Skip to main content
Version: 11.3.0

Custom Verification Steps

Custom Verification Steps let organizations insert their own verification logic into HYPR Affirm workflows alongside HYPR's built-in verification steps. A custom step is delivered as a single-page application (SPA) registered with Affirm; when the workflow executes the step, HYPR serves the registered SPA inside the verification flow, the SPA collects evidence and runs its own verification, and the step returns an outcome that drives the rest of the flow.

Available in 11.3

Custom Verification Step is available in HYPR 11.3 and later.

Configured via API in 11.3

In 11.3, custom steps are configured via the Code Customization API. The API surface, together with the Helpdesk activity log integration (see below), makes custom steps usable in production verification flows.

Tenant enablement

Custom Verification Steps require the Custom Step capability to be enabled on the tenant. Coordinate with your HYPR representative to enable it on your environment. The canonical flag identifiers are in the Feature Flags Reference.

How to deploy a custom step

Custom steps are configured via the Code Customization API. An organization builds the SPA, registers it with Affirm via the API, assigns a Content Security Policy (CSP) policy to it, and attaches it to a verification flow. A custom step requires a CSP policy assigned to it to execute.

For the full Code Customization API contract — endpoint URLs, request/response payloads, registration lifecycle, and CSP semantics — see Affirm Code Customizations and the HYPR Affirm API.

Helpdesk activity log integration

Custom steps appear in the Affirm Helpdesk activity log alongside built-in verification steps. Helpdesk agents can see when a custom step executed, what outcome it returned, and any metadata the SPA chose to surface.

Use cases

  • Organization-specific knowledge-based authentication (KBA) — present questions only your organization can ask, drawn from internal systems
  • Proprietary fraud-detection integration — call your in-house fraud system as a verification step, with its decision feeding the workflow outcome
  • Partner-provided verification services — embed a partner's specialty verification (e.g., utility-bill verification, postal address validation) as a workflow step
  • Custom compliance attestations — require the requester to acknowledge organization-specific compliance language as a tracked verification step

Observability

Custom-step outcomes are first-class verification results: they appear in the Activity Log, are emitted as Events, and are visible to Helpdesk agents. The custom step's pass/fail outcome contributes to the flow's overall outcome computation the same way built-in step outcomes do.