The Risk API 2.0 provides RESTful endpoints for financial technology companies and banks to monitor and manage risk. Currently, the API includes the Identity Verification Service (IVS) for verifying person and business entities and managing document workflows. Additional risk management services will be added to this API in future releases.
To process risk evaluations, you send customer and entity data via the API along with a specific Risk Service ID (riskServiceId) assigned to your program.
Base URL
For this API, use the tenanted URL that Galileo assigns you:
https://{corename}.risk.{env}.gpsrv.com/{service}/2.0/endpointName
corenameis the name of your core, as assigned by Galileo.envis the environment:cvfor client validation testing andpdfor production.servicerefers to the specific risk product you are calling (for example,ivsfor the Identity Verification Service).
Authentication
You must obtain API login credentials from Galileo. If you already have credentials for Program API, you can use those. Unlike the Program API and some other APIs, you pass your credentials in the request header as Authorization: Basic {token}, where {token} is base64-encoded apilogin:transkey.
Connectivity
The Risk API 2.0 does not have a dedicated connectivity endpoint. Basic credential validation and connectivity can be validated by calling Verify Customer endpoint and returning a successful response.
Requests and Responses
Risk API 2.0 utilizes RESTful conventions, which is a departure from the legacy Program API structure:
- Payloads — Both requests and responses must be formatted as standard JSON (application/json) instead of
x-www-form-urlencodedparameters. - Casing — Field names in the request bodies and response messages use standard camelCase formatting (e.g.,
ivsProfileId,customerType,systemTs) rather than snake_case.