$0.33 لإعداد المقترض، $0.02 لكل رسوم قسط، ومكافحة غسل الأموال المستمرة متضمنة. 500 عملية تحقق مجانية كل شهر, البيئة التجريبية جاهزة في 60 ثانية.
Robinhood Ventures
موثوق به من قبل أكثر من 2,000 مؤسسة حول العالم.
ما تدين به BNPL
خطة الشراء الآن والدفع لاحقًا (BNPL) ليست قرارًا واحدًا, بل هي تسلسل من القرارات. تقوم Didit بتقييم المقترض عند الدفع، وتسجل كل قسط في Transactions API، وتعيد فحص العقوبات أو حالات الأشخاص المعرضين سياسياً (PEP) تلقائيًا طوال مدة الخطة. $0.33 عند التقديم، $0.02 لكل قسط، مع تضمين AML المستمر. 500 عملية تحقق مجانية كل شهر.
اختر الفحوصات التي تريدها, الهوية، التحقق من الحياة، مطابقة الوجه، العقوبات، العنوان، العمر، الهاتف، البريد الإلكتروني، الأسئلة المخصصة. اسحبها إلى سير عمل في لوحة التحكم، أو انشر نفس سير العمل إلى API الخاص بنا. قم بإنشاء فروع بناءً على الشروط، وقم بإجراء اختبارات A/B، لا يتطلب أي كود.
ادمج بشكل أصلي مع Web, iOS, Android, React Native, أو Flutter SDK الخاص بنا. أعد التوجيه إلى صفحة مستضافة. أو ببساطة أرسل لمستخدمك رابطًا, عبر البريد الإلكتروني، الرسائل القصيرة، واتساب، أي مكان. اختر ما يناسب نظامك.
تستضيف Didit الكاميرا، إشارات الإضاءة، التسليم عبر الهاتف المحمول، وإمكانية الوصول. بينما يكون المستخدم في سير العمل، نقوم بتقييم أكثر من 200 إشارة احتيال في الوقت الفعلي والتحقق من كل حقل مقابل مصادر البيانات الموثوقة. النتيجة في أقل من ثانيتين.
تُبقي webhooks الموقعة في الوقت الفعلي قاعدة بياناتك متزامنة لحظة الموافقة على المستخدم، أو رفضه، أو إرساله للمراجعة. استعلم من API عند الطلب. أو افتح وحدة التحكم لفحص كل جلسة، كل إشارة، وإدارة الحالات بطريقتك.
Didit · BNPL onboarding
Step 3 / 5
Verify your identity
Didit · Device + IP
Didit · Ongoing AML + TM
Didit · Underwriting audit
Borrower
Underwriting
Didit · FPD signals
Didit · Cross-border BNPL
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"workflow_id": "wf_bnpl_apply",
"vendor_data": "borrower-42",
"metadata": { "plan_id": "plan-9182" }
}'{ يعيد عنوان URL لجلسة مستضافة. }$ curl -X POST https://verification.didit.me/v3/transactions/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"transaction_id": "plan-9182-inst-1",
"transaction_details": { "direction": "INBOUND", "amount": "125.00", "currency": "GBP", "currency_kind": "fiat" },
"subject": { "vendor_data": "borrower-42", "full_name": جيمي إكزامبل },
الطرف المقابل: { full_name: التاجر المحدودة }
}'{ الحالة APPROVED · IN_REVIEW · DECLINED · AWAITING_USER · $0.02 }You are integrating Didit into a Buy-Now-Pay-Later (BNPL) checkout flow — Klarna / Affirm / Clearpay / Tabby / Tamara / Kueski archetype. The recipe handles three obligations on every BNPL plan:
1. Verify the borrower at checkout — identity, liveness, face match, device + IP, AML against 1,300+ sanctions / PEP / adverse-media lists. ONE call to the Sessions API.
2. Log every instalment charge — Transaction Monitoring catches velocity, structuring, and chargeback patterns. ONE call to the Transactions API per instalment.
3. Continuous AML — the borrower is rescreened automatically across the lifetime of the plan. NO separate endpoint to call.
Cost:
- Borrower Know Your Customer (KYC) bundle: $0.33 per application (Sessions API)
- Transaction monitoring per instalment charge: $0.02 (Transactions API)
- Ongoing AML monitoring: $0.07 per user per year (automatic on any session with AML enabled)
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60s, no card).
- Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header and your webhook secret.
- A workflow_id from the Workflow Builder that bundles ID Verification + Passive Liveness + Face Match 1:1 + Device & IP Analysis + AML Screening.
- Transaction Monitoring enabled in the Business Console (Transactions > Settings).
STEP 1 — Underwrite the borrower at checkout
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with KYC + AML bundle>",
"vendor_data": "<your borrower id, max 256 chars>",
"callback": "https://<your-app>/bnpl/apply/callback",
"metadata": {
"purpose": "bnpl_application",
"plan_id": "<your internal plan reference>",
"merchant_id": "<merchant id>",
"principal_amount": "500.00",
"currency": "GBP"
}
}
Response: 201 Created with the hosted session URL. Embed the URL inline in the BNPL widget at checkout. Sub-2-second median verdict on completion.
STEP 2 — Read the signed webhook on application completion
Didit POSTs to your callback. Session statuses are Title Case With Spaces:
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your borrower id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"ip_analysis": { "status": "Approved" },
"aml": { "status": "Approved", "hits": [] }
}
Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.
On Approved + clean AML + acceptable Device & IP, approve the plan and schedule the instalments. On Declined or AML hit, decline. On In Review or AWAITING_USER, hold the plan and route to your underwriting analyst queue.
STEP 3 — Log every instalment charge
POST https://verification.didit.me/v3/transactions/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body (required fields verified live 2026-05-16):
{
"transaction_id": "<plan-id>-instalment-1",
"transaction_category": "finance",
"transaction_details": {
"direction": "INBOUND",
"amount": "125.00",
"currency": "GBP",
"currency_kind": "fiat",
"action_type": "deposit"
},
"subject": {
"entity_type": "individual",
"vendor_data": "<your borrower id>",
"full_name": "<borrower full name>"
},
"counterparty": {
"entity_type": "individual",
"full_name": "<merchant or BNPL settlement counterparty>"
}
}
REQUIRED fields the API rejects if missing:
- subject.vendor_data + subject.full_name
- counterparty.full_name
- transaction_details.direction + currency + currency_kind + amount
Response shape (excerpted from a real successful 201):
{
"uuid": "<server transaction uuid>",
"txn_id": "<your transaction_id echoed back>",
"status": "APPROVED",
"score": 0,
"severity": null,
"cost_breakdown": {
"total_price": 0.02,
"items": [{ "usage_type": "transaction_monitoring", "price": 0.02 }]
}
}
Transaction status enum (exact case, UPPER_SNAKE_CASE): APPROVED | IN_REVIEW | DECLINED | AWAITING_USER.
When a transaction enters AWAITING_USER, Didit creates a linked remediation session automatically and returns a verification URL on the response.
Per-instalment cost: $0.02 (transaction-monitoring base).
Branch logic:
APPROVED → charge the card / pull the bank transfer.
IN_REVIEW → hold the instalment, route to analyst queue.
DECLINED → hard-fail the instalment, mark the plan delinquent.
AWAITING_USER → redirect the borrower to the remediation session URL.
STEP 4 — Continuous AML monitoring is automatic
Any session with AML enabled is rescreened DAILY by Didit's continuous monitoring at $0.07 per user per year. There is NO separate endpoint to call.
When a previously-approved borrower crosses an AML threshold, the session status changes to "In Review" or "Declined" automatically and your webhook fires the update. Hold the remaining instalments and route the case to your collections / fraud team.
STEP 5 — Returning borrowers re-use the verified identity
When a borrower comes back for a second plan, open a new session against their existing vendor_data — Didit reuses the previously verified document and face match where policy allows, and you avoid paying for the full bundle again. Pair with Reusable KYC for the lightest path.
WEBHOOK EVENT NAMES
- Sessions: status changes flow through the standard session webhook.
- Transactions: transaction.created · transaction.updated · transaction.status.changed · transaction.alert.generated.
- Verify X-Signature-V2 on every payload.
CONSTRAINTS
- Session statuses use Title Case With Spaces (Approved, In Review). Transaction statuses use UPPER_SNAKE_CASE (APPROVED, IN_REVIEW). They live in different APIs — don't mix them in the same code path.
- Never approve a BNPL plan before the X-Signature-V2 webhook lands with status Approved + AML clear.
- 200+ fraud signals are evaluated on every session at no extra cost — surface the score via the session decision payload, don't re-query.
- Default record retention is 5 years post-relationship per the EU AML package; UK FCA rules and similar national rules sit on top.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/transaction-monitoring/overview
- https://docs.didit.me/transaction-monitoring/transactions
- https://docs.didit.me/core-technology/aml-screening/continuous-monitoring-aml-screening
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / شهر. لا يلزم بطاقة ائتمان.
ادفع فقط مقابل ما تستخدمه. أكثر من 25 وحدة. تسعير عام لكل وحدة، بدون رسوم شهرية دنيا.
اتفاقية خدمة رئيسية (MSA) واتفاقية مستوى الخدمة (SLA) مخصصة. للكميات الكبيرة والبرامج المنظمة.
ابدأ مجانًا ← ادفع فقط عند إجراء الفحص ← افتح Enterprise لعقد مخصص، أو SLA، أو إقامة البيانات.
Didit is infrastructure for identity and fraud, the platform we wished existed when we were building products ourselves: open, flexible, and developer-friendly, so it works as a real part of your stack instead of a black box you integrate around.
One API covers verifying people (KYC, know your customer), verifying businesses (KYB, know your business), screening crypto wallets (KYT, know your transaction), and monitoring transactions in real time, on a stack built to be:
The footprint underneath: 14,000+ document types in 48+ languages, 1,000+ data sources, and 200+ fraud signals on every session. The Didit infrastructure dynamically learns from every session and gets better every day.
BNPL lets a shopper take goods home today and pay for them in instalments, typically four payments over six weeks, sometimes longer plans with interest.
The industry shape:
The regulatory shift: BNPL used to sit in a soft-touch consumer-credit grey zone. As of 2025-2026, the UK FCA (Financial Conduct Authority) brings BNPL under formal regulation, the EU Consumer Credit Directive II (CCD II) extends to BNPL, and US state lenders apply existing licensing law. The compliance bar is now: real ID, real underwriting, real monitoring, real audit pack.
Because BNPL extends credit, not just processes a card.
Real identity verification (ID + face + AML) cuts first-payment default (FPD) at the source. The shopper presents a real document and a real face; Didit binds the application to a single human, not just a token.
The full flow normally takes under 30 seconds end-to-end, pick up the ID, snap the document, snap the selfie, done. That is the fastest in the market. Legacy KYC providers usually take more than 90 seconds for the same flow.
On the back end, Didit returns the result in under two seconds at p99, measured from the moment the user finishes the selfie to the moment your webhook fires. Mobile capture is tuned for slow phones and slow networks: progressive image compression, lazy software development kit load, and a one-tap hand-off from desktop to phone via QR code if the user starts on web.
Not anymore. The regulatory map circa 2026:
The shape of the compliance bar is the same in every region: verify the borrower, screen for sanctions and PEPs, monitor across the plan, keep a 5+ year audit trail. Didit ships that bar globally.
Every session lands on one of seven clear statuses, so your code always knows what to do:
Approved, every check passed. Move the user forward.Declined, one or more checks failed. You can allow the user to resubmit the specific failed step (for example, re-take the selfie) without re-running the whole flow.In Review, flagged for compliance review. Open the case in the console, see every signal, decide approve or decline.In Progress, user is mid-flow.Not Started, link sent, user has not opened it yet. Send a reminder if it sits too long.Abandoned, user opened the link but did not finish in time. Re-engage or expire.Expired, the session link aged out. Create a new session.A signed webhook fires on every status change, so your database always stays in sync. Abandoned and declined sessions are free.
Production data is processed and stored in the European Union by default, on Amazon Web Services. Enterprise contracts can request alternative regions for jurisdictions whose regulators require it.
Encryption everywhere. AES-256 at rest across every database, object store, and backup. Transport Layer Security 1.3 in transit on every API call, webhook, and Business Console session. Biometric data is encrypted under a separate Customer Master Key.
Retention is yours to control. Default retention is indefinite (unlimited) unless you configure shorter, between 30 days and 10 years per application, and you can delete any individual session at any time from the dashboard or the API.
Certifications: SOC 2 Type 1 (Type 2 audit in progress), ISO/IEC 27001:2022, iBeta Level 1 PAD, and a public attestation from Spain''s Tesoro / SEPBLAC / CNMV that Didit''s remote identity verification is safer than verifying someone in person. Full report at /security-compliance.
Didit ships compliant by default for the regulators that matter to identity infrastructure:
Detailed memo, every certificate, every regulator letter: /security-compliance.
Three integration paths, pick whichever fits your stack:
Same dashboard, same billing, same pay-per-success price for all three. Step-by-step guide at docs.didit.me/integration/integration-prompt.
Every borrower produces an exportable pack:
borrower_pid, your pseudonymous borrower idkyc_status, Approved / Declined / In Review (Title Case With Spaces)aml_status, Clear / Hit / Manual reviewdevice_risk, score + top contributing signalsplan_parameters, instalment count, total amount, currency, merchant idsignature, X-Signature-V2 HMAC SHA-256Pipe to your collections + compliance systems and to your regulator-facing reporting layer. Default retention is 5 years post-relationship per the EU AML package; the UK FCA's BNPL rules will sit on top. Aligned with SOC 2 Type 1, ISO/IEC 27001, and the General Data Protection Regulation, all of which Didit holds.
Yes. The same /v3/ API covers every market:
One contract, one API key, one Workflow Builder. Per-region rules tuned per workflow, Didit handles 14,000+ document types across 220+ countries, sub-2-second verdict on entry-level Android, 48+ languages in the hosted UI.
Four wires, one afternoon:
business.didit.me, sandbox key in 60 seconds, no credit cardPOST /v3/session/ to the apply step + the signed webhook to your decision enginePOST /v3/transactions/ to every instalment charge + handle the four-value status enumThe Didit MCP (Model Context Protocol) server is included free, paste the integration prompt above into Claude Code, Cursor, Codex, Replit Agent, Devin, or Aider and the agent scaffolds the whole thing against the live /v3/ API.
واجهة برمجية واحدة لـ KYC و KYB ومراقبة المعاملات وفحص المحافظ. ادمجها في 5 دقائق.