Установите двенадцать открытых навыков агента Didit в Cursor, Claude Code, Codex или OpenCode одной командой `npx`. Задайте вопрос агенту на простом английском. Он напишет код и вызовет действующий API.
Доверяют более 2000 организаций по всему миру.
Почему навыки, а не документы
Передайте Cursor вкладку документации, и он изобретет конечные точки и переведет перечисления статусов в нижний регистр. Передайте ему навык Didit, и каждая строка будет указывать на реальный API — заблокированная конечная точка, заблокированные заголовки, сгенерированный обработчик подписанных веб-хуков. Одна команда `npx`.
Запустите `npx skills add didit-protocol/skills` в вашем проекте. CLI обнаруживает Cursor, Claude Code, Codex или OpenCode и помещает каждый навык в нужную папку. Установите только один с `--skill didit-face-match`.
Либо получите его за 60 секунд на [business.didit.me](https://business.didit.me) и `export DIDIT_API_KEY=…`, либо позвольте агенту зарегистрироваться программно — `POST /programmatic/register/`, затем `verify-email/`, и ключ вернется в ответе. Браузер не требуется.
*«Добавьте Didit KYC в мой процесс регистрации».* *«Проверьте этого пользователя по спискам AML».* Агент считывает соответствующий навык, пишет код и подключает обработчик подписанных веб-хуков. Правильно с первой попытки — без переключения вкладок документации.
Didit размещает камеру, захват документов, селфи, передачу на мобильное устройство. Менее 30 секунд для пользователя. Вердикт менее чем за 2 секунды на вашем веб-хуке, подписанный `X-Signature-V2`, чтобы вы могли ему доверять.
Didit · Каталог
Didit · npx install
Didit · Хосты
Didit · Какие навыки блокируются
Didit · Настройка
Didit · github.com/didit-protocol/skills
В каждом навыке
Три пути установки
$ npx skills add didit-protocol/skills
✓ 12 навыков установлено
# or just one
$ npx skills add didit-protocol/skills \
--skill didit-face-match
# set the api key
$ export DIDIT_API_KEY="sk_live_..."$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "$DIDIT_WORKFLOW_ID",
"vendor_data": "user-42",
"callback_url": "https://app/cb"
}'You are installing the Didit Agent Skills into this project and wiring the first verification session against the live https://verification.didit.me/v3/ API. After this prompt, the project should pass identity verification — Know Your Customer (KYC), Anti-Money Laundering (AML) screening, document Optical Character Recognition (OCR) — through Didit.
Didit ships twelve open-source Agent Skills at https://github.com/didit-protocol/skills and follows the open standard at https://agentskills.io. The CLI auto-detects whether you are running inside Cursor, Claude Code, Codex, or OpenCode and drops the skills into the right folder.
PRE-REQUISITES
- A Didit API key (DIDIT_API_KEY). Either issued from https://business.didit.me, or self-registered by the agent via POST /programmatic/register/ + POST /programmatic/verify-email/ (no browser needed).
- A workflow_id from the Workflow Builder that bundles ID Verification + Passive Liveness + Face Match + IP Analysis + AML — or just use the didit-kyc-onboarding skill below to create one programmatically.
- A webhook endpoint that verifies the X-Signature-V2 header with HMAC-SHA256 on the raw body bytes (do NOT re-serialise the parsed JSON; the signature will not match).
STEP 1 — Install the skills
Recommended:
npx skills add didit-protocol/skills
This installs all twelve skills. To install only one:
npx skills add didit-protocol/skills --skill didit-face-match
Or git clone the repo and copy what you need:
git clone https://github.com/didit-protocol/skills.git
cp -r skills/didit-kyc-onboarding .claude/skills/
cp -r skills/didit-id-document-verification .claude/skills/
The twelve skills:
- didit-verification-management : the hub. Account, sessions, workflows, billing, blocklist, webhook config. 45+ endpoints
- didit-kyc-onboarding : full KYC recipe (ID + selfie + face match) in one call
- didit-id-document-verification : passports, ID cards, driver's licences. OCR, MRZ, NFC. 4,000+ documents, 220+ countries
- didit-liveness-detection : 99.9%-accurate liveness from a single selfie
- didit-face-match : compare two faces, get a 0–100 score
- didit-face-search : 1:N face search for deduplication and blocklists
- didit-biometric-age-estimation : estimate age from a selfie
- didit-email-verification : email OTP, detects breached / disposable / undeliverable
- didit-phone-verification : phone OTP via SMS, WhatsApp, or Telegram. Catches VoIP
- didit-aml-screening : 1,300+ sanctions, PEP, adverse-media lists. Dual-score risk
- didit-proof-of-address : utility bills, bank statements. OCR + geocoding
- didit-database-validation : government databases across 18 countries
STEP 2 — Set the environment
Every skill reads DIDIT_API_KEY. Session-based skills also expect DIDIT_WORKFLOW_ID. Signed-webhook handlers expect DIDIT_WEBHOOK_SECRET.
export DIDIT_API_KEY="<your api key>"
export DIDIT_WORKFLOW_ID="<your workflow id>" # optional
export DIDIT_WEBHOOK_SECRET="<your secret>" # optional
Programmatic alternative (no browser):
curl -X POST https://apx.didit.me/auth/v2/programmatic/register/ \
-H "Content-Type: application/json" \
-d '{"email": "dev@example.com", "password": "MyStr0ng!Pass"}'
# check the email, get the 6-char code, then:
curl -X POST https://apx.didit.me/auth/v2/programmatic/verify-email/ \
-H "Content-Type: application/json" \
-d '{"email": "dev@example.com", "code": "<code>"}'
# response includes api_key — export it as DIDIT_API_KEY.
STEP 3 — Create a verification session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: $DIDIT_API_KEY
Content-Type: application/json
Body:
{
"workflow_id": "$DIDIT_WORKFLOW_ID",
"vendor_data": "<your user id, max 256 chars>",
"callback_url": "https://<your-app>/kyc/callback",
"metadata": { "source": "agent-skill" }
}
Response: 201 Created. The hosted session URL is on the `url` field. Redirect the user, or send them the link by email / SMS / WhatsApp. Sub-2-second p99 verdict on completion.
STEP 4 — Read the signed webhook
Didit POSTs to your callback. KYC session statuses are Title Case With Spaces.
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your user id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"aml": { "status": "Approved", "hits": [] }
}
Full enum:
Approved | Declined | In Review | In Progress | Not Started | Abandoned | Expired | Resubmitted | Awaiting User | Not Finished
Verify X-Signature-V2 BEFORE parsing the body — HMAC-SHA256 of the raw bytes with your webhook secret. Re-serialising the parsed body changes whitespace and key order and the signature will not match.
STEP 5 — Read the decision on demand
GET https://verification.didit.me/v3/session/{sessionId}/decision/
Headers:
x-api-key: $DIDIT_API_KEY
Returns the full decision payload — id_verification, liveness, face, ip_analysis, aml. Use this whenever the agent needs to confirm the user's status before allowing an action. Never trust client-supplied "I'm verified" flags.
STEP 6 — Branch on status
Approved → continue
Declined → block, surface decision_reason_code, allow resubmit of the failed step
In Review → wait for the analyst webhook; don't block forever
Resubmitted → user re-took a failed step; new verdict is coming
Awaiting User → user hasn't completed the flow; nudge with a reminder
Expired → create a new session
Abandoned and Declined sessions are NOT billed.
STEP 7 — Optional: ongoing AML monitoring
If AML monitoring is enabled on the workflow ($0.07 per user per year), Didit fires status.updated whenever the user lands on a new sanctions / PEP / adverse-media list. No extra endpoint to call.
WEBHOOK EVENT NAMES
- status.updated : KYC or KYB session status changed
- data.updated : session data corrected after creation
- user.status.updated : User entity changed status (Active, Flagged, Blocked)
- user.data.updated : User entity counters, metadata, or aggregate fields changed
- activity.created : timeline activity recorded
Verify X-Signature-V2 on every payload. The webhook secret is per-environment — sandbox is separate from production.
CONSTRAINTS
- KYC session statuses use Title Case With Spaces (Approved, In Review). Do NOT transform them to UPPER_SNAKE_CASE — that casing is for Know Your Business (KYB) sessions and Transaction Monitoring, not KYC.
- HMAC verification runs against the RAW request body bytes. Never re-serialise the parsed JSON.
- Bundle price is $0.30 (ID + Liveness + Face Match + IP Analysis). AML adds $0.20. 500 verifications free every month, forever.
- Default record retention is unlimited unless you configure it shorter (30 days to 10 years per application).
Read the docs:
- https://docs.didit.me/getting-started/agent-skills
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/sessions-api/retrieve-session
- https://docs.didit.me/integration/webhooks
Skills repo:
- https://github.com/didit-protocol/skills
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / месяц. Кредитная карта не требуется.
Платите только за то, что используете. Более 25 модулей. Публичные цены за модуль, без ежемесячной минимальной платы.
Индивидуальные MSA и SLA. Для больших объемов и регулируемых программ.
Начните бесплатно → платите только при выполнении проверки → разблокируйте Enterprise для индивидуального контракта, SLA или хранения данных.
Единый API для KYC, KYB, мониторинга транзакций и проверки кошельков. Интеграция за 5 минут.