Desenhe qualquer fluxo de verificação num canvas. Arraste, largue, crie ramificações, faça testes A/B e ative qualquer um dos mais de 25 módulos com um clique. Gratuito em todos os planos.
Robinhood Ventures
Confiado por mais de 2.000 organizações em todo o mundo.
Construtor de fluxos de trabalho sem código
Ative qualquer módulo com um clique. Editor visual para KYC (conheça o seu cliente), KYB (conheça o seu negócio), AML (combate ao branqueamento de capitais) e fluxos de monitorização. Teste A/B em produção. Gratuito, sem custos por fluxo de trabalho.
Escolha as verificações que pretende, ID, prova de vida, correspondência facial, sanções, morada, idade, telefone, e-mail, perguntas personalizadas. Arraste-as para um fluxo no dashboard, ou publique o mesmo fluxo na nossa API. Crie ramificações com base em condições, execute testes A/B, sem necessidade de código.
Incorpore nativamente com o nosso SDK para Web, iOS, Android, React Native ou Flutter. Redirecione para uma página alojada. Ou simplesmente envie um link ao seu utilizador, por e-mail, SMS, WhatsApp, onde quiser. Escolha o que melhor se adapta à sua stack.
A Didit aloja a câmara, as indicações de iluminação, a transição móvel e a acessibilidade. Enquanto o utilizador está no fluxo, pontuamos mais de 200 sinais de fraude em tempo real e verificamos cada campo contra fontes de dados autorizadas. Resultado em menos de dois segundos.
Webhooks assinados em tempo real mantêm a sua base de dados sincronizada no momento em que um utilizador é aprovado, recusado ou enviado para revisão. Consulte a API a pedido. Ou abra a consola para inspecionar cada sessão, cada sinal e gerir os casos à sua maneira.
Drag-drop · smart-connect · keyboard shortcuts
Feature
Branch
Action
Status
Toggle any of 25+ modules · pay per success
Modules
New module shipped
Workflow surcharge
Dev · Staging · Production · isolated keys
Applications
Per application
Exportable
Split traffic · live conversion telemetry
Completion rate
Completion rate
Routes on country · risk · doc type · age
{ "workflow_id": "wf_3daf4c64", "session_id": "sess_8a2f9c10", "status": "verified", "vendor_data": "user-42", "version": 3, Destinations: unlimited}$ curl -X POST https://verification.didit.me/v3/workflows/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"workflow_label": "Standard KYC",
"features": [
{ "feature": "OCR" },
{ "feature": "LIVENESS" },
{ "feature": "FACE_MATCH" }
]
}'$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "wf_3daf4c64",
"vendor_data": "user-42"
}'# Didit Workflow Orchestrator — integrate in 5 minutes
You are wiring the Didit Workflow Orchestrator into <my_stack>. Follow
these steps exactly. Every URL, header, and enum value below is
canonical — do not paraphrase or "improve" them.
Workflows are versioned JSON documents that string together any subset
of Didit's 25+ verification modules:
- Feature nodes (Optical Character Recognition (OCR), LIVENESS, FACE_MATCH, Anti-Money Laundering (AML), Near Field Communication (NFC), IP, QUESTIONNAIRE,
PROOF_OF_ADDRESS, DATABASE_VALIDATION, AGE_ESTIMATION, EMAIL_VERIFICATION,
PHONE_VERIFICATION)
- Branch nodes (route by country, risk score, document type, age, ...)
- Action nodes (add tag, set metadata, route to manual review)
- Status nodes (APPROVED, DECLINED, IN_REVIEW)
## 1. Provision an account
- Sign up: https://business.didit.me (no credit card required).
- Or provision programmatically: POST https://apx.didit.me/auth/v2/programmatic/register/
## 2. Two ways to build a workflow — pick one
### Path A — Visual canvas (recommended for humans)
1. Open https://docs.didit.me/console/workflows.
2. Pick Simple Mode for a template-based build (Know Your Customer (KYC), Age Verification,
Biometric Auth, Address, Questionnaire) or Advanced Mode for the
node-based graph builder.
3. Drag feature nodes onto the canvas. Connect handles with the smart-
connect cursor. Drop branch nodes between features to route on data.
4. Click Publish. The published workflow's UUID is your workflow_id.
### Path B — Management API (recommended for AI agents)
Programmatically create a linear workflow with the simple v3 features
array — Didit converts it into a node-based graph internally.
POST https://verification.didit.me/v3/workflows/
Headers:
x-api-key: <your-api-key>
Content-Type: application/json
Body:
{
"workflow_label": "Standard KYC",
"features": [
{
"feature": "OCR",
"config": {
"documents_allowed": {},
"duplicated_user_action": "REVIEW"
}
},
{ "feature": "LIVENESS", "config": { "face_liveness_method": "PASSIVE" } },
{ "feature": "FACE_MATCH" },
{ "feature": "AML" }
]
}
Hard rules for POST /v3/workflows/:
- features[].feature values are UPPERCASE strict enum:
OCR, LIVENESS, FACE_MATCH, AML, NFC, IP, QUESTIONNAIRE,
PROOF_OF_ADDRESS, DATABASE_VALIDATION, AGE_ESTIMATION,
EMAIL_VERIFICATION, PHONE_VERIFICATION
- Put dependency features first. OCR before FACE_MATCH, NFC,
DATABASE_VALIDATION, or user-AML checks that depend on document
data. LIVENESS before FACE_MATCH.
- For QUESTIONNAIRE features, create the questionnaire first via
POST /v3/questionnaires/ and use the returned questionnaire_id as
config.questionnaire_uuid.
- The endpoint supports linear workflows only. To add branches,
actions, webhooks, or conditional routing, edit the published
workflow in the canvas.
- Save the returned workflow uuid — that is your workflow_id for
creating sessions, and your settings_uuid for future updates.
Reference for every config field per feature:
https://docs.didit.me/management-api/workflows/feature-configs
## 3. Use the workflow in a session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your-api-key>
Content-Type: application/json
Body:
{
"workflow_id": "<uuid from step 2>",
"vendor_data": "user-42"
}
Response includes a session_url. Redirect the user there. The hosted
Didit UI handles capture UX, mobile handoff, accessibility, retries,
and webhook delivery on completion.
## 4. Webhooks
Register one webhook destination per workspace:
POST https://verification.didit.me/v3/webhook/destinations/
Body: { "url": "https://yourapp.com/didit/webhooks",
"events": ["session.verified", "session.review_started",
"session.declined", "session.expired"] }
Every delivery carries an X-Signature-V2 Hash-based Message Authentication
Code (HMAC) header. HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature.Verify before trusting the payload:
signature = hmac_sha256(secret, raw_body).hex()
if signature != request.headers["X-Signature-V2"]:
return 401
Retries use exponential backoff over 24 hours. The Console shows every
delivery, retry, and signature verification result.
## 5. Workflow versioning
Workflows support draft / publish versioning. Drafts are fully editable.
Publishing creates an immutable version that new sessions will use.
Sessions always reference the specific version they were created with,
so behaviour stays consistent even after you publish updates. Previous
versions are preserved and inspectable via the Management API.
## 6. Multi-app management
Each workspace can host multiple applications — typically Development,
Staging, Production. Each application carries its own API key, its own
workflows, and its own webhook destinations. Promote a published
workflow from Staging to Production by re-publishing in the target app
or by exporting and re-importing the workflow JSON.
## 7. A/B testing
Split traffic across two published workflow variants from inside the
canvas. Configure a percentage split, route by user cohort, ramp a new
module to 5% before going to 100%. Conversion metrics surface on the
workflow analytics view at https://docs.didit.me/console/analytics.
## 8. Hard rules — do not change
- Base URL stays https://verification.didit.me (NOT apx.didit.me).
- Auth header stays x-api-key (lowercase, hyphenated).
- Webhook signature header stays X-Signature-V2 (NOT X-Signature).
- Feature enum is UPPERCASE strict — OCR, LIVENESS, FACE_MATCH, AML,
NFC, IP, QUESTIONNAIRE, PROOF_OF_ADDRESS, DATABASE_VALIDATION,
AGE_ESTIMATION, EMAIL_VERIFICATION, PHONE_VERIFICATION.
- Session status casing stays "Approved" / "Declined" / "In Review" /
"Expired" / "Not Finished" (mixed case on session statuses,
UPPERCASE_SNAKE on transaction and case statuses).
## 9. Pricing reference
The Workflow Orchestrator itself is FREE on every plan — no per-workflow
fee, no per-seat fee, unlimited workflows. You pay only for the modules
that run inside the workflow at the published per-success rates on
https://didit.me/pricing.
500 free verifications every month, forever, on every account.
## 10. Verify your integration
1. Create a sandbox API key at https://business.didit.me.
2. POST /v3/workflows/ with the Standard KYC body above. Save the uuid.
3. POST /v3/session/ with that workflow_id. Open the session_url in a
browser and complete the flow with the sandbox test fixtures.
4. Confirm the session.verified webhook fires and X-Signature-V2 verifies.
5. Open the workflow in the canvas — verify the linear feature array
was converted into the expected node graph.
Done. The Workflow Orchestrator is live. Reach out to support@didit.me
with the workspace id if you hit a wall.$0 / mês. Não é necessário cartão de crédito.
Pague apenas pelo que usa. Mais de 25 módulos. Preços públicos por módulo, sem taxa mínima mensal.
MSA e SLA personalizados. Para grandes volumes e programas regulados.
Comece grátis → pague apenas quando uma verificação for executada → desbloqueie o Enterprise para um contrato personalizado, SLA ou residência de dados.
Didit is infrastructure for identity and fraud, the platform we wished existed when we were building products ourselves: open, flexible, and developer-friendly, so it works as a real part of your stack instead of a black box you integrate around.
One API covers verifying people (KYC, know your customer), verifying businesses (KYB, know your business), screening crypto wallets (KYT, know your transaction), and monitoring transactions in real time, on a stack built to be:
The footprint underneath: 14,000+ document types in 48+ languages, 1,000+ data sources, and 200+ fraud signals on every session. The Didit infrastructure dynamically learns from every session and gets better every day.
The Workflow Orchestrator is the visual no-code builder behind every Didit verification. Drag-and-drop feature nodes (Identity Document Verification, Liveness, Face Match, Anti-Money Laundering (AML), Near-Field Communication (NFC), Phone, Email, Questionnaire, Proof of Address, Database Validation, Internet Protocol (IP), Age Estimation), drop branch nodes that route on country / risk / age / document type, add action nodes (tag, set metadata, route to manual review), close with status nodes (Approved, Declined, In Review).
Conditional branching, nested decisions, A/B testing, draft/publish versioning, one-click module activation across 25+ modules.
Free on every plan. You pay only the per-module rates on the modules a session actually runs. Full reference: docs.didit.me/console/workflows.
Free on every plan. No per-workflow fee, no per-seat fee, unlimited workflows, unlimited published versions, unlimited A/B variants, unlimited webhook destinations.
You pay only the module per-success rates on didit.me/pricing:
$0.15 per check.$0.10. Face Match, $0.05. Internet Protocol (IP) Analysis, $0.03.$0.20. Wallet Screening, $0.15 per check.The full flow normally takes under 30 seconds end-to-end, pick up the ID, snap the document, snap the selfie, done. That is the fastest in the market. Legacy KYC providers usually take more than 90 seconds for the same flow.
On the back end, Didit returns the result in under two seconds at p99, measured from the moment the user finishes the selfie to the moment your webhook fires. Mobile capture is tuned for slow phones and slow networks: progressive image compression, lazy software development kit load, and a one-tap hand-off from desktop to phone via QR code if the user starts on web.
Yes, POST /v3/workflows/ with a features array in the order users should complete the checks.
Didit converts the array into a node-based graph internally and adds the final status node automatically. The endpoint supports linear workflows only, for branches, actions, and webhook nodes, edit the published workflow in the canvas.
Feature enum values are strict UPPERCASE: OCR (Optical Character Recognition, drives Identity Document Verification), LIVENESS, FACE_MATCH, AML, NFC, IP, QUESTIONNAIRE, PROOF_OF_ADDRESS, DATABASE_VALIDATION, AGE_ESTIMATION, EMAIL_VERIFICATION, PHONE_VERIFICATION.
Use the returned workflow uuid as workflow_id on POST /v3/session/. Full per-feature config reference: docs.didit.me/management-api/workflows/feature-configs.
Every session lands on one of seven clear statuses, so your code always knows what to do:
Approved, every check passed. Move the user forward.Declined, one or more checks failed. You can allow the user to resubmit the specific failed step (for example, re-take the selfie) without re-running the whole flow.In Review, flagged for compliance review. Open the case in the console, see every signal, decide approve or decline.In Progress, user is mid-flow.Not Started, link sent, user has not opened it yet. Send a reminder if it sits too long.Abandoned, user opened the link but did not finish in time. Re-engage or expire.Expired, the session link aged out. Create a new session.A signed webhook fires on every status change, so your database always stays in sync. Abandoned and declined sessions are free.
Production data is processed and stored in the European Union by default, on Amazon Web Services. Enterprise contracts can request alternative regions for jurisdictions whose regulators require it.
Encryption everywhere. AES-256 at rest across every database, object store, and backup. Transport Layer Security 1.3 in transit on every API call, webhook, and Business Console session. Biometric data is encrypted under a separate Customer Master Key.
Retention is yours to control. Default retention is indefinite (unlimited) unless you configure shorter, between 30 days and 10 years per application, and you can delete any individual session at any time from the dashboard or the API.
Certifications: SOC 2 Type 1 (Type 2 audit in progress), ISO/IEC 27001:2022, iBeta Level 1 PAD, and a public attestation from Spain''s Tesoro / SEPBLAC / CNMV that Didit''s remote identity verification is safer than verifying someone in person. Full report at /security-compliance.
Didit ships compliant by default for the regulators that matter to identity infrastructure:
Detailed memo, every certificate, every regulator letter: /security-compliance.
Three integration paths, pick whichever fits your stack:
Same dashboard, same billing, same pay-per-success price for all three. Step-by-step guide at docs.didit.me/integration/integration-prompt.
Uma API para KYC, KYB, Monitorização de Transações e Rastreio de Carteiras. Integre em 5 minutos.