Identitätsverifizierung unter deiner Marke weiterverkaufen oder einbetten. $0.33 + $0.20 White-Label-Gebühr pro Check, keine UI zu bauen, keine Compliance zu managen. 500 Verifizierungen jeden Monat kostenlos.
Robinhood Ventures
Über 2.000 Organisationen weltweit vertrauen uns.
Was ein Reseller schuldet
Konfiguriere Farben, Typografie, quadratische + rechteckige Logos und deine eigene Custom Domain im Style Editor, aktiviere Benutzerdefinierten Stil einschließen für jeden Workflow. Der Endnutzer sieht deine Marke, deine Domain, deinen Flow; du profitierst von Didits iBeta Level 1 PAD (Presentation Attack Detection), der Tesoro / SEPBLAC-Bescheinigung aus Spanien, SOC 2 Typ 1 und ISO/IEC 27001. 500 Verifizierungen pro Monat kostenlos.
Wähle die gewünschten Checks aus, ID, Liveness, Face Match, Sanktionen, Adresse, Alter, Telefon, E-Mail, benutzerdefinierte Fragen. Ziehe sie im Dashboard in einen Flow oder poste denselben Flow an unsere API. Verzweige nach Bedingungen, führe A/B-Tests durch, kein Code erforderlich.
Bette nativ mit unserem Web-, iOS-, Android-, React Native- oder Flutter-SDK ein. Leite auf eine gehostete Seite weiter. Oder sende deinem Nutzer einfach einen Link, per E-Mail, SMS, WhatsApp, überall. Wähle, was zu deinem Stack passt.
Didit hostet die Kamera, die Beleuchtungshinweise, die mobile Übergabe und die Barrierefreiheit. Während der Nutzer im Flow ist, bewerten wir über 200 Betrugssignale in Echtzeit und verifizieren jedes Feld anhand autoritativer Datenquellen. Ergebnis in unter zwei Sekunden.
Echtzeit-signierte Webhooks halten deine Datenbank synchron, sobald ein Nutzer genehmigt, abgelehnt oder zur Überprüfung gesendet wird. Frage die API bei Bedarf ab. Oder öffne die Konsole, um jede Session und jedes Signal zu überprüfen und Fälle nach deinen Wünschen zu verwalten.
Didit · Style Editor
Your brand
Verify your identity
Didit · Custom domain
DNS record
TLS · auto
Didit · SDKs
Didit · Workflow Builder
Didit · Reseller margin
Didit · Audit retained
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"workflow_id": "wf_signup_branded",
"vendor_data": "end-user-42",
"metadata": { "tenant_id": "brand-b" }
}'$ curl https://verification.didit.me/v3/session/$SID/decision/ \
-H "x-api-key: $DIDIT_API_KEY"
# Returns:
{
"status": "Genehmigt",
"aml": { "status": "Genehmigt" }
}You are integrating Didit white-label KYC. You're either reselling identity verification to your own customers under your brand, or embedding KYC inside your SaaS product so the end-user never sees Didit. Either way, the verification stack is Didit's; the visible brand is yours.
Three pillars:
1. Configure your brand once in the Style Editor — colours, typography, square + rectangular logos, optional custom domain.
2. Toggle Include custom style ON for every workflow that should ship under your brand. Leave it OFF for internal admin flows.
3. Open POST /v3/session/ as usual. The hosted UI returns under your brand on your domain.
Cost:
- Didit KYC bundle: $0.33 per check (Sessions API floor)
- White-label fee: $0.20 per check (adds branding + custom domain + per-workflow style toggle)
- Reseller cost in: $0.53 per check
- Mark up to your buyer as you choose — published rate at scale, custom contracts above 100k/month
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60s, no card).
- White-label add-on enabled on your account (talk to sales to switch it on).
- Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header and your webhook secret.
- A workflow_id from the Workflow Builder that bundles the modules you ship (typically ID Verification + Passive Liveness + Face Match 1:1 + AML Screening) with Include custom style ENABLED.
- Optional: custom domain (e.g. verify.yourbrand.com) configured in the Business Console — Didit handles the CNAME target + TLS cert via Let's Encrypt.
STEP 1 — Configure brand in the Style Editor (no code)
Console → White Label → Style Editor:
Colors: buttons, text, panels, backgrounds
Typography: fonts that match your brand
Logos: square + rectangular uploads
Layout: border radius for panels and buttons
Login: show or skip the Didit login screen
Domain: add verify.yourbrand.com (CNAME target = verify.didit.me; TLS auto-provisioned)
STEP 2 — Enable custom style on the workflow
Console → Workflows → <your workflow> → Settings → Options:
Toggle Include custom style ON. Without this, the workflow ships with default Didit branding.
Repeat per workflow. You can mix branded + unbranded workflows on the same account — useful for an internal admin flow that doesn't need the customer brand.
STEP 3 — Open a session as usual
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with Include custom style ON>",
"vendor_data": "<your end-user id, max 256 chars>",
"callback": "https://<your-app>/kyc/callback",
"metadata": {
"purpose": "white_label_onboarding",
"tenant_id": "<your reseller tenant id if multi-brand>"
}
}
Response: 201 Created with the hosted session URL — under YOUR domain if you set one. Sub-2-second median verdict on completion.
STEP 4 — Read the signed webhook on completion
Didit POSTs to your callback. Session statuses are Title Case With Spaces:
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your end-user id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"aml": { "status": "Approved", "hits": [] }
}
Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.
On Approved → onboard the end-user. On Declined → reject. On In Review or Resubmitted → hold + route to your compliance team.
STEP 5 — Multi-brand on one account (reseller pattern)
When you serve multiple end-customer brands from a single Didit account:
- Create one workflow per end-customer brand
- Configure each workflow with the customer's brand style (or use the Style Editor presets per workflow if your account supports it)
- On POST /v3/session/, pick the workflow_id that matches the end-customer's brand
The end-customer sees their own brand; you see one consolidated invoice per month. Didit's MCP (Model Context Protocol) server is included free for programmatic per-tenant workflow management.
STEP 6 — Audit + compliance retained
Swapping the brand does not change the underlying compliance bar. Every session is still:
- iBeta Level 1 PAD (Presentation Attack Detection) certified on liveness
- Backed by Spain's Tesoro / SEPBLAC attestation (only EU member-state government attestation of safer-than-in-person verification)
- Aligned with SOC 2 Type 1 + ISO/IEC 27001 + GDPR (General Data Protection Regulation)
- Logged with X-Signature-V2 webhook signing on every event
- Retained 5 years post-relationship by default per the EU Anti-Money-Laundering package; configurable upward per your supervisor's guidance
Sub-processor disclosure available on request for your DPA (Data Processing Agreement).
WEBHOOK EVENT NAMES
- Sessions: status changes flow through the standard session webhook.
- Verify X-Signature-V2 on every payload.
CONSTRAINTS
- Session statuses use Title Case With Spaces (Approved, In Review). Don't transform them.
- The white-label add-on is a per-account feature — talk to sales to enable it. Once enabled, the Style Editor + custom-domain pipeline is no-code.
- Custom domain TLS auto-renews 30 days before expiry. Monitor the cert status in the Console.
- Some end-user browsers (mobile in-app webviews) constrain custom domains — keep verify.didit.me as a fallback for these edge cases.
Read the docs:
- https://docs.didit.me/console/white-label
- https://docs.didit.me/console/workflows
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / Monat. Keine Kreditkarte erforderlich.
Zahle nur, was du nutzt. Über 25 Module. Öffentliche Preise pro Modul, keine monatliche Mindestgebühr.
Individuelle MSA & SLA. Für große Volumina und regulierte Programme.
Kostenlos starten → nur zahlen, wenn eine Prüfung läuft → Enterprise für einen individuellen Vertrag, SLA oder Datenresidenz freischalten.
Didit is infrastructure for identity and fraud, the platform we wished existed when we were building products ourselves: open, flexible, and developer-friendly, so it works as a real part of your stack instead of a black box you integrate around.
One API covers verifying people (KYC, know your customer), verifying businesses (KYB, know your business), screening crypto wallets (KYT, know your transaction), and monitoring transactions in real time, on a stack built to be:
The footprint underneath: 14,000+ document types in 48+ languages, 1,000+ data sources, and 200+ fraud signals on every session. The Didit infrastructure dynamically learns from every session and gets better every day.
It's an identity-verification product that runs under your brand, your colours, your logo, your domain, but uses someone else's verification stack under the hood. The end-user never sees the underlying vendor.
Two flavours you can ship:
The Didit recipe handles both with the same Style Editor + per-workflow toggle.
Six categories, all no-code via the Business Console Style Editor:
verify.yourbrand.com instead of verify.didit.me. CNAME + TLS handled inside the Console.The Style Editor previews live as you change tokens. Once you save, toggle Include custom style on the workflow you want branded, that's the activation gate.
The full flow normally takes under 30 seconds end-to-end, pick up the ID, snap the document, snap the selfie, done. That is the fastest in the market. Legacy KYC providers usually take more than 90 seconds for the same flow.
On the back end, Didit returns the result in under two seconds at p99, measured from the moment the user finishes the selfie to the moment your webhook fires. Mobile capture is tuned for slow phones and slow networks: progressive image compression, lazy software development kit load, and a one-tap hand-off from desktop to phone via QR code if the user starts on web.
Yes. The same Style Editor configuration applies across all five Didit SDKs, Web (React, Vue, vanilla JS), iOS (Swift), Android (Kotlin), React Native (TurboModules), and Flutter (Dart). The SDKs are free; the white-label fee covers branding across every surface.
In practice: you set colours, type, logos, and radius once. The SDK reads the same brand config from your account, the hosted flow reads the same config, and your end-user gets a consistent branded experience whether they're in a mobile app, a webview, or a desktop browser.
Every session lands on one of seven clear statuses, so your code always knows what to do:
Approved, every check passed. Move the user forward.Declined, one or more checks failed. You can allow the user to resubmit the specific failed step (for example, re-take the selfie) without re-running the whole flow.In Review, flagged for compliance review. Open the case in the console, see every signal, decide approve or decline.In Progress, user is mid-flow.Not Started, link sent, user has not opened it yet. Send a reminder if it sits too long.Abandoned, user opened the link but did not finish in time. Re-engage or expire.Expired, the session link aged out. Create a new session.A signed webhook fires on every status change, so your database always stays in sync. Abandoned and declined sessions are free.
Production data is processed and stored in the European Union by default, on Amazon Web Services. Enterprise contracts can request alternative regions for jurisdictions whose regulators require it.
Encryption everywhere. AES-256 at rest across every database, object store, and backup. Transport Layer Security 1.3 in transit on every API call, webhook, and Business Console session. Biometric data is encrypted under a separate Customer Master Key.
Retention is yours to control. Default retention is indefinite (unlimited) unless you configure shorter, between 30 days and 10 years per application, and you can delete any individual session at any time from the dashboard or the API.
Certifications: SOC 2 Type 1 (Type 2 audit in progress), ISO/IEC 27001:2022, iBeta Level 1 PAD, and a public attestation from Spain''s Tesoro / SEPBLAC / CNMV that Didit''s remote identity verification is safer than verifying someone in person. Full report at /security-compliance.
Didit ships compliant by default for the regulators that matter to identity infrastructure:
Detailed memo, every certificate, every regulator letter: /security-compliance.
Three integration paths, pick whichever fits your stack:
Same dashboard, same billing, same pay-per-success price for all three. Step-by-step guide at docs.didit.me/integration/integration-prompt.
Yes. Swapping the brand does not change the underlying compliance posture:
Under your white-label, all of these flow through to your customer. Didit provides sub-processor disclosure on request for your DPA (Data Processing Agreement).
Both are free, both work with the white-label add-on.
The net: you don't need a large engineering team to ship a white-label KYC product. The Style Editor handles brand, the Workflow Builder handles modules, the MCP server handles automation, and the /v3/ API handles the verification itself.
Four wires, one afternoon for a vertical-slice; a week for production:
business.didit.me, sandbox key in 60 seconds, no credit cardPOST /v3/session/ + the signed webhook (X-Signature-V2 HMAC SHA-256) into your onboarding flowFor a multi-tenant reseller, add: one workflow per end-customer brand, per-tenant Style Editor configuration, a routing layer that picks the right workflow_id per inbound request. The MCP server scripts these end-to-end.
Eine API für KYC, KYB, Transaktionsüberwachung und Wallet-Screening. In 5 Minuten integriert.