Release

23d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/a272c5803082a9c38a70ce55c8d03b9e373c0120466f5192ce2309a5ae108a44?d=identicon)[dbriskified](/maintainers/dbriskified)

---

Top Contributors

[![rich-spitkovsky-riskified](https://avatars.githubusercontent.com/u/44982954?v=4)](https://github.com/rich-spitkovsky-riskified "rich-spitkovsky-riskified (43 commits)")[![arungopalRF](https://avatars.githubusercontent.com/u/36234947?v=4)](https://github.com/arungopalRF "arungopalRF (31 commits)")[![ErezSela](https://avatars.githubusercontent.com/u/13746084?v=4)](https://github.com/ErezSela "ErezSela (18 commits)")[![riskx](https://avatars.githubusercontent.com/u/2304872?v=4)](https://github.com/riskx "riskx (16 commits)")[![itaywaxman](https://avatars.githubusercontent.com/u/5214275?v=4)](https://github.com/itaywaxman "itaywaxman (13 commits)")[![dbarond](https://avatars.githubusercontent.com/u/8545107?v=4)](https://github.com/dbarond "dbarond (8 commits)")[![mooseriskified](https://avatars.githubusercontent.com/u/44244405?v=4)](https://github.com/mooseriskified "mooseriskified (7 commits)")[![pm-gm](https://avatars.githubusercontent.com/u/7585553?v=4)](https://github.com/pm-gm "pm-gm (5 commits)")[![bernardodemelo](https://avatars.githubusercontent.com/u/128500694?v=4)](https://github.com/bernardodemelo "bernardodemelo (5 commits)")[![chadsmithbhn](https://avatars.githubusercontent.com/u/64145399?v=4)](https://github.com/chadsmithbhn "chadsmithbhn (3 commits)")[![Gering112](https://avatars.githubusercontent.com/u/45523369?v=4)](https://github.com/Gering112 "Gering112 (3 commits)")[![bobmeow](https://avatars.githubusercontent.com/u/22312435?v=4)](https://github.com/bobmeow "bobmeow (3 commits)")[![diogoyaguas](https://avatars.githubusercontent.com/u/25355410?v=4)](https://github.com/diogoyaguas "diogoyaguas (3 commits)")[![DavidRibeiroRiskified](https://avatars.githubusercontent.com/u/232829535?v=4)](https://github.com/DavidRibeiroRiskified "DavidRibeiroRiskified (2 commits)")[![tomerparizer](https://avatars.githubusercontent.com/u/45538113?v=4)](https://github.com/tomerparizer "tomerparizer (2 commits)")[![jchiupro](https://avatars.githubusercontent.com/u/29709969?v=4)](https://github.com/jchiupro "jchiupro (1 commits)")[![bnayah](https://avatars.githubusercontent.com/u/13419001?v=4)](https://github.com/bnayah "bnayah (1 commits)")[![DoDSoftware](https://avatars.githubusercontent.com/u/8271955?v=4)](https://github.com/DoDSoftware "DoDSoftware (1 commits)")[![secops-automation-bot[bot]](https://avatars.githubusercontent.com/u/2846042?v=4)](https://github.com/secops-automation-bot[bot] "secops-automation-bot[bot] (1 commits)")[![stephenjwinn](https://avatars.githubusercontent.com/u/4694799?v=4)](https://github.com/stephenjwinn "stephenjwinn (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/riskified-php-sdk/health.svg)

```
[![Health](https://phpackages.com/badges/riskified-php-sdk/health.svg)](https://phpackages.com/packages/riskified-php-sdk)
```

###  Alternatives

[exsyst/swagger

A php library to manipulate Swagger specifications

35916.4M7](/packages/exsyst-swagger)[hubspot/api-client

Hubspot API client

24016.2M20](/packages/hubspot-api-client)[pocketmine/bedrock-protocol

An implementation of the Minecraft: Bedrock Edition protocol in PHP

172445.0k15](/packages/pocketmine-bedrock-protocol)[botman/driver-telegram

Telegram driver for BotMan

93459.5k6](/packages/botman-driver-telegram)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
