# API-based Managed Risk

Use Managed Risk while retaining control over your interaction with connected accounts.

You can use Stripe APIs to integrate Managed Risk in your own website interface without providing embedded or hosted onboarding and Dashboard access. This allows you to offload the financial risk of unrecoverable negative balances to Stripe, while still controlling interactions with your connected accounts. These interactions include:

- Email communications
- Notification alerts
- Onboarding
- Authentication

## Responsibilities

Integrating Managed Risk without direct Stripe communication to your connected accounts requires you to assume the following responsibilities:

- **Merchant support**: You must provide support to your connected accounts regarding payments, payouts, and risk issues.
- **Communication systems**: Because we won’t email your users, you must build systems to receive Stripe webhooks and alert your users to complete required actions to resolve a risk intervention.

## Requirements

You must meet the following requirements to mitigate the risk associated with owning primary interactions with your connected accounts.

- Your user authentication (whether internally managed or 3P managed) must meet or exceed Stripe’s minimum requirements.
- You must have a history of very low account takeover rates.
- You must create an [allow-list of IP addresses](https://docs.stripe.com/keys.md#limit-api-secret-keys-ip-address) from which your servers will make API calls to Stripe.
- You must use [restricted access API keys](https://docs.stripe.com/keys.md#create-restricted-api-secret-key).

## Access the preview