Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Device & IP Analysis

Know the device.
Know the IP. On every session.

Device fingerprint, brand, model, browser, operating system (OS), platform — captured alongside the IP, geolocation, Virtual Private Network (VPN) / proxy / Tor, datacenter flag, and Duplicated-Device + Duplicated-IP rules. One inference. $0.03 per check, bundled into the $0.33 full KYC (know your customer). 500 free every month.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

200+ fraud signals

Device fingerprint. IP intelligence.
One $0.03 inference.

Every session returns the device brand, model, browser family, operating system, platform, and a stable device fingerprint — paired with full IP geolocation, network operator, Virtual Private Network (VPN) / proxy / Tor flag, datacenter flag, and the Duplicated-Device + Duplicated-IP rules. One call, 200+ signals, sub-2-second p99.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Create the workflow

    Pick the checks you want — ID, liveness, face match, sanctions, address, age, phone, email, custom questions. Drag them into a flow in the dashboard, or post the same flow to our API. Branch on conditions, run A/B tests, no code required.

  2. Step 02

    Integrate

    Embed natively with our Web, iOS, Android, React Native, or Flutter SDK. Redirect to a hosted page. Or just send your user a link — by email, SMS, WhatsApp, anywhere. Pick what fits your stack.

  3. Step 03

    User goes through the flow

    Didit hosts the camera, the lighting cues, the mobile hand-off, and accessibility. While the user is in the flow, we score 200+ fraud signals in real time and verify every field against authoritative data sources. Result in under two seconds.

  4. Step 04

    You receive the results

    Real-time signed webhooks keep your database in sync the moment a user is approved, declined, or sent to review. Poll the API on demand. Or open the console to inspect every session, every signal, and manage cases your way.

Built for developers · Built against fraud · Open by design

Six capabilities. One feature flag. IP_ANALYSIS.

Every capability below is a toggle on the same module. No upsell tiers, no separate SKUs, no add-on calls. Switch them on per workflow, or include the IP_ANALYSIS feature when you create the workflow.
Read the docsGet an API key
01 · Device fingerprint + browser, OS, platform

One device id that survives a cleared browser.

Every session ships back the device brand, device model, browser family, operating system (OS) family, platform (mobile or desktop), and a stable device fingerprint. The fingerprint persists across cleared cookies and incognito sessions, so the same device coming back under a new identity is matched on the `matches` array and surfaced as a Duplicated-Device warning.
02 · IP geolocation + network operator

The IP says Madrid. The ID says Madrid. The session passes.

Every IP resolves to country, country code (International Organization for Standardization 3166-1 alpha-2), region, city, latitude, longitude, internet service provider (ISP), and organization. We also return the distance in kilometres between the IP, the identity (ID) document address, and any proof-of-address document — Country mismatch fires a configurable warning you can route to manual review.
03 · Virtual Private Network (VPN), proxy, Tor

Catch the mask. Every connection, every session.

Multi-source intelligence flags Virtual Private Network (VPN), proxy, and The Onion Router (Tor) exit nodes the moment a masked connection lands. Tune the action per workflow — decline for high-value onboarding, route to review for ambiguous regions, approve for crypto users who default to a VPN by habit.
04 · Hosting and datacenter detection

Real users live in homes. Bots live in datacenters.

Every IP is enriched with network operator and organization. A datacenter flag fires for connections originating from Amazon Web Services (AWS), Hetzner, DigitalOcean, OVH, and every other hosting provider — the same signature automation, scrapers, and bulk-signup farms leave. Filter them out without touching residential traffic.
05 · Five rules. Three actions. Per application.

One console. Approve, Review, or Decline.

Every configurable rule — IP mismatch, Virtual Private Network (VPN) / proxy / Tor, Expected-IP mismatch, Duplicated IP, Duplicated Device — maps to Approve / Review / Decline in the console. Tune the policy per application, market, and workflow. Duplicated-Device + Duplicated-IP default to Approve — switch them on for marketplaces and iGaming, where the same person under multiple identities is the primary threat.
06 · Standalone or bundled

$0.03 alone. Free inside the $0.33 full KYC.

Run Device & IP Analysis as a session add-on at $0.03 per check when that is the only signal you need. Or bundle it into the $0.33 full KYC (know your customer) workflow — Identity (ID) Verification, Passive Liveness, Face Match 1:1, Device & IP Analysis — included at the bundle price. 500 verifications free every month, on every account, forever.
Integrate

One endpoint. Same JSON. Same price.

Device & IP Analysis runs inside a Didit session — there is no separate standalone API. The hosted UI captures the device fingerprint, brand, model, browser, operating system (OS), platform, and IP address automatically — no client-side Software Development Kit (SDK), no permission prompt. Pin an expected IP when you already know where the user should be coming from.
POST /v3/session/Auto-capture
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_ip_only",
    "vendor_data": "user-42"
  }'
201Created{ "session_url": "verify.didit.me/..." }
Didit captures ip_address and device_fingerprint on hosted UI load.docs →
POST /webhooks/diditStep 2 · Receive
// Your endpoint receives a signed payload
app.post("/webhooks/didit", (req, res) => {
  const sig = req.headers["x-signature-v2"];
  const expected = crypto.createHmac("sha256", SECRET)
    .update(req.rawBody).digest("hex");
  if (sig !== expected) return res.sendStatus(401);
  const { status, decision, vendor_data } = req.body;
  // status: Approved | Declined | In Review | ...
  res.sendStatus(200);
});
200OK{tI18n("webhookTypeStatusUpdatedStatusApproved")}
Real-time HMAC-signed webhook. Verify, parse, update your database.docs →
Agent-ready integration

Ship Device & IP Analysis in one prompt.

Paste the block below into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. Fill in the my_stack placeholder with your framework, language, and use case. The agent provisions Didit, creates the workflow, wires the webhook, and ships.
didit-integration-prompt.md
# Didit Device & IP Analysis — integrate in 5 minutes

You are integrating Didit's Device & IP Analysis (VPN, datacenter, Tor, geolocation,
device intelligence) module into <my_stack>. Follow these steps exactly.
Every URL, header, and enum value below is canonical — do not paraphrase
or "improve" them.

## 1. Provision an account
- Sign up: https://business.didit.me (no credit card required).
- Or provision programmatically: POST https://apx.didit.me/auth/v2/programmatic/register/
  (returns an API key bound to the workspace + application).

## 2. Integration path — Workflow Builder (session-only)

Device & IP Analysis runs inside a Didit session — there is no standalone
POST /v3/ip-analysis/ endpoint. The IP and device fingerprint are
captured automatically when the user lands on the hosted UI, so you
do not collect or send them yourself.

1. Create a workflow that includes the IP_ANALYSIS feature:
   POST https://verification.didit.me/v3/workflows/
   Authorization header:  x-api-key: <your-api-key>
   Body: workflow_label, features array including
         { feature: "IP_ANALYSIS" }   (UPPERCASE — strict enum)
   Combine with ID_VERIFICATION, LIVENESS, FACE_MATCH in the same
   workflow for the full $0.33 Know Your Customer (KYC) bundle (Device & IP Analysis is included).

2. (Optional) Configure per-warning actions in the console for the
   application — pick Decline, Review, or Approve for each of
   PRIVATE_NETWORK_DETECTED, COUNTRY_FROM_DOCUMENT_DOES_NOT_MATCH_COUNTRY_FROM_IP,
   EXPECTED_IP_ADDRESS_MISMATCH, DUPLICATED_IP_ADDRESS,
   DUPLICATED_DEVICE_FINGERPRINT.

3. (Optional) Pin an expected IP per session: pass expected_ip_address
   in the POST /v3/session/ body if you already know where the user
   should be (for example: their last known login IP).

4. Create a verification session for an end user:
   POST https://verification.didit.me/v3/session/
   Body: workflow_id (from step 1), vendor_data (your own user id),
         optional expected_ip_address.
   Response: session_url — redirect the user to it.

5. Listen for webhook callbacks (see "Webhooks" below).

## 3. Webhooks
- Register a webhook destination once via
  POST https://verification.didit.me/v3/webhook/destinations/
  Body: url, subscribed_events: ["session.verified", "session.review_started",
                                  "session.declined"]
- Response includes secret_shared_key — store it.
- Every webhook delivery carries an X-Signature-V2 header you MUST verify
  before trusting the payload.  HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature.Algorithm:
    1. sortKeys(payload) recursively
    2. shortenFloats (truncate trailing zeros after the decimal point)
    3. JSON.stringify the result
    4. HMAC-SHA256 with the secret_shared_key
    5. Hex-encode, compare to the X-Signature-V2 header.

## 4. Reading the report
The session decision payload contains an ip_analysis object with:
- status: "Approved" | "Declined" | "In Review" | "Not Finished"
- ip_address, ip_country, ip_country_code, ip_state, ip_city
- latitude, longitude, time_zone, time_zone_offset
- isp, organization
- is_vpn_or_tor (boolean) — fires the PRIVATE_NETWORK_DETECTED warning
- is_data_center (boolean) — hosting/datacenter origin
- device_brand, device_model, browser_family, os_family, platform
  (mobile or desktop)
- locations_info with ip, id_document, poa_document blocks — each
  carries a location object plus distance_from_* fields in kilometres
- matches array — cross-session matches on ip_address or
  device_fingerprint when the same value appears under a different
  vendor_data
- warnings array — each entry has risk, log_type,
  short_description, long_description

Auto-decline risks (always enforced by Didit, not configurable):
- IP_ADDRESS_IN_BLOCKLIST
- DEVICE_FINGERPRINT_IN_BLOCKLIST

Configurable risks (action per workflow — Decline, Review, or Approve):
- PRIVATE_NETWORK_DETECTED (VPN, proxy, Tor)
- COUNTRY_FROM_DOCUMENT_DOES_NOT_MATCH_COUNTRY_FROM_IP
- EXPECTED_IP_ADDRESS_MISMATCH
- DUPLICATED_IP_ADDRESS (default: Approve)
- DUPLICATED_DEVICE_FINGERPRINT (default: Approve)

## 5. Hard rules — do not change
- Base URL for /v3/* endpoints is verification.didit.me (NOT apx.didit.me).
- Feature enum is UPPERCASE: IP_ANALYSIS, ID_VERIFICATION, LIVENESS, FACE_MATCH, AML.
- Auth header is x-api-key (lowercase, hyphenated).
- Webhook signature header is X-Signature-V2 (NOT X-Signature).
- Always verify webhook signatures before trusting payload data.
- Status casing matches exactly: "Approved", "Declined", "In Review",
  "Not Finished" (title-cased, space-separated).
- Always pass vendor_data (your own user id). Without it, every session
  is treated as a unique user and DUPLICATED_IP_ADDRESS /
  DUPLICATED_DEVICE_FINGERPRINT noise rises sharply.

## 6. Pricing reference (public)
- IP_ANALYSIS as a session add-on: $0.03 per check
- Bundled in a full KYC workflow (ID_VERIFICATION + LIVENESS +
  FACE_MATCH + IP_ANALYSIS): $0.33 per session — Device & IP Analysis is
  already included at the bundle price.
- 500 free checks every month, forever, on every account.

## 7. Verify your integration
- Sandbox starts on signup at https://business.didit.me — no separate flag.
- Test IPs: deterministic synthetic responses returned in sandbox (Approved
  by default; trigger PRIVATE_NETWORK_DETECTED by using a known VPN exit IP
  on the verification device).
- Switch to live: flip the application's environment toggle in console.

When in doubt: https://docs.didit.me/core-technology/ip-analysis/overview
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

Proof numbers

Proof numbers
  • $0.00
    Per Device & IP Analysis check on a session.
  • 0+
    Device + IP fraud signals scored on every session.
  • <0s
    End-to-end p99 inference per session.
  • 0
    Verifications free every month. Forever.
Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related modules

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page