No-Code KYC: Building Verification Workflows Without Engineering

A no-code KYC (Know Your Customer) workflow builder is a visual interface for constructing, testing, and deploying identity verification logic without writing code. The key distinction from a configuration panel: programmability. Conditional branching, nested decisions, A/B testing, and one-click module activation together let a compliance team express their full risk policy visually — and change it without a code deploy.

That distinction matters more than it sounds. Compliance requirements change. Risk thresholds shift. A new product line needs a different verification scope. Regulators update guidance. In the conventional approach, every one of those changes goes to the engineering backlog and waits for a deploy cycle. In a no-code workflow model, the change is made in a Console, reviewed by compliance, and goes live the same day.

Didit's Workflow Orchestrator is that layer, and it is free. It sits on top of the unified /v3/ API, which engineers call once. From that point forward, what the verification flow does is a product and compliance decision — not an engineering one.

Key takeaways

• A no-code workflow builder separates integration from configuration. Engineers call one API endpoint; compliance builds and modifies the flow in the Console without touching the integration.
• Conditional branching and nested decisions route users to different check sets based on country, product type, transaction amount, or any field available in the session context.
• One-click module activation adds or removes any of Didit's 25+ modules — document, biometric, AML, email, IP, phone, database validation — from a workflow in seconds.
• A/B testing in production runs two flows against real traffic, measures completion and pass rates per arm, and promotes the winner — no code change required.
• Compliance-reviewed changes mean every modification to a live workflow goes through an approval step before it affects real users.
• The Workflow Orchestrator is free. You pay per module run, per call, with no seat licenses or platform fees.

What a no-code KYC workflow builder is

A verification workflow is the sequence of checks a user passes through during onboarding — or at a step-up event later in their lifecycle. At its simplest: scan an ID document, take a selfie, match the face to the document. At its most complex: a branching tree where users from high-risk jurisdictions receive a different module set than domestic users, where transaction size determines which liveness tier runs, and where a failed biometric routes to a review queue rather than a hard decline.

A no-code builder expresses that tree visually. Each node is a condition or a module; each edge is a branch. The person responsible for compliance policy — not the engineer — owns the logic. That ownership separation is the point: the person who understands the risk policy can now also change it directly.

Conditional branching and nested decisions

Didit's Workflow Builder supports multi-level branching. A single workflow can contain:

Country-based routing. EU residents take one path; LATAM residents, where database validation against local registries applies, take another. The routing condition is evaluated at session creation from the session context.

Product-based routing. Trading accounts require full document plus liveness; savings accounts clear with email plus IP. The same user, opening a different product, enters a different branch — all within one workflow, one workflow_id, one integration.

Transaction-amount gates. A user's first deposit below a threshold gets a lighter check; anything above triggers the full flow. The amount condition is passed in the session payload and evaluated by the engine.

Failure-state routing. A first biometric attempt failure routes to a human review queue rather than a hard decline. The branch is a conditional on the module outcome, not a separate integration.

Conditions nest — a condition inside a condition — so the policy map can be as granular as the business requires. All of it is expressed in the visual builder, not in backend code.

One-click module activation

Didit's module library covers the full identity and fraud lifecycle: ID Verification, NFC Reading, Passive Liveness, Active Liveness, Face Match 1:1, Face Search 1:N, Age Estimation, AML (Anti-Money-Laundering) Screening, Ongoing AML Monitoring, Email Verification, Phone Verification, IP Analysis, Device Intelligence, Database Validation, Proof of Address, Custom Questionnaires, and more.

In the Workflow Builder, each module appears as a card. Adding it to a workflow is a single click. Removing it is a single click. The module is billed per use when it runs — so adding a module to only one branch means it's only billed for users who reach that branch.

This matters most when regulations change and a new required check must be added across all workflows. In a code-based integration, that is a backend change, a review, a deploy cycle. In the Workflow Builder, it is activating the module on the relevant flows in the Console and submitting for compliance review. The integration layer does not move.

A/B testing workflows in production

The conversion impact of verification design choices — document-first versus selfie-first, three steps versus two, active liveness versus passive — is often larger than expected and usually not measured. Didit's built-in A/B testing makes measurement direct.

Configure a traffic split (for example, 50/50) between two workflow variants. Both run on live users in production. The Console shows completion rate, pass rate, and decision distribution per arm, side by side. When you have confidence in the winner, promote it to 100% traffic — from the Console, without a code change, with a compliance review before it goes live.

The same mechanism applies to compliance-driven changes. A new mandatory check being added can be A/B tested against the existing flow to measure conversion impact before the mandatory rollout date — giving the product team data rather than assumptions.

The unified /v3/ API: integrate once, iterate forever

The underlying architecture is what makes this practical at scale. Every module, every branch, every workflow version calls the same /v3/ API surface. Engineers call POST /v3/session/ with a workflow_id and redirect the user to the session URL. The workflow engine handles module sequencing, branching logic, result delivery, and webhook dispatch.

When compliance modifies the workflow, the workflow_id stays the same. Nothing on the engineering side changes. The integration is stable; the policy is live and mutable.

This also means the same integration supports every future module Didit ships. One-click activation from the Console, billed per use, with no re-integration work. New modules — database validation for a new country, a new liveness tier, a new AML provider — appear in the builder and are available to any workflow immediately.

Because the Workflow Orchestrator is on the same /v3/ API as Transaction Monitoring, a KYC session can link to a transaction risk profile on the same vendor_data reference. The identity established at onboarding flows directly into the ongoing monitoring layer — one platform, one integration.

Use cases

Regulated fintech launching new products. A new product line with a different customer risk profile needs a different verification scope. Build a new workflow branch in the Console; no engineering sprint required. The audit log captures every change with timestamp and author.

Crypto VASP and exchange compliance. FATF Travel Rule obligations vary by jurisdiction and counterparty type. A workflow with country and amount-based branching applies the right policy per transaction category without custom backend logic per market.

Marketplace platforms with dual-sided onboarding. Buyer and seller accounts have different risk profiles. Two workflows — or two branches within one — with different module sets, managed in the Console and version-controlled in the audit log. Engineers shipped one integration.

iGaming operators. Responsible gaming requirements vary by jurisdiction and user segment. A/B testing flow length against completion rates, with compliance review gating every change, is the regulatory pattern regulators in Spain, the UK, and Malta increasingly expect.

Frequently asked questions

Is the Workflow Orchestrator really free?

Yes. The orchestration, branching, A/B testing, and module activation logic carries no charge. You pay per module run, per call, with no seat licenses or platform subscription fee.

Does the no-code builder replace our backend integration?

No — engineers still call POST /v3/session/ from your backend. The builder configures what the engine does with that call. It removes the need to re-integrate when the policy changes; it doesn't remove the integration point.

How do compliance-reviewed changes work?

Every modification to a live workflow in the Console triggers a review step before the change affects real users. The audit log captures who changed what and when, which satisfies most regulatory change-management documentation requirements.

Can I combine the Workflow Builder with Transaction Monitoring?

Yes. A KYC session links to a transaction monitoring profile via the same vendor_data reference — so the onboarding identity flows into the post-onboarding transaction risk layer without re-integration. The AWAITING_USER status in transaction monitoring can spawn a remediation KYC session via the same workflow engine.

How many modules can I combine in one workflow?

There is no hard limit. Workflows can activate any combination of Didit's 25+ modules, in any order, with any branching depth the policy requires.

Ready to get started?

• Learn the feature → Docs
• See it in the platform → ID Verification product page
• Check the price → Pricing — Workflow Orchestrator free, modules priced per call
• Start free → business.didit.me — 500 free verifications/month