افهم من أين يتصل المستخدمون واكتشف المخاطر المخفية

Integrate Didit identity verification into this project.

Didit is an all-in-one identity platform. Docs: https://docs.didit.me
Base URL: https://verification.didit.me/v3
Auth API: https://apx.didit.me/auth/v2


## Step 1: Get API credentials (no browser needed)

Register programmatically — 2 API calls:

POST https://apx.didit.me/auth/v2/programmatic/register/
Body: { "email": "dev@yourapp.com", "password": "SecurePass123!" }
→ Sends 6-char OTP to email

POST https://apx.didit.me/auth/v2/programmatic/verify-email/
Body: { "email": "dev@yourapp.com", "code": "ABC123" }
→ Returns { api_key, organization, application }

Or login if already registered:
POST https://apx.didit.me/auth/v2/programmatic/login/
Body: { "email": "...", "password": "..." }
→ Returns { access_token, refresh_token }

All subsequent API calls use: x-api-key: YOUR_API_KEY


## Step 2: Create a verification workflow

POST https://verification.didit.me/v3/workflows/
Headers: { "x-api-key": "YOUR_API_KEY", "content-type": "application/json" }
Body: {
  "name": "KYC Flow",
  "features": {
    "id_verification": true,
    "passive_liveness": true,
    "face_match": true,
    "aml_screening": false,
    "nfc": false,
    "ip_analysis": true,
    "phone_verification": false,
    "email_verification": false,
    "proof_of_address": false,
    "age_estimation": false,
    "database_validation": false,
    "questionnaire": false
  }
}
→ Returns { uuid: "workflow_id", ... }

Or list existing workflows: GET /v3/workflows/


## Step 3: Create verification sessions

POST https://verification.didit.me/v3/sessions/
Body: {
  "workflow_id": "WORKFLOW_ID",
  "vendor_data": "your-internal-user-id",
  "callback": "https://yourapp.com/api/didit/webhook"
}
→ Returns {
    session_id, session_token, session_number,
    url: "https://verify.didit.me/session/TOKEN"
  }

Redirect users to the url, or embed via SDK:
- Web: npm install @didit-protocol/sdk-web
- React Native: npx expo install @didit-protocol/sdk-react-native
- iOS: SPM github.com/didit-protocol/sdk-ios
- Android: me.didit:didit-sdk:3.2.0
- Flutter: flutter pub add didit_sdk


## Step 4: Get results

Option A — Webhook (recommended):
Configure callback URL. Didit sends POST with session data when status changes.
Verify webhook signature using your webhook secret (GET /v3/webhook/).

Option B — Poll:
GET https://verification.didit.me/v3/sessions/{session_id}/

Session statuses: Pending → In Progress → Approved | Declined | In Review | Expired

You can also: update status (PATCH /v3/sessions/{id}/status/),
generate PDF reports (POST /v3/sessions/{id}/generate-pdf/),
or delete sessions (DELETE /v3/sessions/{id}/).


## Standalone APIs (call individually without sessions)

POST /v3/id-verification/ — Submit document images, get OCR + authenticity
POST /v3/passive-liveness/ — Verify person is real from selfie
POST /v3/face-match/ — Compare two faces (similarity 0-100)
POST /v3/face-search/ — 1:N search against all approved sessions
POST /v3/age-estimation/ — Estimate age from face
POST /v3/aml-screening/ — Screen against 1,300+ watchlists
POST /v3/proof-of-address/ — Extract + validate address documents
POST /v3/database-validation/ — Government DB checks (18+ countries)
POST /v3/email/send/ + /v3/email/check/ — Email OTP
POST /v3/phone/send/ + /v3/phone/check/ — Phone OTP (SMS/WhatsApp)


## Pricing

Free core KYC: ID Verification + Passive Liveness + Face Match + IP Analysis (500 free/month)
Premium checks: Prepaid credits, no contracts, no minimums, credits never expire.
Details: https://didit.me/pricing


## Rate Limits

300 req/min per method, 600 session creations/min.
On 429: check Retry-After header.