コードを書かずに本人確認フローを構成します。再デプロイせずにルールを変更します。

You are integrating Didit's no-code Workflow Builder into a product. The product manager, the compliance officer, or the founder can change identity rules in the Business Console; your app only ever hands Didit a workflow_id, gets a verdict back, and routes the user.

Three pillars:

  1. Compose the workflow in the visual builder — drag ID, Liveness, Face Match, AML, NFC, KYB modules onto the canvas, connect them with edges, add conditional branches.
  2. Publish a version — the published version is immutable; sessions reference the exact version they were created with.
  3. Open POST /v3/session/ with the published workflow_id. Didit handles every module and every branch server-side.

Cost:
  - Pay per completed module per session (e.g. ID $0.15 + Liveness $0.10 + Face Match $0.05 + AML $0.20 = $0.50, or bundle = $0.33)
  - Workflow Builder itself is free
  - MCP server (for AI coding agents to manage workflows programmatically) is free, included
  - First 500 verifications free every month, forever

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60s, no card).
  - Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header and your webhook secret.
  - Access to the Business Console's Workflow Builder (every account has it).
  - The 11 seeded templates are a good starting point:
      "ID + Face Match"
      "ID + Liveness + Face Match" (the $0.33 KYC bundle)
      "ID + IP risk-based" (extra Liveness on VPN / Tor)
      "Phone risk-based verification"
      "High-risk country review"
      "Two ID documents"
      "Driver verification"
      "EU Company Verification" (KYB)
      ... plus four more
  - Plus "Start from Scratch" for fully bespoke flows.

STEP 1 — Compose the workflow

  Console → Workflows → New → pick a template OR Start from Scratch:
    - Drag modules from the sidebar onto the canvas
    - Connect them with edges (the user moves left-to-right through them)
    - Add branching conditions (right-click a node → Add condition)
    - Set per-workflow options: Include custom style (white label), retention override, callback URL

  Click Save Draft. The draft is fully editable; only published versions are immutable.

STEP 2 — Publish a version

  Click Publish on the draft. The version receives a number (v1, v2, v3…) and becomes immutable.

  Versioning rules:
    - Sessions reference the exact published version they were created with
    - You can iterate on a new draft while sessions on the old version continue to use it
    - Past versions are kept; you can inspect any past session's configuration
    - To change a published workflow, create a new draft from it, edit, publish

STEP 3 — Open a session with the workflow_id

  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<your published workflow id>",
      "vendor_data": "<your user id, max 256 chars>",
      "callback": "https://<your-app>/identity/callback"
    }

  Response: 201 Created with the hosted session URL. Didit walks the user through every module and every branch defined in the workflow.

STEP 4 — Read the signed webhook on completion

  Didit POSTs to your callback when the session reaches a terminal status. Session statuses are Title Case With Spaces:

  Body (excerpted):
    {
      "session_id": "<uuid>",
      "workflow_id": "<the workflow id>",
      "workflow_version": "<v3>",
      "vendor_data": "<your user id>",
      "status": "Approved",
      "id_verification": { "status": "Approved" },
      "liveness": { "status": "Approved" },
      "face": { "status": "Approved", "similarity_score": 0.94 },
      "aml": { "status": "Approved", "hits": [] }
    }

  Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

  Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.

  Each module that ran inside the workflow returns its own sub-status; the top-level status is the rolled-up verdict.

STEP 5 — Iterate without redeploying

  When the rules need to change — a new country flagged as high-risk, a tighter age threshold, a new module added to the bundle — the workflow owner edits the draft in the Console and publishes. New sessions automatically use the new version.

  Your app doesn't change. You don't redeploy. The workflow_id is the same; the underlying behaviour is updated.

STEP 6 — Run A/B tests

  Built-in A/B testing splits traffic across variant workflows. Configure variants in the Console (e.g. variant A uses Passive Liveness, variant B uses Active Liveness), set the split percentage, and read the variant id back on every session webhook.

  Measure conversion + verdict mix per variant in the Business Console's analytics. Promote the winner; the loser becomes a previous version retained for audit.

STEP 7 — Drive the Workflow Builder from AI coding agents

  The Didit MCP (Model Context Protocol) server (free, included) exposes the Workflow management primitives as MCP tools. Any MCP-compatible host — Claude Code, Cursor, Codex, Replit Agent, Devin, Aider — can list workflows, create new drafts, edit nodes, and publish versions on your behalf.

  Useful for ops teams that want to script tenant-specific workflow provisioning, A/B-variant generation, or per-customer-brand template materialisation.

WEBHOOK EVENT NAMES
  - Sessions: status changes flow through the standard session webhook.
  - Verify X-Signature-V2 on every payload.

CONSTRAINTS
  - Session statuses use Title Case With Spaces (Approved, In Review). Don't transform them.
  - Published workflow versions are immutable. To change behaviour, publish a new version.
  - Conditional branches are unlimited in depth; keep flows readable for the next operator.
  - The cost model is pay-per-completed-module — adding a module that runs only conditionally only costs you on the branches that hit it.

Read the docs:
  - https://docs.didit.me/console/workflows
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/sessions-api/retrieve-session
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.