Ruka hadi maudhui makuu
Didit Yakusanya $2M na Kujiunga na Y Combinator (W26)
Didit
Waendelezaji

Njia bora ya kuunganisha
utambulisho na udanganyifu.

Fungua "sandbox", bandika curl moja, na uwasilishe ndani ya dakika 5. Nyaraka za umma, Software Development Kits (SDKs) tano, na seva ya Model Context Protocol (MCP) ili wakala wa kuweka msimbo wa Artificial Intelligence (AI) aweze kuunganisha Didit kwa ajili yako. $0.33 kwa kila ukaguzi kamili wa KYC, 500 bila malipo kila mwezi.

Fungua "sandbox"Soma nyaraka
Inaungwa mkono na
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Inaaminika na mashirika 2,000+ duniani kote.

Anza haraka

Kutoka sifuri hadi kuthibitishwa ndani ya dakika tano.

Hatua tano kutoka kujisajili hadi mtumiaji wa kwanza aliyethibitishwa. Kila hatua inaunganisha njia ya Business Console na njia ya Application Programming Interface (API) iliyopangwa. Au ruka kila hatua — bandika kidokezo cha ujumuishaji kwenye docs.didit.me/integration/integration-prompt kwenye wakala wako wa kuweka msimbo wa AI.
01 · Jisajili

Fungua akaunti yako ya Didit.

  • Katika Business Console: jisajili kwenye business.didit.me chini ya sekunde sitini — hakuna kadi, hakuna lango la mauzo.
  • Kwa Application Programming Interface (API): piga POST https://apx.didit.me/auth/v2/programmatic/register/, kisha POST .../verify-email/.

Njia yoyote inakuacha na ufunguo wa API wa "sandbox" — umbo sawa na uzalishaji, kila moduli imefunguliwa.

API ya Usajili wa Programu
Ufunguo wa API wa uzalishaji
Moja kwa moja
didit_sk_live_8f4c2a…9bf3

Imetolewa sasa hivi — hakuna kadi, hakuna mkataba, hakuna simu.

  • Hakuna kiwango cha chini
  • Hakuna mkataba
  • 500 bila malipo / mwezi
  • Sanduku la mchanga wazi
02 · Jenga mtiririko wa kazi

Chagua moduli. Tengeneza mtiririko wa kazi.

  • Katika Business Console: buruta na udondoshe moduli kwenye Workflow Builder — Uthibitishaji wa Hati ya Utambulisho, Passive Liveness, Face Match, Kupambana na Utakatishaji Fedha Haramu (AML), Uchunguzi wa Wallet, Uchambuzi wa Internet Protocol (IP), na nyingine 19.
  • Kwa API: piga POST /v3/workflows/ kwenye verification.didit.me na moduli unazotaka.

Njia yoyote inarudisha workflow_id utakayopitisha kwenye kila kikao.

Unda API ya Mtiririko wa Kazi
Mchakato wa kazikyc-onboarding-v3
Nchi 220+
  • ID Verification
  • Passive Liveness
  • Face Match 1:1
  • AML Screening
  • Device & IP Analysis
  • Uthibitisho wa Anwani
  • Usomaji wa NFC
  • Uthibitishaji wa Simu
  • Uchunguzi wa Wallet
  • Dodoso Maalum
+ Moduli 15 zaidi · Vyanzo vya data 1,000+$0.33/session
03 · Sajili webhook

Sanidi mahali pa webhook moja kwa kila uamuzi.

  • Katika Business Console: ongeza Uniform Resource Locator (URL) yako ya webhook, chagua matukio, na unakili siri ya kusaini Didit inazalisha.
  • Kwa API: piga POST /v3/webhook/destinations/ na label, url, na subscribed_events. Jibu linarudisha secret_shared_key Didit inatumia kusaini kila utoaji.
Unda API ya Mahali pa Webhook
REST · OpenAPI 3
docs.didit.me
  • POST/v3/session/
  • GET/v3/session/{id}/decision/
  • PATCH/v3/session/{id}/update-status/
  • GET/v3/session/{id}/generate-pdf
  • POST/v3/lists/{id}/entries/face-upload/
  • POST/v3/transactions/

Kila sehemu ya mwisho wazi · kila webhook iliyotiwa saini ya HMAC.

04 · Unganisha kwenye programu yako

Unda kipindi — Kifaa cha Kuendeleza Programu (SDK) au API ya moja kwa moja.

  • Na Software Development Kit (SDK): dondosha SDK asili kwa Web, iOS, Android, React Native, au Flutter — mkataba sawa wa /v3/ chini.
  • Kwa API: piga POST /v3/session/ na workflow_id na thamani ya vendor_data (kitambulisho chako cha mtumiaji).

Jibu linakupa URL ya uthibitishaji ya kuelekeza au kupachika kwenye programu yako.

Angalia SDKs
POSThttps://verification.didit.me/v3/session/
curl
$ curl -X POST /v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "3daf4c64-...",
    "vendor_data": "u_42",
    "callback": "https://acme.com/callback"
  }'
201Imeundwa
{ "session_id": "4c5c7f3a-...", "url": "verify.didit.me/..." }
05 · Pokea uamuzi

Sikiliza kwenye webhook — au piga kura.

  • Webhook ya wakati halisi: sehemu yako ya mwisho huwaka kwa kila mabadiliko ya hali. Soma status ("Imeidhinishwa", "Imekataliwa", "Inakaguliwa", "Imewasilishwa Upya", …), sasisha hifadhidata yako, tuma.
  • Kwa kupiga kura: piga GET /v3/session/:session_id/decision/ kwa malipo sawa — muhimu wakati mfumo wako hauwezi kukubali trafiki inayoingia.

Kamba za hali ni sahihi na zinazingatia herufi kubwa na ndogo. Mashine kamili ya hali inapatikana katika docs.didit.me/integration/verification-statuses.

Hali za Uthibitishaji
Matukio
live
  • session.verified2.4s ago200 OK
  • session.review_started12s ago200 OK
  • session.aml_hit1m ago200 OK
  • session.declined3m ago200 OK
Jenga na Didit

Kila sehemu, ya umma. Hakuna simu za mauzo.

Soma nyaraka, piga simu Application Programming Interface (API), unganisha kwenye seva ya Model Context Protocol (MCP), bandika kidokezo cha ujumuishaji, au tuma ujuzi wa wakala uliotengenezwa tayari — yote ya umma, yote bila malipo.
Nyaraka

Pata kila moduli, kituo, na webhook.

Anza haraka

Tuma mtiririko wa KYC kwa dakika 5.

Marejeleo ya API

Soma vipimo vya OpenAPI 3.1.

SDKs

Pachika kwenye Wavuti, iOS, Android, React Native, au Flutter.

Webhooks

Pokea matukio yaliyotiwa saini ya HMAC kwenye kila mabadiliko ya hali.

Hali za uthibitishaji

Soma mashine kamili ya hali ya kikao.

Kidokezo cha ujumuishaji

Bandika kidokezo kimoja. Tuma ujumuishaji wa KYC.

Seva ya MCP

Chomeka Didit kwenye mteja yeyote wa MCP.

Ujuzi wa Wakala

Uthibitishaji uliotengenezwa tayari, AML, na ujuzi wa KYB.

Ujumuishaji wa dakika tano

Curl moja. SDK tano.

Anzisha kipindi cha uthibitishaji kwa curl moja, au weka mtiririko kwenye Wavuti, iOS, Android, React Native, au Flutter — mkataba uleule wa /v3/ chini.
POSThttps://verification.didit.me/v3/session/
curl
$ curl -X POST /v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "3daf4c64-...",
    "vendor_data": "u_42",
    "callback": "https://acme.com/callback"
  }'
201Imeundwa
{ "session_id": "4c5c7f3a-...", "url": "verify.didit.me/..." }
Webv1.4.0iOSv3.0.1Androidv2.6.2
React Nativev1.8.0Flutterv1.3.4
Kwa waendelezaji · Kwa mawakala wa AI · Fungua kwa muundo

Imejengwa kwa waendelezaji na mawakala wa AI.

Unganisha ukaguzi wa utambulisho na udanganyifu wa Didit na Application Programming Interface (API) moja. Fungua "sandbox", soma nyaraka za umma, unganisha kwenye seva ya Model Context Protocol (MCP), au vuta Software Development Kit (SDK) kwa stack yoyote. Waendelezaji huwasilisha mchana; mawakala wa kuweka msimbo wa AI huwasilisha kwa kidokezo kimoja — hakuna UI, hakuna binadamu katika mzunguko, hakuna simu ya mauzo, hakuna viwango vya chini.
Soma nyarakaPata ufunguo wa API
01 · API Moja

API Moja kwa utambulisho na udanganyifu.

Application Programming Interface (API) moja inashughulikia kila ukaguzi wa utambulisho na udanganyifu — Mjue Mteja Wako (KYC), Mjue Biashara Yako (KYB), Kupambana na Utakatishaji Fedha Haramu (AML), ufuatiliaji wa miamala, ulinganishaji wa kibayometriki. Ufunguo uleule, injini ya mtiririko wa kazi ileile, inaweza kuunganishwa katika kipindi kimoja — hakuna kazi ya ziada ya kuunganisha kati ya bidhaa.
Soma nyaraka za API
POSThttps://verification.didit.me/v3/session/
curl
$ curl -X POST /v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "3daf4c64-...",
    "vendor_data": "u_42",
    "callback": "https://acme.com/callback"
  }'
201Imeundwa
{ "session_id": "4c5c7f3a-...", "url": "verify.didit.me/..." }
02 · Asili ya Wakala

Unganisha katika kidokezo kimoja.

Seva yetu ya Model Context Protocol (MCP) iko hewani na ujuzi wa wakala umechapishwa. Muulize Claude Code, Codex, au Cursor kuunganisha Didit — wakala huunda nafasi ya kazi, husanidi mtiririko wa kazi, na kutuma simu ya kwanza ya API yenyewe. Hakuna dashibodi, hakuna binadamu, hakuna tiketi ya usaidizi.
Soma kidokezo cha ujumuishaji
promptdidit-integration.md
# Integrate Didit into my application

You are integrating Didit — infrastructure for identity and fraud — into my application end-to-end. Didit ships KYC, KYB, AML screening, biometric verification, transaction monitoring, and wallet screening behind one API. 220+ countries, 14,000+ document types, 48+ languages. Pay-per-call from $0.33, 500 free verifications per core feature per month, no minimums, no contract.

## My application context

<my_stack>
Stack: [framework + language — e.g. Next.js 15 + TypeScript, Django, Rails, Go]
Surface: [web | iOS | Android | React Native | Flutter | backend-only]
Use case: [KYC at signup | KYB at business onboarding | age gate | re-auth | transaction monitoring | other]
Database: [Postgres | MySQL | Mongo | other]
</my_stack>

## Step 1 — Create the Didit account programmatically

Two API calls. No browser. No 2FA. Returns an `api_key` you use for every subsequent request.

```bash
# 1) Register — creates org + app + emails a 6-character code
curl -X POST https://apx.didit.me/auth/v2/programmatic/register/   -H "Content-Type: application/json"   -d '{"email": "dev@example.com", "password": "StrongP@ss1"}'

# 2) Verify email with the code from the inbox — returns api_key
curl -X POST https://apx.didit.me/auth/v2/programmatic/verify-email/   -H "Content-Type: application/json"   -d '{"email": "dev@example.com", "code": "A3K9F2"}'
# Response.application.api_key — save this
```

Persist the returned `api_key` as the env var `DIDIT_API_KEY`. Auth header for every Didit call:
`x-api-key: $DIDIT_API_KEY`

## Base URLs

| Surface | Base URL |
|---|---|
| Every `/v3/...` endpoint (sessions, workflows, lists, billing, webhook destinations, entities, transactions, standalone APIs) | `https://verification.didit.me` |
| Auth / programmatic registration (`/auth/v2/programmatic/...`) | `https://apx.didit.me` |
| Console (human UI) | `https://business.didit.me` |
| Hosted verification URL handed to end users | `https://verify.didit.me` |
| Docs (cross-check anything) | `https://docs.didit.me` |
| OpenAPI spec (machine-readable, server is `https://verification.didit.me`) | `https://docs.didit.me/openapi-25.json` |

## Step 2 — Choose the integration approach

Pick exactly one, based on my use case:

- **Approach A — Sessions API + SDK (recommended for any end-user verification flow).** My backend creates a Didit session → my frontend opens the Didit-hosted verification UI (via SDK / iframe / redirect) → user completes verification → my backend receives a webhook with the decision. Best for KYC at signup, KYB at business onboarding, age verification, re-auth. Didit-hosted flows are A/B-tested and convert higher than custom UIs.
- **Approach B — Standalone APIs (server-to-server only).** My backend calls individual modules directly (`/v3/id-verification/`, `/v3/aml/`, `/v3/face-match/`, etc.) for batch jobs or fully custom UI. Best for back-office verification pipelines.

If unsure, default to Approach A.

## Step 3 — Create or reuse a workflow

A workflow defines which modules run during a session. Create one via API (or `https://business.didit.me` → Workflows → Create).

```bash
# List existing workflows
curl https://verification.didit.me/v3/workflows/   -H "x-api-key: $DIDIT_API_KEY"

# Create a new KYC workflow — features are UPPERCASE enum values, each an object with optional `config`
curl -X POST https://verification.didit.me/v3/workflows/   -H "x-api-key: $DIDIT_API_KEY"   -H "Content-Type: application/json"   -d '{
    "workflow_label": "Standard KYC",
    "features": [
      { "feature": "OCR" },
      { "feature": "LIVENESS", "config": { "face_liveness_method": "PASSIVE" } },
      { "feature": "FACE_MATCH" },
      { "feature": "IP_ANALYSIS" }
    ]
  }'
# Response.uuid — save as DIDIT_WORKFLOW_ID
```

Feature enum values (UPPERCASE, source: `management-api/workflows/feature-configs.mdx`):
- **KYC features:** `OCR`, `NFC`, `LIVENESS`, `FACE_MATCH`, `AGE_ESTIMATION`, `PHONE_VERIFICATION`, `EMAIL_VERIFICATION`, `DATABASE_VALIDATION`, `AML`, `IP_ANALYSIS`, `PROOF_OF_ADDRESS`, `QUESTIONNAIRE`.
- **KYB features:** `KYB_REGISTRY`, `KYB_DOCUMENTS`, `KYB_KEY_PEOPLE` (each plus AML / DATABASE_VALIDATION as needed).

For a KYB workflow set `"workflow_type": "kyb"` (default is KYC). A workflow is locked to its type at creation; create separate workflows per kind.

## Step 4 — Install the SDK that matches my stack

| Stack | Package | Install |
|---|---|---|
| Web (React, Vue, Next.js, Nuxt, Svelte, vanilla JS) | `@didit-protocol/sdk-web` | `npm install @didit-protocol/sdk-web` |
| iOS (Swift / SwiftUI) | `didit-sdk-ios` | SPM: `https://github.com/didit-protocol/didit-sdk-ios` |
| Android (Kotlin / Jetpack Compose) | `me.didit:didit-sdk` | Maven |
| React Native (Expo or bare) | `@didit-protocol/sdk-react-native` | `npm install @didit-protocol/sdk-react-native` |
| Flutter | `didit_sdk` | `flutter pub add didit_sdk` |
| Backend-only / batch / custom UI | none — call REST directly | — |

Always prefer native iOS / Android SDKs over WebView on mobile (NFC + camera + biometrics work natively).

## Step 5 — Create a session and present it to the user

**Backend creates the session:**

```bash
curl -X POST https://verification.didit.me/v3/session/   -H "x-api-key: $DIDIT_API_KEY"   -H "Content-Type: application/json"   -d '{
    "workflow_id": "'"$DIDIT_WORKFLOW_ID"'",
    "vendor_data": "internal-user-id",
    "callback": "https://myapp.com/done"
  }'
```

Response (201 Created):
```json
{
  "session_id": "4c5c7f3a-...",
  "session_token": "eyJ...",
  "url": "https://verify.didit.me/session/...",
  "status": "Not Started",
  "session_kind": "user",
  "workflow_id": "...",
  "vendor_data": "internal-user-id"
}
```

`vendor_data` is **my internal user ID** — Didit links the session to a User entity (auto-created if new). For KYB workflows it links to a Business entity.

Optional create-session field: `callback_method` (`"initiator"` | `"completer"` | `"both"`, default `"initiator"`) — controls which side of a cross-device flow receives the `callback` redirect. Useful when the verification opens on a phone after a desktop start.

**Frontend presents the verification (pick one):**

| Pattern | Code |
|---|---|
| Web JS SDK (modal) | `import { DiditSdk } from "@didit-protocol/sdk-web"; DiditSdk.shared.startVerification({ url })` |
| Iframe (embedded) | `<iframe src={url} allow="camera; microphone; fullscreen; autoplay; encrypted-media" />` |
| Redirect (cross-device) | `window.location.href = url` |
| iOS / Android / RN / Flutter | `DiditSdk.startVerification(token: session_token)` |

## Step 6 — Set up the webhook to receive results

Build `POST /api/webhooks/didit` in my backend.

**Register the webhook destination once:**

```bash
curl -X POST https://verification.didit.me/v3/webhook/destinations/   -H "x-api-key: $DIDIT_API_KEY"   -H "Content-Type: application/json"   -d '{
    "url": "https://myapp.com/api/webhooks/didit",
    "label": "production",
    "subscribed_events": ["status.updated", "data.updated"]
  }'
```

Response includes `secret_shared_key` — save as `DIDIT_WEBHOOK_SECRET`.

**Cloudflare / restrictive firewall users:** allowlist `18.203.201.92` — Didit webhooks egress from this single IP.

**Three signature headers** ship on every webhook. Verify **one** — `X-Signature-V2` is recommended because it survives JSON middleware re-encoding:

| Header | What it signs | When to use |
|---|---|---|
| `X-Signature-V2` ★ recommended | `JSON.stringify(sortKeys(shortenFloats(parsed_body)))` with unescaped Unicode | Default — works through Express / Django / FastAPI / Next.js body parsers |
| `X-Signature` | The raw request bytes verbatim | Only if you can guarantee no middleware re-encodes the body |
| `X-Signature-Simple` | `"{timestamp}:{session_id}:{status}:{webhook_type}"` | Fallback when nothing else works — does NOT verify the `decision` payload, so only use as a hint |

**Endpoint requirements (in order):**

1. Parse JSON (V2 is parser-tolerant; you can use any framework's default body parser).
2. Read headers: `X-Signature-V2` (HMAC-SHA256 hex), `X-Timestamp` (Unix seconds).
3. Reject if `abs(now - X-Timestamp) > 300` (replay protection).
4. Apply `shortenFloats` (whole-number floats → integers), then `sortKeys` (recursive lexicographic), then `JSON.stringify` (unescaped Unicode — default).
5. Compute `expected = HMAC-SHA256(DIDIT_WEBHOOK_SECRET, canonical_json, "utf8")`.
6. Compare with `X-Signature-V2` using constant-time comparison (`hmac.compare_digest` in Python, `crypto.timingSafeEqual` in Node).
7. Dispatch on `webhook_type`. Return `200` immediately even if processing is async — Didit retries 5xx/404 twice (~1 min, ~4 min).

**Node.js / Next.js App Router example (canonical V2):**

```ts
import crypto from "node:crypto";

// Server-side normalisation: convert whole-number floats to integers.
function shortenFloats(v: unknown): unknown {
  if (Array.isArray(v)) return v.map(shortenFloats);
  if (v && typeof v === "object") {
    return Object.fromEntries(
      Object.entries(v as Record<string, unknown>).map(([k, x]) => [k, shortenFloats(x)])
    );
  }
  if (typeof v === "number" && !Number.isInteger(v) && v % 1 === 0) return Math.trunc(v);
  return v;
}

// Recursively sort object keys (arrays preserved in order).
function sortKeys(v: unknown): unknown {
  if (Array.isArray(v)) return v.map(sortKeys);
  if (v && typeof v === "object") {
    return Object.keys(v as object)
      .sort()
      .reduce<Record<string, unknown>>((acc, k) => {
        acc[k] = sortKeys((v as Record<string, unknown>)[k]);
        return acc;
      }, {});
  }
  return v;
}

export async function POST(req: Request) {
  const raw = await req.text();
  const sig = req.headers.get("x-signature-v2") ?? "";
  const ts = Number(req.headers.get("x-timestamp"));
  if (!ts || Math.abs(Date.now() / 1000 - ts) > 300)
    return new Response("stale", { status: 401 });

  const parsed = JSON.parse(raw);
  const canonical = JSON.stringify(sortKeys(shortenFloats(parsed)));
  const expected = crypto
    .createHmac("sha256", process.env.DIDIT_WEBHOOK_SECRET!)
    .update(canonical, "utf8")
    .digest("hex");
  if (
    sig.length !== expected.length ||
    !crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(sig))
  )
    return new Response("bad sig", { status: 401 });

  // parsed.webhook_type → dispatch …
  return new Response("ok");
}
```

**Webhook event types:** `status.updated`, `data.updated`, `user.status.updated`, `user.data.updated`, `business.status.updated`, `business.data.updated`, `activity.created`, `transaction.created`, `transaction.status.updated`.

**Webhook body shape:**
```json
{
  "session_id": "uuid",
  "status": "Not Started | In Progress | Awaiting User | In Review | Approved | Declined | Resubmitted | Abandoned | Expired | Kyc Expired",
  "webhook_type": "status.updated",
  "timestamp": 1627680000,
  "workflow_id": "uuid",
  "vendor_data": "internal-user-id",
  "metadata": { "any": "json" },
  "decision": { /* present when Approved / Declined / In Review; absent on Expired / Abandoned / Not Started */ }
}
```

The `decision` object holds per-module **plural arrays** (V3 schema — each entry keyed by its `node_id` in the workflow):
- `id_verifications[]`: first_name, last_name, document_type, document_number, date_of_birth, nationality, expiration_date, issuing_state, address, parsed_address, mrz, front_image_quality_score, back_image_quality_score, warnings[]
- `nfc_verifications[]`: status, document_type, mrz, signature_status, chip_data
- `liveness_checks[]`: status, score (0–1), method ("passive" | "active"), reference_image
- `face_matches[]`: status, score (0–100), source_image, target_image, warnings[]
- `phone_verifications[]`: status, phone_number, carrier, is_disposable, is_virtual
- `email_verifications[]`: status, email, is_breached, is_disposable, is_undeliverable, breaches[]
- `poa_verifications[]`: status, document_type, issuer, poa_address, poa_parsed_address, issue_date, expiration_date
- `aml_screenings[]`: status, total_hits, hits[] (pep_matches, sanction_matches, warning_matches, adverse_media_matches), entity_type ("person" | "company")
- `ip_analyses[]`: status, ip_address, country, vpn, proxy, tor, hosting, risk_score
- `database_validations[]`: status, provider, match_type, fields_matched
- `questionnaire_responses`: nullable object keyed by question_id → answer

V2 → V3 migration note: V2 used singular keys (`aml`, `phone`, `email`, `poa`). V3 renamed them to plural arrays so a single workflow can run the same module multiple times on different nodes — index by `node_id`.

## Step 7 — Apply the decision to my database

```ts
switch (event.status) {
  case "Approved":       user.verified = true; user.verifiedAt = new Date(); storeDecision(event.decision); break;
  case "Declined":       user.verificationStatus = "declined"; logWarnings(event.decision); break;
  case "In Review":      user.verificationStatus = "pending_review"; break;
  case "In Progress":    user.verificationStatus = "in_progress"; break;
  case "Awaiting User":  user.verificationStatus = "awaiting_user"; break; // KYB only — waiting for a UBO / officer KYC sub-session
  case "Resubmitted":    user.verificationStatus = "resubmitted"; break; // reviewer asked the user to retry
  case "Abandoned":      scheduleReminderEmail(user); break;
  case "Expired":        break; // session URL aged out before the user finished
  case "Kyc Expired":    user.verified = false; createNewSession(user); break; // verified user's KYC has aged out per retention policy
  case "Not Started":    break;
}
```

Idempotency:
- Session webhooks: dedupe on `session_id + webhook_type + timestamp`.
- Transaction webhooks (`transaction.created`, `transaction.status.updated`): dedupe on the `event_id` field — multiple events can target the same transaction.

Didit retries 5xx/404 twice (~1 min, ~4 min after the prior failure). Return 200 even if processing is async.

## Module catalogue (use whichever ones match my use case)

| Module | Endpoint | Price | Free tier |
|---|---|---|---|
| Core KYC bundle (ID + Liveness + Face Match + IP) | session w/ workflow | **$0.33** | 500/mo (per feature) |
| ID Verification (standalone) | `POST /v3/id-verification/` | $0.20 | 500/mo |
| Passive Liveness (standalone) | `POST /v3/passive-liveness/` | $0.05 | 500/mo |
| Active Liveness | session-only | $0.15 | — |
| Face Match 1:1 | `POST /v3/face-match/` | $0.05 | 500/mo |
| Face Search 1:N | `POST /v3/face-search/` | $0.05 | — |
| Age Estimation | `POST /v3/age-estimation/` | $0.10 | — |
| AML Screening | `POST /v3/aml/` | $0.20 | — |
| Ongoing AML Monitoring | org-level continuous (per active user/yr) | $0.07 / user / year | — |
| Database Validation (gov registries) | `POST /v3/database-validation/` | variable | — |
| Proof of Address | `POST /v3/poa/` | $0.20 | — |
| Email Verification | `POST /v3/email/send/` + `POST /v3/email/check/` | $0.03 | — |
| Phone Verification (SMS / WhatsApp / voice / RCS / Telegram) | `POST /v3/phone/send/` + `POST /v3/phone/check/` | $0.04 + carrier | — |
| NFC Verification (native SDKs only) | session module | $0.15 | — |
| Biometric Authentication (re-auth) | session module | $0.10 | — |
| Device & IP Analysis | session module | $0.03 | — |
| Custom Questionnaire | session module | $0.10 | — |
| Business Verification (KYB) | `POST /v3/session/` w/ KYB workflow | $2.00 | — |
| Company AML Screening | KYB module | $0.20 | — |
| Person AML (per UBO / officer) | KYB module | $0.20 | — |
| Transaction Screening (rule engine) | `POST /v3/transactions/` | $0.02 / tx | — |
| AML Transaction Screening (counterparty sanctions + on-chain wallet risk) | inside `/v3/transactions/` | $0.15 / tx | — |
| Reusable KYC (share verified user across partners) | session feature | Free | — |
| White Label | workflow option | $0.20 | — |

## Operational APIs your code should know

| Action | Endpoint |
|---|---|
| Read full decision JSON | `GET /v3/session/{id}/decision/` |
| List sessions (filter by status, workflow, vendor_data, date) | `GET /v3/sessions` |
| Manually approve / decline / request review | `PATCH /v3/session/{id}/update-status/` |
| Patch metadata or extracted data | `PATCH /v3/session/{id}/update-data/` |
| Download compliance PDF | `GET /v3/session/{id}/generate-pdf` |
| Delete a session (GDPR / cleanup) | `DELETE /v3/session/{id}/delete/` |
| Share session with a partner (Reusable KYC) | `POST /v3/session/{id}/share/` |
| Submit a transaction for monitoring | `POST /v3/transactions/` |
| List / create lists (blocklist, allowlist, custom) | `GET/POST /v3/lists/` |
| Add entry to a list | `POST /v3/lists/{id}/entries/` |
| Upload a face image to a blocklist | `POST /v3/lists/{id}/entries/face-upload/` |
| Check credit balance | `GET /v3/billing/balance/` |
| Top up credits (returns Stripe checkout URL) | `POST /v3/billing/top-up/` |
| List / update / delete vendor users | `GET/PATCH /v3/users/`, `/v3/users/{vendor_data}/` |
| List / update / delete vendor businesses | `GET/PATCH /v3/businesses/` |

Every `/v3/...` endpoint above is served from `https://verification.didit.me` (the canonical OpenAPI server) and authenticates with `x-api-key`. Auth/registration is the only surface on `https://apx.didit.me`.

## Best-practice checklist before you mark this done

- [ ] `DIDIT_API_KEY`, `DIDIT_WORKFLOW_ID`, `DIDIT_WEBHOOK_SECRET` in env. Never committed.
- [ ] Backend route that creates a session for a given user, returns `url` (the hosted verification URL on `verify.didit.me`) and the `session_id`.
- [ ] Frontend that opens the session `url` via the right SDK / iframe / redirect for my stack.
- [ ] Webhook endpoint with: `X-Timestamp` freshness check (≤ 300s), canonical-V2 JSON re-serialisation (`shortenFloats` → `sortKeys` → unescaped `JSON.stringify`) HMAC-SHA256, constant-time compare against `X-Signature-V2`, dispatch on `webhook_type`, return 200.
- [ ] DB schema + update logic for `status in (Not Started, In Progress, Awaiting User, In Review, Approved, Declined, Resubmitted, Abandoned, Expired, Kyc Expired)`.
- [ ] Idempotent webhook handler (dedupe on `session_id + webhook_type`).
- [ ] No API key shipped to the browser. The session creation is server-side only.
- [ ] User-facing consent / disclosure shown BEFORE the session `url` opens (Didit handles biometric consent inside its flow but the legal layer outside is the integrator's responsibility).
- [ ] (Optional) `/v3/session/{id}/generate-pdf` surfaced in compliance UI.

## When you need more detail

- API root: `https://verification.didit.me/v3/` (everything `/v3/`). Auth only: `https://apx.didit.me/auth/v2/programmatic/register/`.
- Sessions overview: `https://docs.didit.me/sessions-api/overview`
- Standalone APIs index: `https://docs.didit.me/standalone-apis/id-verification`
- Programmatic registration: `https://docs.didit.me/integration/programmatic-registration`
- AI agent / MCP integration: `https://docs.didit.me/integration/ai-agent-integration`
- Webhooks reference: `https://docs.didit.me/integration/webhooks`
- SDKs overview: `https://docs.didit.me/integration/sdks`
- Full OpenAPI 3 spec: `https://docs.didit.me/openapi-25.json`
- MCP server config (drop into `.cursor/mcp.json`, `claude_desktop_config.json`, or equivalent):

```json
{
  "mcpServers": {
    "didit": {
      "command": "npx",
      "args": ["@didit-protocol/mcp-server"],
      "env": { "DIDIT_API_KEY": "your_api_key" }
    }
  }
}
```

The MCP server exposes 40+ tools spanning auth, sessions, workflows, questionnaires, users, billing, blocklist, and every standalone API — see `https://docs.didit.me/integration/ai-agent-integration` for the full tool catalogue.

Now build the integration. If anything in `## My application context` is missing, ask once at the top of your reply, then ship the complete change set: env vars wired, backend route, frontend SDK call, webhook endpoint with signature verification, decision-handling DB logic, and idempotent dedupe. Use my stack's idioms (`fetch` / `axios` / `requests` / `okhttp`), keep the API key server-side only, and follow the verification status state machine above.
Bandika kwenye Claude Code, Codex, au Cursor · husafirisha muunganisho kamili
03 · Moduli

Mtiririko wowote. Nchi yoyote. Kesi yoyote ya matumizi.

Tunga mtiririko wowote kutoka moduli 25+, vyanzo vya data vya serikali 1,000+, nchi 220+, aina za hati 14,000+, na lugha 48+. Mratibu yuleyule huendesha uthibitishaji wa kibayometriki, KYC kwa neobank, KYB kwa fintech ya B2B, Sheria ya Kusafiri kwa ubadilishanaji wa crypto, au AML inayoendelea kwa soko — unachagua ukaguzi na mpangilio.
Angalia kila moduli
Mchakato wa kazikyc-onboarding-v3
Nchi 220+
  • ID Verification
  • Passive Liveness
  • Face Match 1:1
  • AML Screening
  • Device & IP Analysis
  • Uthibitisho wa Anwani
  • Usomaji wa NFC
  • Uthibitishaji wa Simu
  • Uchunguzi wa Wallet
  • Dodoso Maalum
+ Moduli 15 zaidi · Vyanzo vya data 1,000+$0.33/session
04 · Huduma binafsi

Hakuna malipo. Hakuna simu ya mauzo. Nenda ukacheze nayo.

Sandbox iko wazi tangu dakika ya kwanza. Nyaraka na API ni za umma, bila lango la onyesho kati yako na msimbo. Jisajili, chukua ufunguo, tuma siku hiyo hiyo. Timu yetu ya mauzo iko karibu unapotaka — kamwe si kama lango.
Jaribu sandbox
Ufunguo wa API wa uzalishaji
Moja kwa moja
didit_sk_live_8f4c2a…9bf3

Imetolewa sasa hivi — hakuna kadi, hakuna mkataba, hakuna simu.

  • Hakuna kiwango cha chini
  • Hakuna mkataba
  • 500 bila malipo / mwezi
  • Sanduku la mchanga wazi
05 · Kulingana na matumizi

Lipa kwa unachotumia. Ndio hivyo.

Didit ni mara 3–5 nafuu kuliko wachuuzi wa KYC waliopo, na kila bei iko wazi kwa umma kwenye /pricing — $0.33 kifurushi kamili cha KYC, $0.15 uchunguzi wa pochi, $0.03 uchambuzi wa Kifaa na IP, uthibitishaji 500 bila malipo kila mwezi. Hakuna viwango vya chini, hakuna mikataba ya kila mwaka, hakuna mshangao wa ziada — bei kwenye ukurasa ndiyo bei kwenye ankara.
Angalia kila bei
Orodha ya bei ya umma
/pricing
  • ID Verification$0.15
  • Passive Liveness$0.10
  • Face Match 1:1$0.05
  • AML Screening$0.20
  • Device & IP Analysis$0.03
  • Uchunguzi wa Wallet (KYT)$0.15
Kifurushi kamili cha KYC$0.33

500 bila malipo / mwezi · hakuna kiwango cha chini · hakuna mkataba wa kila mwaka.

06 · Miundombinu wazi

API wazi. Jenga juu yake.

Kila sehemu ya mwisho iko wazi na imeandikwa — badilisha hali ya kipindi, zuia uso, pakua PDF ya uamuzi, hariri mtiririko wa kazi, au uliza logi ya tukio. Webhooks zimesainiwa na Hash-based Message Authentication Code (HMAC), ili uweze kuthibitisha kila tukio lilitoka kwetu. Didit ni miundombinu, si programu iliyofungwa.
Vinjari API
REST · OpenAPI 3
docs.didit.me
  • POST/v3/session/
  • GET/v3/session/{id}/decision/
  • PATCH/v3/session/{id}/update-status/
  • GET/v3/session/{id}/generate-pdf
  • POST/v3/lists/{id}/entries/face-upload/
  • POST/v3/transactions/

Kila sehemu ya mwisho wazi · kila webhook iliyotiwa saini ya HMAC.

07 · SDKs

SDKs kwa kila jukwaa.

Kifaa cha Kuendeleza Programu (SDK) kwa kila mfumo — Wavuti, iOS, Android, React Native, Flutter. Kwenye upande wa nyuma, REST API, webhooks zilizotiwa saini, OpenAPI 3 spec, na Zapier, Shopify, na Salesforce zilizounganishwa tayari. Kila sehemu inakuja na sampuli, aina, na kuanza kwa dakika 5.
Vinjari SDKs
Webv1.4.0iOSv3.0.1Androidv2.6.2
React Nativev1.8.0Flutterv1.3.4
08 · Miundombinu iliyoboreshwa kwa kiwango

Uthibitishaji wa haraka zaidi sokoni.

99% ya uthibitishaji hukamilika chini ya sekunde 2, mwisho hadi mwisho — hupimwa katika uzalishaji, haidaiwi kwenye staha. Tunalenga Mkataba wa Kiwango cha Huduma (SLA) wa 99.99%, tumeshikilia muda wa kufanya kazi wa 100% katika miezi 12 iliyopita, na hatujawahi kuvunjwa. Imerekebishwa kwa kila kifaa na mtandao — iPhone, Android, kompyuta ya mezani, kompyuta kibao, 5G au 2G — na tayari inaendesha mamilioni ya uthibitishaji kwa mwezi.
Angalia hali ya moja kwa moja
Muda wa kusubiri wa mwisho hadi mwisho · 30d
99.99% SLA
  • p500.82s
  • p951.42s
  • p991.89s

Uthibitishaji wa haraka zaidi sokoni · iPhone, Android, kompyuta ya mezani, kompyuta kibao, 5G au 2G.

Ngazi tatu, orodha moja ya bei

Anza bure. Lipa kwa matumizi. Panua hadi Biashara.

Uthibitishaji 500 bila malipo kila mwezi, milele. Lipa kadri unavyotumia kwa uzalishaji. Mikataba maalum, makazi ya data, na SLA (Mikataba ya Kiwango cha Huduma) kwenye Biashara.
Bure

Bure

$0 / mwezi. Hakuna kadi ya mkopo inayohitajika.

  • Kifurushi cha KYC cha bure (Uthibitishaji wa Kitambulisho + Uhai Usio na Kazi + Kulinganisha Uso + Uchambuzi wa Kifaa na IP) — 500 / mwezi, kila mwezi
  • Watumiaji Waliozuiliwa
  • Kugundua Marudio
  • Ishara 200+ za udanganyifu kwenye kila kipindi
  • KYC inayoweza kutumika tena kwenye mtandao wa Didit
  • Jukwaa la Usimamizi wa Kesi
  • Mjenzi wa Mtiririko wa Kazi
  • Hati za umma, sandbox, SDKs, seva ya MCP (Model Context Protocol)
  • Usaidizi wa jamii
Anza bure
Maarufu zaidi
Lipa kwa matumizi

Kulingana na Matumizi

Lipa tu kwa kile unachotumia. Moduli 25+. Bei ya umma kwa kila moduli, hakuna ada ya chini ya kila mwezi.

  • KYC kamili kwa $0.33 (Kitambulisho + Biometriska + IP / Kifaa)
  • Hifadhidata 10,000+ za AML — vikwazo, PEPs, vyombo vya habari hasi
  • Vyanzo 1,000+ vya data ya serikali kwa Uthibitishaji wa Hifadhidata
  • Ufuatiliaji wa Miamala kwa $0.02 kwa kila muamala
  • KYB ya Moja kwa Moja kwa $2.00 kwa kila biashara
  • Uchunguzi wa Wallet kwa $0.15 kwa kila ukaguzi
  • Mtiririko wa uthibitishaji wa Whitelabel — chapa yako, miundombinu yetu
Angalia orodha kamili ya beiAnza bila malipo
Biashara

Biashara

MSA & SLA maalum. Kwa idadi kubwa na programu zilizodhibitiwa.

  • Mikataba ya kila mwaka
  • MSA, DPA, na SLA maalum
  • Kituo maalum cha Slack na WhatsApp
  • Wakaguzi wa mikono kwa mahitaji
  • Masharti ya muuzaji na white-label
  • Vipengele vya kipekee na ushirikiano wa washirika
  • CSM aliyetajwa, ukaguzi wa usalama, usaidizi wa kufuata
Zungumza nasi

Anza bure → lipa tu wakati ukaguzi unafanyika → fungua Biashara kwa mkataba maalum, SLA, au makazi ya data.

FAQ

Maswali ya msanidi, yamejibiwa.

Majibu yale yale tunayotuma kwa timu za uhandisi wakati wa simu ya ujumuishaji. Kingine chochote — support@didit.me.
Ninaunganishaje Didit?

Hatua tano kutoka kujiandikisha hadi uamuzi wa kwanza.

  • Fungua akaunti yako kwenye business.didit.me, au piga simu POST https://apx.didit.me/auth/v2/programmatic/register/.
  • Jenga mtiririko wa kazi kwenye Dashibodi ya Biashara, au piga simu POST /v3/workflows/.
  • Sajili eneo la webhook kupitia koni, au piga simu POST /v3/webhook/destinations/ (Didit inarudisha siri ya kusaini katika jibu).
  • Unda kipindi na POST /v3/session/, ukipitisha workflow_id na vendor_data (kitambulisho chako cha mtumiaji). Elekeza mtumiaji kwenye URL iliyorudishwa — au weka Kifaa cha Ukuzaji Programu (SDK) asili kwenye mkataba huo huo wa /v3/.
  • Pokea uamuzi kwenye webhook iliyosainiwa, au piga kura GET /v3/session/:session_id/decision/.

API moja ya /v3/ inashughulikia Mjue Mteja Wako (KYC), Ijue Biashara Yako (KYB), Ufuatiliaji wa Miamala, na Uchunguzi wa Pochi (KYT — ijue miamala yako). Uthibitishaji 500 bure kila mwezi, milele, hakuna kadi ya mkopo.

Je, kuna sandbox ninaweza kucheza nayo sasa hivi?

Ndiyo — chini ya sekunde sitini, hakuna kadi ya mkopo. Jisajili kwenye business.didit.me (au jisajili kwa programu na POST https://apx.didit.me/auth/v2/programmatic/register/) na utaishia kwenye nafasi ya kazi ya sandbox na ufunguo halisi wa Kiolesura cha Programu (API).

  • Sura sawa na uzalishaji — maamuzi ya uhakika, kila moduli imefunguliwa.
  • Vituo halisi vya /v3/, webhooks halisi, sampuli halisi za hati.
  • Badilisha kwenda moja kwa moja wakati wowote uko tayari — funguo sawa, URL sawa, mkataba sawa.
Unasafirisha Vifaa gani vya Ukuzaji Programu (SDKs)?

SDK tano za wahusika wa kwanza, zote zikiwa chanzo huria, zote zikiwa kwenye nyaraka za umma:

  • Wavuti — JavaScript / TypeScript, huru kwa mfumo, upachikaji wa iframe au uelekezaji upya wa mtiririko uliopangishwa.
  • iOS — Swift, inasambazwa kama XCFramework.
  • Android — Kotlin, kupitia Maven Central.
  • React Native — viunganishi vya TypeScript juu ya moduli asili (TurboModules).
  • Flutter — kasha la Dart kuzunguka SDK asili zile zile.

Kila SDK inaita mkataba huo huo wa /v3/ chini ya kofia, kwa hivyo unaweza kuchanganya na kulinganisha — Wavuti kwenye tovuti yako, asili kwenye simu. Rejea kwenye docs.didit.me/integration/web-sdks/overview.

Webhooks hufanya kazi vipi?

Sajili eneo moja; Didit inasaini kila utoaji.

  • Sanidi kituo chako kupitia Dashibodi ya Biashara — au piga simu POST /v3/webhook/destinations/ na label, url, na subscribed_events.
  • Didit inarudisha secret_shared_key katika jibu. Itumie kuthibitisha saini ya Hash-based Message Authentication Code (HMAC)-SHA256 kwenye kila webhook inayoingia (kichwa: X-Signature-V2).
  • Kila mzigo hubeba status halisi, inayozingatia herufi kubwa na ndogo — "Approved", "Declined", "In Review", "Resubmitted", na zaidi. Mashine kamili ya hali inapatikana kwenye docs.didit.me/integration/verification-statuses.
  • Majaribio upya hutumia backoff ya kielelezo hadi urudishe 2xx; kila utoaji huwekwa kwenye kumbukumbu na inaweza kuchezwa tena kwa mahitaji kutoka kwenye koni.

Rejea kamili inapatikana kwenye docs.didit.me/integration/webhooks.

Mipaka ya viwango ni ipi, na nini hutokea kwa kiwango kikubwa?

Chaguo-msingi za ukarimu kwenye kila mpango, zikirekebishwa juu kwa kila akaunti.

  • Kiwango cha bure — sandbox pamoja na ukaguzi 500 wa uzalishaji kila mwezi, milele.
  • Lipa-kwa-matumizi — mipaka ya ghafla huongezeka kiotomatiki na kiasi endelevu. Hutakumbana na kikwazo katikati ya uzinduzi.
  • Biashara — mipaka maalum ya viwango, uwezo maalum, na ahadi za muda wa kufanya kazi katika Mkataba Mkuu wa Huduma (MSA). Zungumza nasi kwa support@didit.me.

Uwezo unaolengwa kwa kila eneo kwenye status.didit.me. Muda halisi wa kufanya kazi kwa 100% katika miezi 6 iliyopita katika mamilioni ya uhakiki kwa mwezi.

Je, ninaweza kuunganisha na Claude Code, Cursor, au zana zingine za kuandika msimbo za AI?

Ndiyo — bandika kidokezo kimoja na utume. Weka kidokezo cha ujumuishaji cha kisheria kwenye docs.didit.me/integration/integration-prompt kwenye Claude Code, Cursor, Codex, Devin, Aider, au Replit Agent. Wakala huandaa mtiririko wa kazi, huunganisha webhook, na huendesha jaribio la moshi kuanzia mwanzo hadi mwisho.

Vikao vilivyoanzishwa na wakala hulipa bei sawa ya umma kama simu za moja kwa moja za API — $0.33 kwa Know Your Customer (KYC) kamili, $0.15 kwa Uthibitishaji wa Hati ya Utambulisho pekee, $0.15 kwa uchunguzi wa pochi. Bure, hakuna usanidi wa ziada, hufanya kazi na mteja yeyote anayetambua Model Context Protocol (MCP).

Kiko wapi kitabu cha mabadiliko, na unaweka toleo la API vipi?

Maelezo ya toleo la kila mwezi kwenye `docs.didit.me/changelog` — kila moduli iliyotumwa, kila tukio la webhook lililoongezwa, kila mabadiliko yanayovunja yaliyotajwa.

  • Ufafanuzi wa OpenAPI 3.1 kwenye docs.didit.me/openapi-25.json umewekwa toleo pamoja na nyaraka. Uingize kwenye Postman au uzalishe wateja katika lugha yoyote.
  • Uwekaji toleo ni nyongeza kwa chaguo-msingi. Sehemu mpya, vigezo vipya vya hiari, na matukio mapya ya webhook husafirishwa bila kuongeza toleo. Mabadiliko yanayovunja hupata nafasi mpya ya /v4/ na dirisha la kukomesha lililochapishwa.
  • Hatubadilishi kamwe maana ya sehemu kimya kimya — ikiwa umbo la uamuzi, mpango wa saini, au orodha ya hali itabadilika, husafirishwa nyuma ya kichwa na kutangazwa kabla ya kubadilishwa.
Ninafuatiliaje muda wa kufanya kazi na mchakato wa tukio ni upi?

`status.didit.me` huchapisha muda halisi wa kufanya kazi na historia ya matukio kwa kila eneo — uhakiki, webhooks, console, docs. Hakuna kuingia kunahitajika.

  • Jisajili kupitia Really Simple Syndication (RSS), barua pepe, au webhook kwa arifa za kukatika kwa huduma.
  • Rekodi ya mafanikio: 100% muda halisi wa kufanya kazi katika miezi 6 iliyopita; lengo la upatikanaji wa 99.99% katika Mkataba wa Kiwango cha Huduma (SLA).
  • Kila tukio hupata ripoti ya umma baada ya tukio kwenye ukurasa huo huo.
  • Mikataba ya biashara huongeza mhandisi maalum wa simu, chaneli maalum ya Slack au Microsoft Teams, na Malengo ya Kiwango cha Huduma ya ukali wa tukio katika Mkataba Mkuu wa Huduma (MSA).

Miundombinu ya utambulisho na udanganyifu.

API moja kwa KYC, KYB, Ufuatiliaji wa Miamala, na Uchunguzi wa Wallet. Unganisha kwa dakika 5.

Anza bila malipoZungumza nasi
Uliza AI ifupishe ukurasa huu