Instal dua belas Keterampilan Agen sumber terbuka Didit ke Cursor, Claude Code, Codex, atau OpenCode dalam satu perintah `npx`. Tanyakan agen dalam bahasa Inggris biasa. Ini menulis kode dan memanggil API langsung.
Dipercaya oleh 2.000+ organisasi di seluruh dunia.
Mengapa keterampilan, bukan dokumen
Berikan Cursor tab dokumentasi dan ia akan menciptakan endpoint dan status enum huruf kecil. Berikan skill Didit dan setiap baris mengarah ke API yang sebenarnya — endpoint terkunci, header terkunci, penangan webhook yang ditandatangani dibuat. Satu perintah `npx`.
Jalankan `npx skills add didit-protocol/skills` di proyek Anda. CLI mendeteksi Cursor, Claude Code, Codex, atau OpenCode dan menempatkan setiap skill ke folder yang tepat. Instal hanya satu dengan `--skill didit-face-match`.
Ambil satu dalam 60 detik di [business.didit.me](https://business.didit.me) dan `export DIDIT_API_KEY=…`, atau biarkan agen mendaftarkan dirinya secara terprogram — `POST /programmatic/register/` diikuti dengan `verify-email/`, dan kunci akan kembali dalam respons. Tidak perlu browser.
*"Tambahkan Didit KYC ke alur pendaftaran saya."* *"Saring pengguna ini terhadap daftar AML."* Agen membaca skill yang relevan, menulis kode, dan menghubungkan penangan webhook yang ditandatangani. Benar pada percobaan pertama — tidak perlu beralih tab dokumentasi.
Didit meng-host kamera, pengambilan dokumen, selfie, penyerahan seluler. Kurang dari 30 detik untuk pengguna. Keputusan di webhook Anda kurang dari 2 detik, ditandatangani dengan `X-Signature-V2` sehingga Anda dapat mempercayainya.
Didit · Katalog
Didit · npx install
Didit · Host
Didit · Keterampilan apa yang terkunci
Didit · Pengaturan
Didit · github.com/didit-protocol/skills
Di setiap skill
Tiga jalur instalasi
$ npx skills add didit-protocol/skills
✓ 12 keterampilan terinstal
# or just one
$ npx skills add didit-protocol/skills \
--skill didit-face-match
# set the api key
$ export DIDIT_API_KEY="sk_live_..."$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "$DIDIT_WORKFLOW_ID",
"vendor_data": "user-42",
"callback_url": "https://app/cb"
}'You are installing the Didit Agent Skills into this project and wiring the first verification session against the live https://verification.didit.me/v3/ API. After this prompt, the project should pass identity verification — Know Your Customer (KYC), Anti-Money Laundering (AML) screening, document Optical Character Recognition (OCR) — through Didit.
Didit ships twelve open-source Agent Skills at https://github.com/didit-protocol/skills and follows the open standard at https://agentskills.io. The CLI auto-detects whether you are running inside Cursor, Claude Code, Codex, or OpenCode and drops the skills into the right folder.
PRE-REQUISITES
- A Didit API key (DIDIT_API_KEY). Either issued from https://business.didit.me, or self-registered by the agent via POST /programmatic/register/ + POST /programmatic/verify-email/ (no browser needed).
- A workflow_id from the Workflow Builder that bundles ID Verification + Passive Liveness + Face Match + IP Analysis + AML — or just use the didit-kyc-onboarding skill below to create one programmatically.
- A webhook endpoint that verifies the X-Signature-V2 header with HMAC-SHA256 on the raw body bytes (do NOT re-serialise the parsed JSON; the signature will not match).
STEP 1 — Install the skills
Recommended:
npx skills add didit-protocol/skills
This installs all twelve skills. To install only one:
npx skills add didit-protocol/skills --skill didit-face-match
Or git clone the repo and copy what you need:
git clone https://github.com/didit-protocol/skills.git
cp -r skills/didit-kyc-onboarding .claude/skills/
cp -r skills/didit-id-document-verification .claude/skills/
The twelve skills:
- didit-verification-management : the hub. Account, sessions, workflows, billing, blocklist, webhook config. 45+ endpoints
- didit-kyc-onboarding : full KYC recipe (ID + selfie + face match) in one call
- didit-id-document-verification : passports, ID cards, driver's licences. OCR, MRZ, NFC. 4,000+ documents, 220+ countries
- didit-liveness-detection : 99.9%-accurate liveness from a single selfie
- didit-face-match : compare two faces, get a 0–100 score
- didit-face-search : 1:N face search for deduplication and blocklists
- didit-biometric-age-estimation : estimate age from a selfie
- didit-email-verification : email OTP, detects breached / disposable / undeliverable
- didit-phone-verification : phone OTP via SMS, WhatsApp, or Telegram. Catches VoIP
- didit-aml-screening : 1,300+ sanctions, PEP, adverse-media lists. Dual-score risk
- didit-proof-of-address : utility bills, bank statements. OCR + geocoding
- didit-database-validation : government databases across 18 countries
STEP 2 — Set the environment
Every skill reads DIDIT_API_KEY. Session-based skills also expect DIDIT_WORKFLOW_ID. Signed-webhook handlers expect DIDIT_WEBHOOK_SECRET.
export DIDIT_API_KEY="<your api key>"
export DIDIT_WORKFLOW_ID="<your workflow id>" # optional
export DIDIT_WEBHOOK_SECRET="<your secret>" # optional
Programmatic alternative (no browser):
curl -X POST https://apx.didit.me/auth/v2/programmatic/register/ \
-H "Content-Type: application/json" \
-d '{"email": "dev@example.com", "password": "MyStr0ng!Pass"}'
# check the email, get the 6-char code, then:
curl -X POST https://apx.didit.me/auth/v2/programmatic/verify-email/ \
-H "Content-Type: application/json" \
-d '{"email": "dev@example.com", "code": "<code>"}'
# response includes api_key — export it as DIDIT_API_KEY.
STEP 3 — Create a verification session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: $DIDIT_API_KEY
Content-Type: application/json
Body:
{
"workflow_id": "$DIDIT_WORKFLOW_ID",
"vendor_data": "<your user id, max 256 chars>",
"callback_url": "https://<your-app>/kyc/callback",
"metadata": { "source": "agent-skill" }
}
Response: 201 Created. The hosted session URL is on the `url` field. Redirect the user, or send them the link by email / SMS / WhatsApp. Sub-2-second p99 verdict on completion.
STEP 4 — Read the signed webhook
Didit POSTs to your callback. KYC session statuses are Title Case With Spaces.
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your user id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"aml": { "status": "Approved", "hits": [] }
}
Full enum:
Approved | Declined | In Review | In Progress | Not Started | Abandoned | Expired | Resubmitted | Awaiting User | Not Finished
Verify X-Signature-V2 BEFORE parsing the body — HMAC-SHA256 of the raw bytes with your webhook secret. Re-serialising the parsed body changes whitespace and key order and the signature will not match.
STEP 5 — Read the decision on demand
GET https://verification.didit.me/v3/session/{sessionId}/decision/
Headers:
x-api-key: $DIDIT_API_KEY
Returns the full decision payload — id_verification, liveness, face, ip_analysis, aml. Use this whenever the agent needs to confirm the user's status before allowing an action. Never trust client-supplied "I'm verified" flags.
STEP 6 — Branch on status
Approved → continue
Declined → block, surface decision_reason_code, allow resubmit of the failed step
In Review → wait for the analyst webhook; don't block forever
Resubmitted → user re-took a failed step; new verdict is coming
Awaiting User → user hasn't completed the flow; nudge with a reminder
Expired → create a new session
Abandoned and Declined sessions are NOT billed.
STEP 7 — Optional: ongoing AML monitoring
If AML monitoring is enabled on the workflow ($0.07 per user per year), Didit fires status.updated whenever the user lands on a new sanctions / PEP / adverse-media list. No extra endpoint to call.
WEBHOOK EVENT NAMES
- status.updated : KYC or KYB session status changed
- data.updated : session data corrected after creation
- user.status.updated : User entity changed status (Active, Flagged, Blocked)
- user.data.updated : User entity counters, metadata, or aggregate fields changed
- activity.created : timeline activity recorded
Verify X-Signature-V2 on every payload. The webhook secret is per-environment — sandbox is separate from production.
CONSTRAINTS
- KYC session statuses use Title Case With Spaces (Approved, In Review). Do NOT transform them to UPPER_SNAKE_CASE — that casing is for Know Your Business (KYB) sessions and Transaction Monitoring, not KYC.
- HMAC verification runs against the RAW request body bytes. Never re-serialise the parsed JSON.
- Bundle price is $0.30 (ID + Liveness + Face Match + IP Analysis). AML adds $0.20. 500 verifications free every month, forever.
- Default record retention is unlimited unless you configure it shorter (30 days to 10 years per application).
Read the docs:
- https://docs.didit.me/getting-started/agent-skills
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/sessions-api/retrieve-session
- https://docs.didit.me/integration/webhooks
Skills repo:
- https://github.com/didit-protocol/skills
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / bulan. Tidak perlu kartu kredit.
Bayar hanya untuk yang Anda gunakan. 25+ modul. Harga per modul publik, tanpa biaya minimum bulanan.
MSA & SLA Kustom. Untuk volume besar dan program yang diatur.
Mulai gratis → bayar hanya saat pemeriksaan berjalan → buka Enterprise untuk kontrak khusus, SLA, atau residensi data.
Satu API untuk KYC, KYB, Pemantauan Transaksi, dan Penyaringan Dompet. Integrasikan dalam 5 menit.