Sardine Processor API
Overview
Contact your Highnote Implementation Manager to enable Sardine Processor Model integration.
Highnote supports a bring-your-own Sardine integration model. Under this approach, you maintain full ownership and management of your Sardine account while allowing Highnote to access your onboarding risk scores. To enable this parent-child relationship, you must have an active Sardine account and integration. This setup grants Highnote the necessary permissions to act on behalf of your Sardine account for risk evaluation purposes.
Sardine application process
The application process with the Sardine Processor is asynchronous and does not block the applicant from seeing the Application Submission Screen.
The sequence of steps for evaluating an application with Sardine is as follows:
- Card Applicant: Submit Application
- Subscriber Frontend: Initialize Onboarding Flow
- Subscriber Backend: Generate Risk Client Token
- Subscriber Frontend: Initialize Sardine SDK
- Subscriber Frontend: Create Account Holder
- Subscriber Backend: Create US Person Account Holder
- Highnote: Evaluate Account Holder information
- Subscriber Backend: Create Account Holder Card Product Application
- Highnote: Assess Onboarding Evaluation Signals and Risk
Generate risk client token
Generate a client token to create an account holder and associated application with the Highnote GraphQL API.
GenerateRiskClientToken
Query
mutation GenerateRiskClientToken($input: GenerateRiskClientTokenInput!) {
generateRiskClientToken(input: $input) {
__typename
... on ClientToken {
value
expirationDate
}
... on UserError {
errors {
__typename
code
description
errorPath
}
}
... on AccessDeniedError {
message
}
}
}
Variables
{ "input": { "sessionId": "497dcba3-ecbf-4587-a2dd-5eb0665e6880" } }
Result
{
"data": {
"generateRiskClientToken": {
"__typename": "ClientToken",
"value": "encoded-client-token",
"expirationDate": "2025-06-28T00:33:00.472Z"
}
},
"extensions": {
"requestId": "acbe108a-f4f7-90cb-b56b-d87b02ac568c",
"rateLimit": {
"cost": 11
}
}
}
Simulate risk level
Using simulated values for Account Holders may result in different application outcomes based on verification of the applicant's identity. See Simulate Application Review for more information.
You can trigger varying fraud risk levels using the Person Account Holder's email or the email of the Primary Authorized Person for a Business Account Holder.
Highnote will move the application to APPROVED or IN_REVIEW based on the assessed fraud risk level and verification of the applicant's identity.
| Risk | Application Status | |
|---|---|---|
low-risk@test.com | LOW | APPROVED |
medium-risk@test.com | MEDIUM | IN_REVIEW |
high-risk@test.com | HIGH | IN_REVIEW |
very-high-risk@test.com | VERY HIGH | IN_REVIEW |
Lookup risk scores
Given an application ID, the following query retrieves identity risk scores for a card product application.
Results show both the overall account holder risk scores and the specific verification-level risk scores.
nodeAccountHolderCardProductApplicationWithIdentityRiskScores
Query
query nodeAccountHolderCardProductApplicationWithIdentityRiskScores($id: ID!) {
node(id: $id) {
... on AccountHolderCardProductApplication {
__typename
applicationState {
status
}
accountHolderSnapshot {
... on USPersonAccountHolderSnapshot {
__typename
name {
givenName
familyName
}
billingAddress {
streetAddress
locality
postalCode
countryCodeAlpha3
}
currentVerification {
status
reason
riskScores {
... on AccountHolderRiskScore {
id
identityRiskScores {
__typename
riskLevel
determinedAt
... on SardineIdentityRiskScore {
sessionKey
}
}
}
}
results {
code
description
}
}
}
}
}
}
}
Variables
{
"id": "ap_22pgpm578c5f9b43754b809afda0f93e51d13d"
}
Result
{
"data": {
"node": {
"__typename": "AccountHolderCardProductApplication",
"applicationState": {
"status": "APPROVED"
},
"accountHolderSnapshot": {
"accountHolderCurrent": {
"__typename": "USPersonAccountHolder",
"riskScores": {
"id": "riire_293749adf1c041dd9a86f9991faaseed",
"identityRiskScores": [
{
"__typename": "SardineIdentityRiskScore",
"riskLevel": "MEDIUM",
"determinedAt": "2025-10-29T21:18:18.329Z",
"sessionKey": "seed686205984eb49f5cea8b324f4321"
}
]
}
},
"name": {
"givenName": "Seed",
"familyName": "Customer"
},
"billingAddress": {
"streetAddress": "1 Market Street",
"locality": "San Francisco",
"postalCode": "94112",
"countryCodeAlpha3": "USA"
},
"currentVerification": {
"status": "PASSED",
"reason": "PASSED",
"riskScores": {
"id": "riire_293749adf1c041dd9a86f9991faaseed",
"identityRiskScores": [
{
"__typename": "SardineIdentityRiskScore",
"riskLevel": "MEDIUM",
"determinedAt": "2025-09-30T21:07:17.060Z",
"sessionKey": "seed686205984eb49f5cea8b324f4321"
}
]
},
"results": [
{
"code": "ADDRESS_MATCH",
"description": "ADDRESS_MATCHED"
},
{
"code": "PHONE_MATCH",
"description": "PHONE_MATCH"
},
{
"code": "DOB_MATCH",
"description": "KYC_DOB_MATCH"
},
{
"code": "SSN_MATCH",
"description": "KYC_SSN_MATCH"
},
{
"code": "NAME_MATCH",
"description": "KYC_NAME_MATCH"
}
]
}
}
}
},
"extensions": {
"requestId": "84285c7f-5de5-9b34-98b4-89790d3fb961",
"rateLimit": {
"cost": 11
}
}
}