IMPORTANT UPDATE AUGUST 3, 2018:
These changes will go live for all shops on September 17, 2018.
On October 16th 2017, we'll be changing how we display fraud risk information on the order page in the Shopify admin. This will also impact how risk information is exposed in the Order Risks API.
Today, all order risks for an order are grouped together on the order page regardless of who generated the order risk. Going forward, order risks from Shopify and third-party apps will be displayed separately on the order page.
In regards to the Order Risks API, Shopify generated order risks with will be exposed as one single order risk with the Shopify recommendation. This means that the current behaviour of exposing multiple Shopify generated order risks will be discontinued. For example:
If you are using the Order Risks API to read Shopify’s order risks to parse out specific information, we advise that you make the appropriate adjustments since there will no longer be multiple Shopify generated orders risks exposed after October 16th.
The information used to create many of the current order risks is still available to you in other Shopify APIs, or from other sources. For example, the Orders API provides details of the order such as the customer browser IP address, and shipping and billing address. The Transactions API provides AVS and CVV results, and BIN/IIN for cards processed by Shopify Payments. See payment details section for more info about fields and how to interpret the information.
If you are currently using the Order Risks API to post order risks, no changes are required.
This is one step in our continuous investment in our fraud prevention platform. At a future date we will improve our API to better meet the current and future needs of our merchants. If you have any questions or would like to contribute with your thoughts in this area please comment in this thread below.
All the best,
We'd really appreciate it if either the Orders API could have a flag to identify orders with risks that recommend adverse action or if we could pull Order Risks in bulk rather than one order at a time.
We've implemented order risks import for our customers on sync so they can filter and act on their orders using rules inside our application.
While fetching risks one at a time works great up to 1000 orders, it introduces excessive delays beyond 1000 orders which have been found to exacerbate in some cases to 60 seconds an order when we hit rate limits and slow our request rates.
Are there any plans for such an improvement, or are there existing APIs available to pull order risks in bulk? Perhaps there is just missing documentation for such a feature?
Brent @ SKULabs
Thank you for reporting this. The new order risk entry you see is the one that represent Shopify's recommendation (as mentioned in the original post). We're currently rolling it out and identified the issue that you reported, and we are working on a fix.
However, I interpret your comment "... and in general the shape of the response has changed such that it's failing to validate against our schema." as if you may experience other issues as well. If so, could you please describe what they are.
Thanks in advance,
I didn't build the original code, so I'm not 100% sure what changed when. But we used to validate the Order Risk objects against this schema and they would pass validation:
id: Number! order_id: Number! score: String! recommendation: String! message: String merchant_message: String
Now they fail to validate against the schema, and instead I'm validating them against this:
id: Number order_id: Number! checkout_id: Number! score: String! recommendation: String! display: Boolean! cause_cancel: Boolean! message: String merchant_message: String
I've had to relax the required fields in some places, and added some new fields to accommodate new values we were not getting before. At first I thought maybe the API version had changed or something, but I didn't see any versioning in the docs.
Unfortunately this changed caused our app to break on shopify orders, so we spent a coupe of days unable to process orders until somebody noticed, alerted the dev team, and we were able to fix.
Apologies for how this has impacted you and your clients. We have now introduced a fix for this. It will also correct the problematic entries published in the past few days (since we started publishing this new order risk).
Since you relaxed the validation criteria to prevent the issue from impacting you our fix should not be noticable for you. But please let us know if you still experience issues now, or should you decide to revert your change.
We also saw order risks arrive with null `id` & `score` fields on Sept 15, but now everything looks good. Thanks for the quick fix.
Will the upcoming changes affect the `score` value? If individual risks' scores are currently measured on the 0-1 scale, will the same be true for the combined risk assessment? Can you also shed any light on how this single risk score will be used in calculating the "Low"-"Medium"-"High" overall risk for an order?
First of all, apologies for the slow response.
In short: We currently have no plans to support either of the described behaviours, but I understand your challenges and agree that things could be improved. Although I can’t promise that it will change anything for the foreseeable future I’d like to ask a few questions that will help me understand how different options would work in your case.
If you have time and prefer I’d be happy to have this conversation on phone. Let me know and I will get in contact to schedule something, or we can continue here.
The new order risk entry represent Shopify's overall fraud assessment that is powered by the machine learning algorithms a team of data scientist continiously improve on. The recommendation it carries is the same you will see on the order page and on other pages in Shopify where the risk recommendation is available. It will have a score value in the 0-1 range.
I'd also like to underline that when a merchant uses apps that provide order risks the "overall recommendation" in Shopify, e.g. seen on the order list page, is based on the highest/worst provided risk by Shopify/apps. This means it will be the highest of the Shopify recommendation (mentioned above) and any app-provided order risks.