Um único fluxo de trabalho identifica todos os Beneficiários Finais de uma empresa cadastrada e executa um KYC completo para cada um. $0.33 por UBO, 500 verificações gratuitas por mês.
Robinhood Ventures
Confiado por mais de 2.000 organizações em todo o mundo.
O que KYB realmente significa
Os reguladores querem a pessoa física por trás de cada empresa cadastrada, não apenas o extrato do registro. A Didit consulta a entidade, percorre a cadeia de propriedade, executa um KYC de $0.33 em cada UBO e verifica a empresa e cada proprietário em mais de 1.300 listas AML. Um fluxo de trabalho, uma fatura, um pacote de auditoria. 500 verificações gratuitas por mês.
Escolha as verificações que você quer, ID, prova de vida, correspondência facial, sanções, endereço, idade, telefone, e-mail, perguntas personalizadas. Arraste-as para um fluxo no painel ou publique o mesmo fluxo em nossa API. Crie ramificações com base em condições, execute testes A/B, sem necessidade de código.
Incorpore nativamente com nossos SDKs Web, iOS, Android, React Native ou Flutter. Redirecione para uma página hospedada. Ou simplesmente envie um link ao seu usuário, por e-mail, SMS, WhatsApp, onde quiser. Escolha o que melhor se adapta à sua stack.
A Didit hospeda a câmera, as dicas de iluminação, a transição para dispositivos móveis e a acessibilidade. Enquanto o usuário está no fluxo, pontuamos mais de 200 sinais de fraude em tempo real e verificamos cada campo em relação a fontes de dados autorizadas. Resultado em menos de dois segundos.
Webhooks assinados em tempo real mantêm seu banco de dados sincronizado no momento em que um usuário é aprovado, recusado ou enviado para revisão. Consulte a API sob demanda. Ou abra o console para inspecionar cada sessão, cada sinal e gerenciar casos do seu jeito.
Didit · Business Verification
Didit · UBO discovery
Parent
Pool
J. Pérez
36%
L. Yáñez
30%
M. Soto
25%
Didit · Linked KYC
UBO 2 / 3
Verify L. Yáñez
Didit · Entity + Person AML
Didit · Ownership policy
Didit · Evidence pack
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "wf_ubo_kyc",
"vendor_data": "acme-trading::ubo::1",
"metadata": { "entity_id": "acme-trading", "ownership_pct": "36.0" }
}'entity_id.docs →$ curl https://verification.didit.me/v3/session/$SID/decision/ \
-H "x-api-key: $DIDIT_API_KEY"
# Retorna: evidência completa, documento,
# similaridade biométrica, ocorrências de AML,
# risco de dispositivo + IP, mais de 200 sinais,
# Assinatura HMAC no payload.diariamente. Sem endpoint secundário.docs →You are integrating Didit into an Ultimate Beneficial Owner (UBO) verification flow for an obliged entity (fintech, bank, EMI, payments PI, crypto exchange, marketplace, gaming operator). Three obligations on every onboarded company:
1. Pull the legal entity from the registry — name, officers, share capital, registered address, status.
2. Walk the ownership chain — surface every natural-person UBO above the 25% threshold (or whoever exercises control without ownership).
3. Know Your Customer (KYC) each UBO + screen the entity AND each UBO against 1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists.
Bundle pricing (live, verified 2026-05-16):
- User Verification (KYC) bundle: $0.33 per person (Sessions API call — ID + Liveness + Face Match + Device & IP + AML)
- AML Screening standalone: $0.20 per check on the entity, or bundled into each UBO KYC
- Ongoing AML Monitoring: $0.07 per person per year (automatic — no extra endpoint)
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
- Webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header.
- A workflow_id from the no-code Workflow Builder that bundles ID Verification + Passive Liveness + Face Match 1:1 + Device & IP Analysis + AML Screening.
- Business Verification (Know Your Business (KYB)) module enabled in the Business Console. KYB is the entry point — it returns the entity record + the discovered UBOs that drive the rest of the flow.
STEP 1 — Open the KYB record on the legal entity
Business Verification spawns the entity check, pulls officers + share capital + registered address from the local registry (220+ jurisdictions supported), runs entity AML on 1,300+ lists, and surfaces every natural-person UBO above your configured threshold (default 25%).
When the KYB completes, the response contains an array of discovered UBOs — name, date of birth, nationality, ownership percentage, role (direct shareholder, indirect via holding, control without ownership, nominee, senior-management fallback).
STEP 2 — Loop: open one KYC session per discovered UBO
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with KYC + AML modules>",
"vendor_data": "<your entity-id>::ubo::<ubo-index>",
"callback": "https://<your-app>/kyb/ubo/callback",
"metadata": {
"purpose": "ubo_verification",
"entity_id": "<your internal entity id>",
"ubo_name": "<full name as discovered>",
"ownership_pct": "<percent rounded to one decimal>"
}
}
Response: 201 Created with the hosted session URL. Send the UBO an email or text with the URL — they complete the verification on their phone, hosted by Didit, no app install. Sub-2-second median verdict.
STEP 3 — Read the signed webhook on each UBO KYC completion
Didit POSTs to your callback. Session statuses are Title Case With Spaces:
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<entity-id>::ubo::<ubo-index>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"ip_analysis": { "status": "Approved" },
"aml": { "status": "Approved", "hits": [] }
}
Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.
Aggregate at the entity level: the entity is onboarded only when EVERY UBO returns Approved AND the entity AML returns no blocking hit.
STEP 4 — Retrieve the full decision later
GET https://verification.didit.me/v3/session/{sessionId}/decision/
Headers:
x-api-key: <your api key>
Returns the full decision payload: document scan + extracted Machine-Readable Zone (MRZ), biometric similarity, AML hit list with source-watchlist references, device + IP risk signals, 200+ fraud signals, HMAC signature on the entire payload.
Use this to assemble the per-entity evidence pack a supervisor expects to see: registry extract + ownership chart + per-UBO decision + entity AML + signed timestamps.
STEP 5 — Ongoing AML monitoring is automatic
Every approved person (entity officer, UBO) is re-screened DAILY against the same 1,300+ lists. There is NO separate endpoint to call.
When a previously-approved UBO crosses an AML threshold:
- The session status changes to "In Review" or "Declined" automatically.
- A signed webhook fires with the new hits + a link back to the original onboarding evidence.
- A case opens in the Business Console for your compliance team.
- File a Suspicious Activity Report (SAR) directly from the case if your jurisdiction requires it.
Cost: $0.07 per person per year on heavy-volume accounts (single-digit dollars on a million-UBO base — orders of magnitude cheaper than a manual review queue).
WEBHOOK EVENT NAMES
- Sessions: status changes flow through the standard session webhook (verify X-Signature-V2).
- The KYB entity check fires the same webhook on completion.
CONSTRAINTS
- Session statuses use Title Case With Spaces (Approved, In Review). Never UPPER_SNAKE_CASE on a session.
- The 25% UBO threshold is a default; configure your own per workflow (some jurisdictions require 10% or 5% for high-risk client categories).
- When no person meets the threshold, the AML package allows you to fall back to a senior-management UBO — surface that explicitly in the metadata.
- Default record retention is 5 years post-relationship per the EU AML package (extensible up to 10 years per member-state guidance).
- 200+ fraud signals are evaluated on every KYC session at no extra cost — surface the score via the session decision payload, do not re-query.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/sessions-api/retrieve-session
- https://docs.didit.me/core-technology/aml-screening/overview
- https://docs.didit.me/core-technology/aml-screening/continuous-monitoring-aml-screening
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / mês. Não precisa de cartão de crédito.
Pague apenas pelo que usar. Mais de 25 módulos. Preços públicos por módulo, sem taxa mínima mensal.
MSA e SLA personalizados. Para grandes volumes e programas regulamentados.
Comece grátis → pague apenas quando uma verificação for executada → desbloqueie o Enterprise para um contrato personalizado, SLA ou residência de dados.
Didit is infrastructure for identity and fraud, the platform we wished existed when we were building products ourselves: open, flexible, and developer-friendly, so it works as a real part of your stack instead of a black box you integrate around.
One API covers verifying people (KYC, know your customer), verifying businesses (KYB, know your business), screening crypto wallets (KYT, know your transaction), and monitoring transactions in real time, on a stack built to be:
The footprint underneath: 14,000+ document types in 48+ languages, 1,000+ data sources, and 200+ fraud signals on every session. The Didit infrastructure dynamically learns from every session and gets better every day.
An Ultimate Beneficial Owner (UBO) is the natural person who ultimately owns or controls a company, not the company on the registry, not a holding entity in the middle of the chain, the actual human at the top.
The standard threshold in most jurisdictions is 25% direct or indirect ownership, or anyone who exercises control without ownership (board control, voting rights, signing authority). When no one clears the threshold, regulators expect you to fall back to a senior management UBO, typically the CEO or managing director.
The point of UBO discovery is to stop bad actors from hiding behind layers of holding companies. Your obliged entity owes a verified human for every company you onboard.
Almost every anti-money-laundering regime in the world. The current heavy-hitters:
The shape of the obligation is the same everywhere: identify the natural person behind the company, run identity and AML checks on each, refresh on a risk-based cadence.
The full flow normally takes under 30 seconds end-to-end, pick up the ID, snap the document, snap the selfie, done. That is the fastest in the market. Legacy KYC providers usually take more than 90 seconds for the same flow.
On the back end, Didit returns the result in under two seconds at p99, measured from the moment the user finishes the selfie to the moment your webhook fires. Mobile capture is tuned for slow phones and slow networks: progressive image compression, lazy software development kit load, and a one-tap hand-off from desktop to phone via QR code if the user starts on web.
The registry tells you the company exists, who the officers are, and what the share capital says, it does not tell you who actually controls the business.
Three gaps the registry won't close:
A proper UBO process walks the chain, surfaces every person above the threshold, and verifies each one. The registry is the entry point, not the answer.
Every session lands on one of seven clear statuses, so your code always knows what to do:
Approved, every check passed. Move the user forward.Declined, one or more checks failed. You can allow the user to resubmit the specific failed step (for example, re-take the selfie) without re-running the whole flow.In Review, flagged for compliance review. Open the case in the console, see every signal, decide approve or decline.In Progress, user is mid-flow.Not Started, link sent, user has not opened it yet. Send a reminder if it sits too long.Abandoned, user opened the link but did not finish in time. Re-engage or expire.Expired, the session link aged out. Create a new session.A signed webhook fires on every status change, so your database always stays in sync. Abandoned and declined sessions are free.
Production data is processed and stored in the European Union by default, on Amazon Web Services. Enterprise contracts can request alternative regions for jurisdictions whose regulators require it.
Encryption everywhere. AES-256 at rest across every database, object store, and backup. Transport Layer Security 1.3 in transit on every API call, webhook, and Business Console session. Biometric data is encrypted under a separate Customer Master Key.
Retention is yours to control. Default retention is indefinite (unlimited) unless you configure shorter, between 30 days and 10 years per application, and you can delete any individual session at any time from the dashboard or the API.
Certifications: SOC 2 Type 1 (Type 2 audit in progress), ISO/IEC 27001:2022, iBeta Level 1 PAD, and a public attestation from Spain''s Tesoro / SEPBLAC / CNMV that Didit''s remote identity verification is safer than verifying someone in person. Full report at /security-compliance.
Didit ships compliant by default for the regulators that matter to identity infrastructure:
Detailed memo, every certificate, every regulator letter: /security-compliance.
Three integration paths, pick whichever fits your stack:
Same dashboard, same billing, same pay-per-success price for all three. Step-by-step guide at docs.didit.me/integration/integration-prompt.
Each UBO completes the same hosted KYC flow your consumer customers run, opened from a link Didit returns when you create the session. No app install, no extra software for the UBO to deal with.
The flow runs on the UBO's phone:
Sub-two-second median verdict on entry-level Android. The signed result lands on your webhook with the same vendor_data reference you sent in, so wiring each UBO back to its parent entity is a one-line join.
Every approved UBO is re-screened daily against the same 1,300+ AML lists used at onboarding. There is no separate endpoint to call, it runs automatically on any session with AML enabled.
When a previously-approved UBO crosses an AML threshold:
In Review or Declined automaticallyCost on heavy-volume accounts is $0.07 per person per year, single-digit dollars for a base of tens of thousands of UBOs, orders of magnitude cheaper than the manual review queue most teams build around it.
One ZIP per onboarded entity, exportable from the Business Console or via the API. Each pack carries:
All evidence is stored in the European Union (EU data centres) and retained indefinitely while your subscription is active. Default record retention is 5 years post-relationship per the EU AML package, extensible up to 10 years if your supervisor asks for it.
Uma API para KYC, KYB, Monitoramento de Transações e Análise de Carteiras. Integre em 5 minutos.