Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
iGaming · Responsible gaming

Age, identity, and self-exclusion in one safer session.

18+ age gate, ID Verification, self-exclusion register cross-check, AML on deposits — UKGC, MGA, Curaçao audit-friendly. ~$0.40 per player onboarding.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

A cinematic dark abstract iGaming-responsible-gaming stack illustration — four floating translucent glass panels in 3D perspective on pure black, threaded by a luminous Didit Blue line and framed by four glowing scanner brackets. Each panel carries a small pale-white abstract motif (face oval with age arc, dice cube, roulette wheel circle, shield with stop bar).

What regulators demand

Verify the player. Check self-exclusion. Monitor every deposit.

Every regulated operator owes a hard 18+ gate, a self-exclusion register cross-check, AML on threshold deposits, and biometric re-auth on withdrawals. Didit ships them as one workflow at ~$0.40 per player + $0.02 per deposit. 500 verifications free every month.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Create the workflow

    Pick the checks you want — ID, liveness, face match, sanctions, address, age, phone, email, custom questions. Drag them into a flow in the dashboard, or post the same flow to our API. Branch on conditions, run A/B tests, no code required.

  2. Step 02

    Integrate

    Embed natively with our Web, iOS, Android, React Native, or Flutter SDK. Redirect to a hosted page. Or just send your user a link — by email, SMS, WhatsApp, anywhere. Pick what fits your stack.

  3. Step 03

    User goes through the flow

    Didit hosts the camera, the lighting cues, the mobile hand-off, and accessibility. While the user is in the flow, we score 200+ fraud signals in real time and verify every field against authoritative data sources. Result in under two seconds.

  4. Step 04

    You receive the results

    Real-time signed webhooks keep your database in sync the moment a user is approved, declined, or sent to review. Poll the API on demand. Or open the console to inspect every session, every signal, and manage cases your way.

Built for regulated operators · Priced like infrastructure

Six checks. Two API calls. $0.40 per player.

Responsible-gaming compliance isn't a single check — it's a recipe. Toggle each module per regulator, swap the rule bundle per market, run the same workflow across UKGC, MGA, Curaçao, SIGAP, and ANJ.
Read the docsGet an API key
01 · 18+ age gate

Cheapest path: Age Estimation first.

Age Estimation at $0.10 runs on every signup. Confident 18+ users pass; borderline (16-21) escalate to ID Verification at $0.15. Only the borderline cohort pays more — keeps the average per-player cost low.
Age Estimation module
02 · Self-exclusion check

Cross-check the register on every signup.

Face Search 1:N (free) against your self-exclusion index and, where the regulator participates, the national register (UK GAMSTOP, Spain RIGA, Italy RUA, Brazil Programa Jogo Responsável). A self-excluded player re-applying with a new name + new email is flagged in under 200ms.
Face Search 1:N module
03 · AML on deposits

Screen depositors above threshold.

AML Screening on deposits above the operator-configured threshold (£/€/$ amount). 1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists in 14 languages, refreshed daily. $0.20 per check.
AML Screening module
04 · Deposit limits + loss caps

Real-time limits per player tier.

Transaction Monitoring rule engine enforces daily / weekly / monthly deposit limits and loss caps in real time at $0.02 per call. Player-set self-imposed limits are honoured first; regulator-mandated caps override. Edit rules in the no-code Workflow Builder without redeploying.
Transaction Monitoring module
05 · Withdrawal re-auth

Face check on every withdrawal.

Biometric Authentication runs Face Match against the player's enrolment selfie at $0.10 per auth. Blocks an account takeover from cashing out — same primitive powers account-settings-change and dormancy re-auth.
Biometric Authentication module
06 · Audit pack per regulator

UKGC, MGA, Curaçao, SIGAP, ANJ.

Per-regulator export templates ship in the Business Console — identity evidence, AML hits, self-exclusion checks, deposit log, withdrawal re-auth — all in one bundle, retained for 5 years per the regulator's requirement.
Industry — Gambling & iGaming
Integrate

One session for onboarding. One transaction call per deposit.

Open the onboarding session. Read the signed verdict. Post every deposit + withdrawal to /v3/transactions/.
POST /v3/session/Onboard
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_igaming_onboard",
    "vendor_data": "player-91",
    "metadata": { "regulator": "UKGC" }
  }'
201Created{ "session_url": "verify.didit.me/..." }
Block account creation until the webhook says status: Approved.docs →
POST /v3/transactions/Deposit
$ curl -X POST https://verification.didit.me/v3/transactions/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -d '{
    "transaction_id": "deposit-991",
    "transaction_details": { "direction": "INBOUND", "amount": "150.00", "currency": "GBP", "currency_kind": "fiat" },
    "subject": { "vendor_data": "player-91", "full_name": "Jamie Example" },
    "counterparty": { "full_name": "Player deposit" }
  }'
201Createdstatus APPROVED · IN_REVIEW · DECLINED · AWAITING_USER
Rule engine enforces limits + AML in real time. $0.02 per call.docs →
Agent-ready integration

Ship responsible gaming in one prompt.

Paste into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. Fill in your stack. The agent builds the onboarding workflow, wires the deposit-monitoring call, enrols ongoing AML, and adds the withdrawal re-auth.
didit-integration-prompt.md
You are integrating Didit into a regulated iGaming / sports-betting operator (UK Gambling Commission, Malta Gaming Authority, Curaçao, SIGAP, ANJ). Three obligations on every player and every deposit:

  - Onboarding: 18+ age gate, ID Verification, self-exclusion register cross-check.
  - Deposits: AML on above-threshold deposits, real-time deposit limits + loss caps.
  - Withdrawals + sensitive actions: biometric re-auth against the enrolment selfie.

Recommended recipe + pricing (verified live):
  - Onboarding session: $0.10 Age Estimation + $0.15 ID Verification + $0.10 Passive Liveness + $0.05 Face Match 1:1 + $0.20 AML (above threshold). Face Search 1:N against self-exclusion register: free. Average ~$0.40 per player.
  - Per-deposit / per-withdrawal transaction: $0.02 per call to Transaction Monitoring (rule engine + limits).
  - AML re-screening on flagged transactions: $0.20 per check.
  - Biometric re-auth on withdrawal: $0.10 per auth.
  - First 500 verifications free every month, forever.

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60s, no card).
  - Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header.
 HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature.  - A workflow_id from the Workflow Builder that bundles Age Estimation + ID Verification + Passive Liveness + Face Match 1:1 + Face Search 1:N (against your self-exclusion index) + AML Screening.
  - A self-exclusion index loaded into the Didit Face Search 1:N — your own banned-players list at minimum; GAMSTOP / RIGA / equivalent national register where the regulator participates.
  - Transaction Monitoring enabled in the Business Console with the rule bundle for sports-betting or online-casino seeded.

STEP 1 — Open the onboarding session at signup

  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<wf id with age gate + ID + AML + Face Search self-exclusion>",
      "vendor_data": "<your player id, max 256 chars>",
      "callback": "https://<your-app>/igaming/onboarding/callback",
      "metadata": {
        "regulator": "UKGC",
        "license_class": "remote_casino_betting",
        "min_age": 18
      }
    }

  Response: 201 Created with the hosted session URL. Redirect the player. Sub-2-second median verdict on completion.

STEP 2 — Read the signed webhook on the onboarding verdict

  Didit POSTs to your callback. Session statuses are Title Case With Spaces:

  Body (excerpted):
    {
      "session_id": "<uuid>",
      "vendor_data": "<your player id>",
      "status": "Approved",
      "age_estimation": { "estimated_age": 27, "confidence": 0.92 },
      "id_verification": { "status": "Approved", "dob": "1997-03-12" },
      "face": { "status": "Approved", "similarity_score": 0.94 },
      "face_search": { "status": "Approved", "matches": [] },
      "aml": { "status": "Approved", "hits": [] }
    }

  Session status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

  Verify the X-Signature-V2 header BEFORE reading the body.

STEP 3 — Branch on the onboarding verdict

  Approved + 18+    → unlock the player account.
  Approved + Face Search hit on self-exclusion → block, log to compliance, surface support resources.
  Declined          → block, log AML hit detail.
  In Review         → hold the account, route to ops queue.

STEP 4 — Monitor every deposit + withdrawal

  POST https://verification.didit.me/v3/transactions/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "transaction_id": "<your deposit reference>",
      "transaction_category": "finance",
      "transaction_details": {
        "direction": "INBOUND",
        "amount": "150.00",
        "currency": "GBP",
        "currency_kind": "fiat",
        "action_type": "deposit"
      },
      "subject": {
        "entity_type": "individual",
        "vendor_data": "<your player id>",
        "full_name": "<player full name>"
      },
      "counterparty": {
        "entity_type": "individual",
        "full_name": "Player deposit"
      }
    }

  Response: status APPROVED | IN_REVIEW | DECLINED | AWAITING_USER. Rule engine evaluates against deposit limits, loss caps, velocity thresholds, and Reasonable-Affordability triggers in real time.

STEP 5 — Biometric re-auth on withdrawal

  Open a re-auth session before processing a withdrawal:

  POST https://verification.didit.me/v3/session/
  Body:
    {
      "workflow_id": "<wf id with Liveness + Face Match against enrolment selfie>",
      "vendor_data": "<your player id>",
      "metadata": { "trigger": "withdrawal", "withdrawal_amount": "500.00" }
    }

  Block the withdrawal until status: Approved with similarity above your threshold (default 0.85).

STEP 6 — Ongoing AML monitoring on the active player base

  Every Approved player is automatically re-screened DAILY by Didit's continuous AML monitoring at $0.07 per player per year. The same session webhook fires when the verdict flips.

WEBHOOK EVENT NAMES
  - Sessions: status changes flow through the standard session webhook.
  - Transactions: transaction.created · transaction.updated · transaction.status.changed · transaction.alert.generated.

  Verify X-Signature-V2 on every payload.

CONSTRAINTS
  - Session statuses use Title Case With Spaces (Approved, In Review). Transaction statuses use UPPER_SNAKE_CASE (APPROVED, IN_REVIEW, DECLINED, AWAITING_USER). They live in different APIs — don't mix them in the same code path.
  - Self-exclusion cross-check must happen BEFORE the player can deposit — a post-deposit check is useful for audit but creates a refund obligation.
  - Default audit retention is 5 years post-relationship per the UK Gambling Commission / Malta Gaming Authority requirements; configure per workflow in the Business Console.
  - 200+ fraud signals are evaluated on every onboarding session at no extra cost.

Read the docs:
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/transaction-monitoring/overview
  - https://docs.didit.me/core-technology/aml-screening/overview
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

Proof numbers

Proof numbers
  • ~$0.40
    Per player onboarded — age gate + ID + AML + self-exclusion check.
  • $0.00
    Per deposit / withdrawal monitored via Transaction Monitoring.
  • <0ms
    Per Face Search 1:N lookup against your self-exclusion index.
  • 0
    Free verifications every month, on every account.
Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related modules + workflows

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page