$0.33 la primera verificación, reautenticación solo con selfie en cada regreso de forma gratuita, compartición entre socios mediante tokens cifrados de corta duración. 500 verificaciones gratuitas cada mes.
Con la confianza de más de 2.000 organizaciones en todo el mundo.
Lo que la identidad debe
Una vez que un usuario es verificado según el estándar Didit —anti-spoof iBeta Nivel 1, veredicto en menos de 2 segundos, más de 14,000 documentos— esa verificación es portátil. Misma marca, segunda aplicación: reautenticación gratuita solo con selfie. Socio de confianza, nuevo registro: un token de compartición cifrado de corta duración los incorpora instantáneamente. El usuario es propietario de la credencial, alineada con eIDAS2.
Elija las comprobaciones que desee: identificación, prueba de vida, coincidencia facial, sanciones, dirección, edad, teléfono, correo electrónico, preguntas personalizadas. Arrástrelas a un flujo en el panel de control o publique el mismo flujo en nuestra API. Ramifique según las condiciones, ejecute pruebas A/B, no se requiere código.
Incorpore de forma nativa con nuestro SDK web, iOS, Android, React Native o Flutter. Redirija a una página alojada. O simplemente envíe a su usuario un enlace, por correo electrónico, SMS, WhatsApp, en cualquier lugar. Elija lo que se adapte a su pila.
Didit aloja la cámara, las indicaciones de iluminación, la transferencia móvil y la accesibilidad. Mientras el usuario está en el flujo, puntuamos más de 200 señales de fraude en tiempo real y verificamos cada campo con fuentes de datos autorizadas. Resultado en menos de dos segundos.
Los webhooks firmados en tiempo real mantienen su base de datos sincronizada en el momento en que un usuario es aprobado, rechazado o enviado a revisión. Consulte la API bajo demanda. O abra la consola para inspeccionar cada sesión, cada señal y gestionar los casos a su manera.
Didit · Credencial propiedad del usuario
Paso 2 / 3
Volver a presentar identidad
Didit · Compartir sesión
Socio A
Socio B
Didit · Política de confianza
Didit · Reautenticación KYC reutilizable
Didit · Controles de privacidad
Registro de consentimiento
Token + auditoría
Didit · Red
$ curl -X POST https://verification.didit.me/v3/session/$SID/share/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"audiencia": "socio_b",
"expira_en": 900
}'$ curl -X POST https://verification.didit.me/v3/session/import-shared/ \
-H "x-api-key: $PARTNER_B_KEY" \
-d '{
"share_token": "eyJhbGci…",
"id_flujo_trabajo": "socio_b_fw",
"datos_proveedor": "usuario-en-socio-b",
"revisión_de_confianza": true
}'You are integrating Didit reusable identity. Your users get verified once with full KYC and then re-present that verification on every subsequent service — your own platforms (same-platform reuse via Reusable KYC) and trusted partner platforms (cross-partner Share Session API).
Three pillars:
1. Verify once with full KYC ($0.33 bundle) via POST /v3/session/.
2. On the SAME platform, returning users re-prove identity with a selfie only — free, via the Reusable KYC workflow.
3. To a TRUSTED PARTNER, the first platform generates a short-lived share token (POST /v3/session/{id}/share/); the partner imports it (POST /v3/session/import-shared/) and the user lands fully onboarded.
Cost:
- First verification: $0.33 (Sessions API)
- Same-platform selfie-only reauth: free (Reusable KYC workflow)
- Cross-partner import: priced per call, from $0.30 — Partner B pays the import fee
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60s, no card).
- Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header and your webhook secret.
- Two workflows in the Workflow Builder:
wf_first_verification — ID Verification + Passive Liveness + Face Match 1:1 + Device & IP Analysis + Anti-Money Laundering (AML) Screening
wf_reusable_kyc — Reusable KYC (selfie-only reauth)
- For cross-partner: a pre-arranged backend channel with the partner (a webhook, a queue, or even an authenticated REST call between your services) so the share token can be transmitted out-of-band.
STEP 1 — First verification (Sessions API)
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf_first_verification>",
"vendor_data": "<your user id, max 256 chars>",
"callback": "https://<your-app>/identity/callback"
}
Response: 201 Created with the hosted session URL. Sub-2-second median verdict on completion.
STEP 2 — Read the signed webhook on verification completion
Didit POSTs to your callback. Session statuses are Title Case With Spaces:
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your user id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 }
}
Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.
Store the (user_id, session_id, status) tuple. session_id is the handle you reuse for shares.
STEP 3 — Same-platform reuse (Reusable KYC selfie-only reauth)
When the same user returns for a new flow:
POST https://verification.didit.me/v3/session/
Body:
{
"workflow_id": "<wf_reusable_kyc>",
"vendor_data": "<your user id>",
"callback": "https://<your-app>/identity/reauth-callback"
}
The hosted UI prompts the user for a selfie only — no document re-capture. Didit matches the selfie against the original verified template, returns Approved in under two seconds, free.
STEP 4 — Cross-partner share (Partner A generates a share token)
Only finished sessions (Approved / Declined / In Review) can be shared.
POST https://verification.didit.me/v3/session/{sessionId}/share/
Headers:
x-api-key: <Partner A's api key>
Content-Type: application/json
Body:
{
"audience": "<partner_b_identifier>",
"expires_in": 900
}
Response (excerpted):
{
"share_token": "eyJhbGciOiJIUzI1NiJ9...",
"session_kind": "kyc",
"expires_at": "<ISO8601>"
}
Transmit the share_token to Partner B via your pre-arranged backend channel.
STEP 5 — Cross-partner import (Partner B imports the session)
POST https://verification.didit.me/v3/session/import-shared/
Headers:
x-api-key: <Partner B's api key>
Content-Type: application/json
Body:
{
"share_token": "eyJhbGciOiJIUzI1NiJ9...",
"workflow_id": "<Partner B's workflow id>",
"vendor_data": "<Partner B's internal user id>",
"trust_review": true
}
trust_review options:
true — Partner B trusts Partner A's verdict (Approved / Declined). The imported session keeps the original status.
false — Partner B copies the data but sets status to "In Review" so Partner B's compliance team can apply their own thresholds.
Constraints (verified against mintlify-docs/core-technology/reusable-kyc/share-kyc-via-api.mdx):
- A specific session can be imported only ONCE into a given partner application.
- The share_token is short-lived (defaults to 15 minutes).
- End-to-end encrypted; only the named audience can import.
STEP 6 — Audit the consent + the share
Log every share + every import with:
- user_pid (the pseudonymous user identifier)
- audience (which partner)
- purpose (onboarding, lending, payments, etc.)
- scope (kyc, kyc + aml, kyc + kyb)
- share_token id + expiry
- import status
Default retention 5 years post-relationship per the EU AML package; longer under your supervisor's guidance.
WEBHOOK EVENT NAMES
- Sessions: status changes flow through the standard session webhook.
- Verify X-Signature-V2 on every payload.
CONSTRAINTS
- Session statuses use Title Case With Spaces (Approved, In Review). Don't transform them.
- Share tokens are scoped to the named audience and the named purpose — they're not bearer tokens for free reuse.
- The user must consent before a share happens. Capture explicit consent in your UI; Didit logs the consent against the session.
- Reusable KYC selfie-only reauth is free; cross-partner imports are priced at Partner B's account.
- 200+ fraud signals are evaluated on every fresh session at no extra cost.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/sessions-api/share-session/share
- https://docs.didit.me/sessions-api/share-session/import
- https://docs.didit.me/core-technology/reusable-kyc/overview
- https://docs.didit.me/core-technology/reusable-kyc/share-kyc-via-api
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / mes. No se requiere tarjeta de crédito.
Pague solo por lo que usa. Más de 25 módulos. Precios públicos por módulo, sin tarifa mínima mensual.
MSA y SLA personalizados. Para grandes volúmenes y programas regulados.
Empiece gratis → pague solo cuando se ejecute una verificación → desbloquee Enterprise para un contrato personalizado, SLA o residencia de datos.
Una API para KYC, KYB, monitoreo de transacciones y detección de billeteras. Intégrelo en 5 minutos.