Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Back to blog
Blog · March 6, 2026

Orchestrating Compliance: Webhooks, AWS Step Functions & Didit

Learn how to build a robust, custom compliance orchestration layer using Didit's real-time webhooks and AWS Step Functions. This powerful combination enables dynamic, multi-step identity verification workflows, ensuring.

By DiditUpdated
orchestrating-compliance-webhooks-aws-step-functions-didit.png

Real-time ComplianceLeverage Didit's webhooks to receive instant notifications on identity verification outcomes, enabling immediate action and dynamic workflow adjustments within your compliance processes.

Automated Workflow DesignUtilize AWS Step Functions to visually design and orchestrate complex, multi-step compliance journeys, integrating various Didit identity checks and custom business logic seamlessly.

Scalable and Resilient ArchitectureBuild a highly available and scalable compliance infrastructure that can adapt to fluctuating verification volumes and evolving regulatory requirements without manual intervention.

Enhanced User Experience with DiditIntegrate Didit's modular, AI-native identity verification components like ID Verification, Liveness, and AML Screening into your orchestrated flows, ensuring a smooth yet secure user onboarding experience.

The Challenge of Modern Compliance Orchestration

In today's digital landscape, businesses face an ever-growing need for robust and adaptable compliance frameworks. Identity verification (IDV), Anti-Money Laundering (AML) checks, and Know Your Customer (KYC) processes are no longer static, one-and-done procedures. They require dynamic, multi-step workflows that can adapt to different risk profiles, regulatory changes, and evolving fraud tactics. Traditional solutions often involve siloed systems, manual interventions, and rigid processes, leading to increased operational costs, slower onboarding, and a less-than-ideal user experience. Building a custom compliance orchestration layer is essential for maintaining agility and staying ahead.

The core challenge lies in seamlessly integrating various identity verification components, external data sources, and internal business logic into a cohesive, automated flow. This integration must be real-time, fault-tolerant, and scalable. Companies need a way to trigger downstream actions based on verification results, manage state across multiple steps, and handle exceptions gracefully. This is where the power of webhooks combined with a robust orchestration engine becomes invaluable.

Integrating Didit's Webhooks for Real-time Events

Didit, as an AI-native, developer-first identity platform, provides a powerful foundation for building custom compliance solutions. One of the most critical features for orchestration is its real-time webhooks. Didit's webhooks allow your application to receive instant notifications whenever a significant event occurs within an identity verification process. This could be a completed ID Verification, a liveness check result, an AML screening update, or any other outcome from Didit's comprehensive suite of identity primitives.

Integrating Didit's webhooks means your system doesn't have to constantly poll for updates, reducing latency and resource consumption. When a user completes a step in their verification journey, Didit dispatches an event to a pre-configured endpoint in your application. This payload contains all the necessary information, including the verification status, associated data, and a secure HMAC-SHA256 signature for verification. This immediate feedback loop is crucial for triggering the next steps in your compliance workflow, whether it's approving an account, flagging it for manual review, or initiating further checks.

For example, after a user submits their ID for verification using Didit's ID Verification, a webhook can instantly notify your system of the outcome. If the document is valid and the 1:1 Face Match passes, your orchestration layer can immediately proceed to the next step, such as an AML Screening. If the ID is fraudulent or the Liveness check fails, the webhook can trigger an immediate rejection or a high-risk review process.

Building Orchestration with AWS Step Functions

AWS Step Functions provide an ideal solution for building stateful, serverless workflows that can orchestrate complex compliance processes. Step Functions allow you to define your compliance journey as a series of steps, where each step can be an AWS Lambda function, an interaction with an AWS service (like DynamoDB or SQS), or even a conditional branch based on previous step outcomes. The visual workflow builder makes it easy to design intricate logic without writing extensive code.

Combining Didit's webhooks with AWS Step Functions creates a highly efficient and resilient compliance engine. Here’s how it works: A Didit webhook event triggers an AWS Lambda function. This Lambda function then initiates a Step Functions workflow instance. Within this workflow, you can define a complex sequence of actions:

  • Conditional Logic: Based on the webhook payload (e.g., verification status, risk score), the Step Function can branch to different paths. For instance, if an AML Screening result is 'clear', proceed to account activation. If 'alert', initiate a manual review task.
  • Sequential Processing: Chain multiple identity checks. After a successful ID Verification and Passive Liveness check, trigger a Proof of Address verification.
  • Error Handling and Retries: Step Functions inherently manage state and provide built-in error handling and retry mechanisms, ensuring your compliance process is robust even if external services temporarily fail.
  • Human Review: Integrate human review steps for flagged cases, using AWS services like Amazon SQS to queue tasks for your compliance team.
  • Data Persistence: Store verification results and workflow progress in a database like Amazon DynamoDB.

This architecture decouples your compliance logic from your primary application, making it more maintainable and scalable. You gain fine-grained control over every stage of the verification process, ensuring regulatory adherence while optimizing resource usage.

Designing Your Custom Compliance Workflow

When designing your custom compliance workflow with Didit and AWS Step Functions, consider the full user journey and all potential outcomes. Start by mapping out the different stages a user might go through, from initial signup to full account activation. Identify the specific identity checks required at each stage and the conditions that determine the next step.

For example:

  1. Initial Onboarding: User signs up. Didit's ID Verification (OCR, MRZ, barcodes) and Passive & Active Liveness are performed.
  2. Decision Point 1: If IDV and Liveness pass, trigger Didit's AML Screening & Monitoring. If they fail, flag for review or immediate rejection.
  3. Decision Point 2: If AML screening is clear, proceed to Proof of Address verification using Didit's capabilities. If an alert is found, queue for manual review and potentially trigger additional checks.
  4. Final Review/Activation: Based on all successful checks, the account is activated. If any step requires human intervention, the workflow pauses and notifies a compliance officer, resuming once their decision is recorded.

Didit's modular architecture means you can pick and choose the exact identity primitives you need, such as Age Estimation for age-restricted services, or NFC Verification for high-assurance identity documents like ePassports. Each of these can be a distinct step or condition within your Step Functions workflow, triggered or evaluated based on your business rules and the real-time data provided by Didit's webhooks.

How Didit Helps

Didit is uniquely positioned to empower businesses in building sophisticated compliance orchestration layers. Our modular, AI-native identity platform provides the essential building blocks:

  • Comprehensive Identity Verification: From ID Verification (OCR, MRZ, barcodes) and Passive & Active Liveness to 1:1 Face Match & Face Search, Didit covers a wide array of identity checks.
  • Compliance-Specific Products: Didit's AML Screening & Monitoring ensures you meet regulatory requirements, while Proof of Address streamlines address verification. For age-restricted services, our privacy-preserving Age Estimation is invaluable.
  • Real-time Webhooks: Our secure webhooks deliver instant updates, enabling your AWS Step Functions to react immediately to verification outcomes and drive complex workflows.
  • Open, Modular Architecture: Didit's API-first approach means you can easily integrate individual identity primitives into your custom orchestration, rather than being locked into rigid, all-in-one solutions.
  • Free Core KYC: Didit offers Free Core KYC, allowing you to get started without upfront costs, and our pay-per-successful-check model ensures cost-efficiency as you scale. There are no setup fees, making it easy to experiment and deploy.
  • Developer-First Experience: With an instant sandbox, comprehensive public documentation, and clean APIs, developers can quickly integrate Didit into their existing systems and build custom solutions with ease.

By leveraging Didit's powerful identity verification capabilities and real-time event notifications, businesses can design and implement a custom compliance orchestration layer that is not only robust and compliant but also highly efficient and user-friendly. This approach minimizes manual review, reduces fraud, and accelerates user onboarding, all while adapting to the evolving demands of the regulatory landscape.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page
Compliance Orchestration: Webhooks, AWS Step Functions.