Integrating Didit's API with GraphQL Gateways

Streamlined IntegrationLeverage GraphQL's flexibility to define precise data requirements, reducing over-fetching and simplifying client-side development when integrating with Didit's REST API.

Enhanced SecurityImplement robust authentication and authorization within your GraphQL gateway, protecting sensitive identity verification data processed by Didit.

Optimized PerformanceBatch and cache requests to Didit's API through your GraphQL layer, improving response times and efficiency for identity verification workflows.

Modular and Scalable ArchitectureDidit's modular identity platform, with its developer-first approach and clean APIs, perfectly complements GraphQL gateways for building scalable and flexible verification systems.

The Power of GraphQL in Modern API Architectures

GraphQL has emerged as a powerful alternative to traditional REST APIs, offering developers greater flexibility and efficiency in data fetching. Unlike REST, where clients often receive fixed data structures from multiple endpoints, GraphQL allows clients to request exactly the data they need in a single query. This capability is particularly beneficial when integrating with various backend services, including specialized APIs like Didit's identity verification platform. A GraphQL gateway acts as a facade, unifying access to disparate services and presenting them as a single, coherent graph API to client applications. This not only simplifies client-side development but also enables better performance by minimizing over-fetching and under-fetching of data.

When dealing with critical processes like identity verification, the benefits of a well-implemented GraphQL gateway become even more pronounced. It allows you to abstract the complexities of external API interactions, such as those with Didit's ID Verification, Passive & Active Liveness, or AML Screening services, behind a consistent and predictable interface. This abstraction layer can handle authentication, error handling, and data transformations, ensuring that your application's front-end remains clean and focused on user experience. Moreover, GraphQL's introspection capabilities make it easier for developers to understand available data and operations, accelerating integration cycles.

Designing Your GraphQL Schema for Didit's API

Integrating Didit's REST API into a GraphQL gateway requires careful schema design. Your GraphQL schema should accurately represent the operations and data types exposed by Didit, while also considering the needs of your client applications. For instance, when creating a verification session with Didit, you'd typically make a POST request to https://verification.didit.me/v3/session/ with parameters like workflow_id, callback, and vendor_data. In GraphQL, you might define a mutation like createDiditSession that encapsulates this call.

Consider the core elements of Didit's API:

• Workflows: Didit's platform is built around customizable workflows (e.g., KYC, Adaptive Age Verification, Biometric Authentication, Address Verification). Your schema should reflect the ability to initiate these workflows. For example, you might have a WorkflowInput type and a Session type that mirrors the response from Didit's session creation API.
• Data Types: Map Didit's response objects (e.g., session_id, status, vendor_data) to corresponding GraphQL types. This ensures type safety and clarity for your front-end developers.
• Authentication: While Didit uses API keys (x-api-key header), your GraphQL gateway should manage this securely. Client applications should authenticate with your gateway, which then uses the stored Didit API key to make requests.

A well-designed schema will allow clients to initiate verification processes, query the status of ongoing sessions, and retrieve verification results without needing to understand the underlying REST API calls. This abstraction is key to maintaining a scalable and maintainable application architecture.

Implementing Authentication and Authorization

Security is paramount when dealing with identity verification. Your GraphQL gateway serves as a critical security layer between your client applications and Didit's API. It's essential to implement robust authentication and authorization mechanisms at this layer.

Authentication: Client applications should authenticate with your GraphQL gateway using established methods like OAuth 2.0, JWTs, or session-based authentication. The gateway, in turn, stores and manages your Didit API Key and Webhook Secret Key securely, never exposing them directly to client applications. When the gateway makes a request to Didit, it injects the x-api-key header with your securely stored API key.

Authorization: Beyond authentication, you need to define what authenticated users or roles are allowed to do. For instance, only administrators might be able to query full verification results, while regular users can only check the status of their own sessions. GraphQL's resolver functions are the perfect place to enforce these authorization rules. Before calling Didit's API, your resolvers can check the authenticated user's permissions and deny unauthorized requests. This prevents sensitive data, such as results from AML Screening or detailed ID Verification data, from being accessed improperly. Didit's modular architecture allows you to control which verification steps are included in a workflow, and your gateway can further restrict access to specific data points based on user roles.

Optimizing Performance and Handling Webhooks

To ensure a smooth user experience, optimizing the performance of your GraphQL gateway is crucial. GraphQL's ability to batch multiple requests into a single network call can significantly reduce latency, especially when your client needs data from several Didit endpoints. Implement data loaders to batch requests to Didit's API, preventing the N+1 problem.

Caching: Cache frequently accessed data, such as static workflow configurations or common verification statuses, at the gateway level. This reduces the number of direct calls to Didit's API, speeding up responses and reducing load.

Webhooks: Didit communicates verification results asynchronously via webhooks. Your GraphQL gateway needs a dedicated endpoint to receive these webhooks. When Didit sends a webhook, your gateway should:

1. Verify the signature: Use your Didit Webhook Secret Key to verify the signature of incoming webhooks, ensuring their authenticity and integrity.
2. Process the data: Parse the webhook payload, which contains the KYC results, and update your internal systems or trigger subsequent actions.
3. Notify clients (optional): If your GraphQL gateway supports real-time updates (e.g., via Subscriptions), you can push the updated verification status to relevant clients.

This asynchronous approach ensures that your application remains responsive while waiting for potentially time-consuming verification processes to complete. Didit's API full flow documentation provides clear guidance on setting up and handling these webhooks effectively.

How Didit Helps

Didit's AI-native, developer-first identity platform is designed for seamless integration with modern architectures, including GraphQL gateways. Our modular identity building blocks, such as ID Verification (OCR, MRZ, barcodes), Passive & Active Liveness, 1:1 Face Match & Face Search, AML Screening & Monitoring, Proof of Address, Age Estimation, and NFC Verification, can be easily composed into workflows via our Business Console or clean APIs. This modularity means your GraphQL schema can precisely map to the specific verification steps you utilize, preventing unnecessary data exposure and complexity. Didit offers Free Core KYC, allowing you to get started without upfront costs. Our pay-per-successful-check model and no setup fees further reduce friction. The developer-first approach, with an instant sandbox and comprehensive public documentation, ensures that integrating Didit into your GraphQL gateway is straightforward, enabling you to build, orchestrate, and automate trust with unparalleled flexibility and scalability.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.