Ruka hadi maudhui makuu
Didit Yakusanya $7.5M Kujenga Miundombinu ya Utambulisho na Udanganyifu
Didit
Uthibitishaji wa Barua Pepe

Thibitisha barua pepe yoyote.
Baini anwani bandia wakati wa kujisajili.

Baini anwani za barua pepe bandia, za muda mfupi, na zilizovunjwa kabla hazijafika kwenye hifadhidata yako. Simu moja inashughulikia sintaksia, uwasilishaji, akili ya mtoa huduma, na OTP ya tarakimu sita (nambari ya siri ya mara moja). $0.03 kwa kila ukaguzi, 500 bure/mwezi.

Inaungwa mkono na
Y CombinatorRobinhood Ventures
Firecrawl
Slash
Crnogorski Telekom
UCSF Neuroscape
Bit2Me
Shiply

Inaaminika na mashirika 2,000+ duniani kote.

Uthibitishaji wa Barua Pepe wa Didit, sintaksia, MX, na ukaguzi wa kikoa cha muda mfupi papo hapo.

Zaidi ya sintaksia

MX, inayoweza kutupwa, jukumu,
na alama ya hatari.

Tunajaribu uwasilishaji moja kwa moja, tunaweka alama kwenye anwani za muda mfupi na za majukumu, na tunarudisha alama ya hatari ambayo mtiririko wako wa kazi unaweza kutumia. $0.03 kwa kila ukaguzi.

Jinsi inavyofanya kazi

Kutoka kujisajili hadi mtumiaji aliyethibitishwa kwa hatua nne.

  1. Hatua 01

    Unda mtiririko wa kazi

    Chagua ukaguzi unaotaka, ID, uhai, kulinganisha uso, vikwazo, anwani, umri, simu, barua pepe, maswali maalum. Ziburute kwenye mtiririko katika dashibodi, au tuma mtiririko huo huo kwenye API yetu. Gawanya kwa masharti, fanya majaribio ya A/B, hakuna msimbo unaohitajika.

  2. Hatua 02

    Unganisha

    Pachika asili na SDK yetu ya Web, iOS, Android, React Native, au Flutter. Elekeza kwenye ukurasa uliopangishwa. Au tuma tu kiungo kwa mtumiaji wako, kwa barua pepe, SMS, WhatsApp, popote. Chagua kinachofaa stack yako.

  3. Hatua 03

    Mtumiaji anapitia mtiririko

    Didit inasimamia kamera, ishara za mwanga, uhamishaji wa simu, na ufikiaji. Wakati mtumiaji yuko kwenye mtiririko, tunapima ishara 200+ za udanganyifu kwa wakati halisi na kuthibitisha kila sehemu dhidi ya vyanzo vya data vya mamlaka. Matokeo yanapatikana chini ya sekunde mbili.

  4. Hatua 04

    Unapokea matokeo

    Webhooks zilizotiwa saini kwa wakati halisi huweka database yako sawa mara tu mtumiaji anapoidhinishwa, kukataliwa, au kutumwa kwa ukaguzi. Uliza API inapohitajika. Au fungua console kukagua kila kipindi, kila ishara, na kudhibiti kesi kwa njia yako.

Imejengwa kwa ajili ya waendelezaji · Imejengwa dhidi ya udanganyifu · Wazi kwa muundo

Uwezo sita. Feature flag moja. EMAIL_VERIFICATION.

Kila uwezo ni swichi kwenye moduli moja. Hakuna viwango vya kuongeza mauzo, hakuna mipango tofauti, hakuna simu za nyongeza. Viwashe kwa kila mtiririko wa kazi kwenye console au vipitishe papo hapo kwenye simu ya API.
01 · Uwasilishaji

Sintaksia, rekodi za barua, na uchunguzi wa moja kwa moja, kila simu.

Tunachambua sintaksia, tunatafuta rekodi za MX (mail exchange), na kufungua muunganisho kwa seva lengwa ili kuthibitisha anwani inafikiwa. Jibu linajumuisha boolean safi ambayo mtiririko wako wa kazi unaweza kutumia.
Mfumo wa Uwasilishajialex.sample@flytap.com
  • Sintaksia ya RFC 5322Sehemu ya ndani + kikoa kimechanganuliwa
  • Utafutaji wa MXRekodi 1 · 10 ms
  • Uchunguzi wa SMTP250 SAWA · inakubali barua
haiwezi_kuwasilishwafalse
02 · Akili ya mtoa huduma

Barua pepe za muda mfupi. Huduma za bure. Zikamata kabla hazijaingia.

Katalogi mpya ya huduma za kutupa (10minutemail, mailinator, guerrilla), watoa huduma huru (Gmail, Outlook, Yahoo, ProtonMail), na huduma zinazoibuka za kuficha. Kila lebo inalingana na kitendo cha kukataa, kukagua, au kuidhinisha unachorekebisha kwa kila programu.
03 · Mfiduo wa uvunjaji

Jua kama kikasha kimevujishwa. Kabla hujakitumia.

Kila anwani inakaguliwa dhidi ya database iliyokusanywa ya uvunjaji. Jibu linaorodhesha kila uvujaji ambao anwani inaonekana, jina, tarehe ya uvunjaji, aina za data zilizo wazi, ili timu yako ya kufuata sheria iwe na ushahidi wa kumbukumbu za AML (anti-money laundering).
04 · Uthibitisho wa OTP

Nambari sita. Halali kwa dakika tano. Template iliyojanibishwa.

Tumia skrini yetu ya kuingia iliyopangishwa au fomu yako mwenyewe. Majaribio mawili kwa kila kipindi, kutuma tena mara mbili kwa saa 24, uhalali wa dakika tano, kila kikomo kinasimamiwa kwa ajili yako. Kiolezo kinajirekebisha kiotomatiki kwa lugha anayopendelea mtumiaji.
05 · Kupambana na matumizi mabaya

Kugundua zote. Kuchuja kulingana na jukumu. Marudio ya session tofauti.

Maonyo yanayoweza kusanidiwa yanaonyesha kila muundo wa matumizi mabaya: uliovunjwa, wa muda mfupi, uliorudiwa katika vipindi, au uliowekwa kwenye orodha nyeusi. Kukataa kiotomatiki mara mbili (majaribio mengi sana, anwani isiyoweza kuwasilishwa) kunabaki kutekelezwa bila kujali sera. Anwani za catch-all na za msingi wa majukumu zinanaswa kabla hata msimbo haujatumwa.
Sera ya hatariMaonyo 5 · Vitendo 3
  • EMAIL_CODE_ATTEMPTS_EXCEEDEDKataa kiotomatiki
  • EMAIL_IN_BLOCKLISTKataa kiotomatiki
  • DISPOSABLE_EMAIL_DETECTEDKataa
  • BREACHED_EMAIL_DETECTEDKagua
  • DUPLICATED_EMAILKagua
06 · Bei

$0.03 kwa ukaguzi. 500 bila malipo kila mwezi. Milele.

Bei sawa ya $0.03 kwenye mtiririko uliopangishwa na API inayojitegemea. Hakuna ada ya jukwaa, hakuna kiwango cha chini cha kila mwezi, hakuna mshangao wa ziada. Unganisha Uthibitishaji wa Barua Pepe kabla ya ukaguzi kamili wa KYC (know-your-customer) wa $0.33 ili kuchuja usajili usiofaa kabla hawajatumia mkopo.
MalipoUmma · kwa kila ukaguzi
Kwa kila ukaguzi
$0.03
Njia A au Njia B
Kiwango cha bure
500/mo
Milele, bila kadi
  • Hakuna kiwango cha chiniLipa kwa mafanikio
  • Inaunganisha na KYC+$0.33 kifurushi
Unganisha

Endpoints mbili. JSON sawa. Bei sawa.

Chagua mtiririko uliopangishwa unapotaka sisi tushughulikie uingizaji wa msimbo na kuuunganisha kwenye mtiririko mpana wa kazi. Chagua API inayojitegemea unapotaka kumiliki UI. Zote mbili zinarudisha ripoti sawa.
POST /v3/session/Hosted UI
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_email_check",
    "vendor_data": "user-42"
  }'
201Imeundwa{ "session_url": "verify.didit.me/..." }
Tunakaribisha skrini ya kuingiza OTP na kuiunganisha kwenye workflow yako.nyaraka →
POST /v3/email/check/Server kwa server
$ curl -X POST https://verification.didit.me/v3/email/check/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "reference_id": "ref_8a2c",
    "code": "482913"
  }'
200Sawa{ "status": "Imeidhinishwa", "is_breached": true }
Unamiliki UI ya OTP. /email/send/ kwanza, kisha /email/check/.nyaraka →
Ujumuishaji tayari kwa agent

Tuma Uthibitishaji wa Barua Pepe kwa amri moja.

Bandika kizuizi hapa chini kwenye Claude Code, Cursor, Codex, Devin, Aider, au Replit Agent. Jaza stack yako. Agent itaweka Didit, itaunda workflow ya Uthibitishaji wa Barua Pepe, itaunganisha webhook, na kutuma.
didit-integration-prompt.md
# Didit Email Verification — integrate in 5 minutes

You are integrating Didit's Email Verification module into <my_stack>.
Follow these steps exactly. Every URL, header, and enum value below is
canonical — do not paraphrase or "improve" them. The module covers:
syntax validation, MX (Mail Exchange) lookup, SMTP (Simple Mail Transfer
Protocol) deliverability probe, disposable-provider detection,
free-provider detection, breach exposure lookup (HaveIBeenPwned-style),
catch-all + role-based anti-abuse signals, OTP (one-time password)
confirmation, and a configurable risk policy that can chain straight
into a Know Your Customer (KYC) (know your customer) workflow.

## 1. Provision an account
- Sign up: https://business.didit.me (no credit card required).
- Or provision programmatically: POST https://apx.didit.me/auth/v2/programmatic/register/
  (returns an API key bound to the workspace + application).

## 2. Two integration paths — pick one

### Path A — Workflow Builder (hosted UI)
Best when you want Didit to host the OTP entry screen, localize the
email template, handle resend cool-downs, and chain Email Verification
into a wider KYC / KYB workflow.

1. Create a workflow that contains the EMAIL_VERIFICATION feature:
   POST https://verification.didit.me/v3/workflows/
   Authorization header:  x-api-key: <your-api-key>
   Body: workflow_label, features array with the single entry
         { feature: "EMAIL_VERIFICATION" }   (UPPERCASE — strict enum)
   Optional config: per-warning action overrides (Decline / Review /
   Approve) for BREACHED_EMAIL_DETECTED, DISPOSABLE_EMAIL_DETECTED,
   DUPLICATED_EMAIL, and EMAIL_IN_BLOCKLIST.

2. Create a verification session for an end user:
   POST https://verification.didit.me/v3/session/
   Body: workflow_id (from step 1), vendor_data (your own user id),
   optional contact_details.email (pre-fills the OTP step).
   Response: session_url — redirect the user to it.

3. Listen for webhook callbacks (see "Webhooks" below).

### Path B — Standalone server-to-server API
Best when you already own the OTP UI and just want Didit to send and
validate the code plus return the risk signals.

Two endpoints, both authenticated with x-api-key:

POST https://verification.didit.me/v3/email/send/
Body (application/json):
  - email        (required, string — RFC 5322 address)
  - language     (optional, ISO 639-1 code — picks the email template)
  - vendor_data  (optional string, your user id)
Returns: { reference_id }

POST https://verification.didit.me/v3/email/check/
Body (application/json):
  - reference_id (required, from /email/send/)
  - code         (required, 6-digit string the user typed)
Returns: the full email-verification report (see Section 4).

Use the same vendor_data on retries so cross-session matches work.

## 3. Webhooks (Path A only — Path B returns synchronously)
- Register a webhook destination once via
  POST https://verification.didit.me/v3/webhook/destinations/
  Body: url, subscribed_events: ["session.verified",
                                  "session.review_started",
                                  "session.declined"]
- Response includes secret_shared_key — store it.
- Every webhook delivery carries an X-Signature-V2 header you MUST verify
  before trusting the payload.  HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature.Algorithm:
    1. sortKeys(payload) recursively
    2. shortenFloats (truncate trailing zeros after the decimal point)
    3. JSON.stringify the result
    4. HMAC-SHA256 with the secret_shared_key
    5. Hex-encode, compare to the X-Signature-V2 header.

Two module-level event types fire alongside the session events above:
- EMAIL_VERIFICATION_MESSAGE_SENT — OTP was dispatched
- EMAIL_VERIFICATION_DECLINED      — verification finished with a
                                     Declined status (caller should
                                     surface the warning to the user)

## 4. Reading the report (both paths return the same shape)
The email object includes:
- status: "Approved" | "Declined" | "In Review" | "Not Finished"
- email: the address that was verified
- is_breached: boolean — true when the address appears in known breaches
- breaches: array of { name, domain, logo_path, breach_date,
                       description, is_verified, data_classes,
                       breach_emails_count }
- is_disposable: boolean — true for throwaway providers
- is_undeliverable: boolean — true when MX + SMTP probe failed
- verification_attempts: number — OTP attempts used (max 2)
- verified_at: ISO 8601 timestamp
- matches: array of cross-session hits, each carrying session_id,
           session_number, vendor_data, verification_date, email,
           status, is_blocklisted
- warnings: Array<{ risk, additional_data, log_type,
                    short_description, long_description }>

Auto-decline risks (always enforced by Didit, not configurable):
- EMAIL_CODE_ATTEMPTS_EXCEEDED
- EMAIL_IN_BLOCKLIST
- UNDELIVERABLE_EMAIL_DETECTED

Configurable risks (action per workflow — Decline, Review, or Approve):
- BREACHED_EMAIL_DETECTED       (exposure / breach intelligence)
- DISPOSABLE_EMAIL_DETECTED     (temporary / throwaway provider)
- DUPLICATED_EMAIL              (cross-session match on another user)

Anti-abuse limits (enforced server-side):
- Code Entry Attempts: max 2 tries to type the right OTP
- Code Resend Requests: max 2 resends per 24 hours
- Code Validity: 5 minutes from delivery

## 5. Chaining Email Verification into a KYC flow
EMAIL_VERIFICATION is a regular feature inside the Workflow Builder, so
it composes with any of the 25+ other modules. The canonical patterns:

- Cheap pre-filter: gate KYC behind Email Verification so disposable +
  breached + undeliverable signups never burn a $0.33 KYC bundle. Use a
  conditional branch — if status is Declined on email, skip
  ID_VERIFICATION + LIVENESS + FACE_MATCH.
- Compliance log: keep Email Verification in the flow even when KYC is
  the primary check, so the verified email is timestamped and signed
  alongside the ID Verification report for Anti-Money Laundering (AML) (anti-money laundering)
  recordkeeping.
- Step-up auth: rerun Email Verification at a sensitive action (large
  withdrawal, password reset) using the same workflow + vendor_data
  for closed-loop continuity.

## 6. Hard rules — do not change
- Base URL for /v3/* endpoints is verification.didit.me (NOT apx.didit.me).
- Feature enum is UPPERCASE: EMAIL_VERIFICATION, ID_VERIFICATION,
  LIVENESS, FACE_MATCH, AML, IP_ANALYSIS, PHONE_VERIFICATION.
- Auth header is x-api-key (lowercase, hyphenated).
- Webhook signature header is X-Signature-V2 (NOT X-Signature).
- Always verify webhook signatures before trusting payload data.
- Status casing matches exactly: "Approved", "Declined", "In Review",
  "Not Finished" (title-cased, space-separated).

## 7. Pricing reference (public)
- Email Verification: $0.03 per check (Path A or Path B).
- Bundled inside a full KYC workflow: same $0.03 add-on — the $0.33
  full-KYC bundle does not include EMAIL_VERIFICATION by default.
- 500 free checks every month, forever, on every account.

## 8. Verify your integration
- Sandbox starts on signup at https://business.didit.me — no separate flag.
- Test emails: deterministic synthetic addresses returned in sandbox
  (Approved by default; trigger Declined by sending the canonical
  disposable / breached test addresses listed in the docs).
- Switch to live: flip the application's environment toggle in console.

When in doubt: https://docs.didit.me/core-technology/email-verification/overview
Inatii kwa muundo

Fungua nchi mpya kwa kubofya mara moja. Tunafanya kazi ngumu.

Tunafungua kampuni tanzu za ndani, tunapata leseni, tunafanya majaribio ya kupenya, tunapata vyeti, na tunalingana na kila kanuni mpya. Ili kusafirisha uthibitishaji katika nchi mpya, geuza swichi. Nchi 220+ ziko hewani, zinakaguliwa na kupimwa kila robo mwaka, mtoa huduma pekee wa utambulisho ambaye serikali ya nchi mwanachama wa EU imemwita rasmi kuwa salama zaidi kuliko uthibitishaji wa ana kwa ana.
Soma faili ya usalama na utiifu
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Usalama wa habari · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned kwa muundo

Namba za uthibitisho

Namba za uthibitisho
  • $0.00
    Kwa kila ukaguzi, bei sawa kwenye mtiririko wa hosted au API inayojitegemea.
  • 0
    Uthibitishaji wa barua pepe wa bure kila mwezi, milele, kwenye kila akaunti.
  • 0 min
    Uhalali wa nambari ya mara moja, kila kikomo kinasimamiwa kwa ajili yako.
  • 0
    Nambari za onyo zinazoweza kusanidiwa pamoja na kukataa kiotomatiki 3 zilizotekelezwa.
Ngazi tatu, orodha moja ya bei

Anza bure. Lipa kulingana na matumizi. Panua hadi Enterprise.

Uthibitishaji 500 bila malipo kila mwezi, milele. Lipa kadri unavyotumia kwa uzalishaji. Mikataba maalum, uhifadhi wa data, na SLA (Service Level Agreements) kwenye Enterprise.
Bure

Bure

$0 / mwezi. Hakuna kadi ya mkopo inayohitajika.

  • Kifurushi cha bure cha KYC (Uthibitishaji wa Kitambulisho + Passive Liveness + Face Match + Uchambuzi wa Kifaa & IP), 500 / mwezi, kila mwezi
  • Watumiaji Waliozuiwa
  • Utambuzi wa Marudio
  • Ishara 200+ za udanganyifu kwenye kila session
  • KYC inayoweza kutumika tena kwenye mtandao wa Didit
  • Jukwaa la Usimamizi wa Kesi
  • Workflow Builder
  • Nyaraka za umma, sandbox, SDKs, server ya MCP (Model Context Protocol)
  • Usaidizi wa jamii
Maarufu zaidi
Lipa kulingana na matumizi

Kulingana na Matumizi

Lipa tu kwa unachotumia. Moduli 25+. Bei za umma kwa kila moduli, hakuna ada ya chini ya kila mwezi.

  • KYC kamili kwa $0.33 (Kitambulisho + Biometric + IP / Kifaa)
  • Data za AML 10,000+, vikwazo, PEPs, habari hasi
  • Vyanzo vya data vya serikali 1,000+ kwa Uthibitishaji wa Database
  • Ufuatiliaji wa Miamala kwa $0.02 kwa kila muamala
  • KYB ya moja kwa moja kwa $2.00 kwa kila biashara
  • Uchunguzi wa Wallet kwa $0.15 kwa kila ukaguzi
  • Mtiririko wa uthibitishaji wa Whitelabel, brand yako, miundombinu yetu
Biashara Kubwa

Biashara Kubwa

MSA & SLA maalum. Kwa idadi kubwa na programu zilizodhibitiwa.

  • Mikataba ya kila mwaka
  • MSA, DPA, na SLA maalum
  • Kituo maalum cha Slack na WhatsApp
  • Wakaguzi wa mikono wanapohitajika
  • Masharti ya muuzaji na white-label
  • Vipengele vya kipekee na ushirikiano wa washirika
  • CSM aliyetajwa, ukaguzi wa usalama, usaidizi wa kufuata

Anza bure → lipa tu wakati ukaguzi unafanyika → fungua Enterprise kwa mkataba maalum, SLA, au uhifadhi wa data.

FAQ

Maswali ya kawaida

Didit ni nini?

Didit ni miundombinu ya utambulisho na udanganyifu, jukwaa ambalo tulitamani lingekuwepo tulipokuwa tukijenga bidhaa sisi wenyewe: wazi, rahisi, na rafiki kwa waendelezaji, ili lifanye kazi kama sehemu halisi ya stack yako badala ya sanduku jeusi unaloliunganisha.

API moja inashughulikia kuthibitisha watu (KYC, know your customer), kuthibitisha biashara (KYB, know your business), kuchunguza pochi za crypto (KYT, know your transaction), na kufuatilia miamala kwa wakati halisi, kwenye stack iliyojengwa kuwa:

  • Haraka, chini ya sekunde 2 p99 kwenye kila session
  • Inaaminika, inatumika na kampuni 1,500+ katika nchi 220+
  • Salama, SOC 2 Type 1, ISO 27001, GDPR-native, na kuthibitishwa rasmi na mdhibiti wa kifedha wa Hispania kuwa salama zaidi kuliko kumthibitisha mtu ana kwa ana

Miundombinu iliyo chini: aina 14,000+ za hati katika lugha 48+, vyanzo vya data 1,000+, na ishara za udanganyifu 200+ kwenye kila session. Miundombinu ya Didit inajifunza kwa nguvu kutoka kila session na inaboresha kila siku.

Didit inafanya ukaguzi gani wa barua pepe?
Nane kwenye kila simu, zote zinarudishwa katika JSON object moja. Uchambuzi wa syntax wa RFC 5322, utafutaji wa rekodi ya Mail Exchange (MX) ya moja kwa moja, uchunguzi wa uwasilishaji wa Simple Mail Transfer Protocol (SMTP) wa moja kwa moja, utambuzi wa mtoa huduma wa barua pepe za muda mfupi (10minutemail, mailinator, guerrilla, huduma za kuficha), uwekaji lebo wa mtoa huduma huru (Gmail, Outlook, Yahoo, ProtonMail), mfiduo wa uvunjaji wa data kwenye uvujaji unaojulikana (chanjo iliyokusanywa kama HaveIBeenPwned), mechi ya nakala ya sessions tofauti dhidi ya sessions zako za kihistoria, na ukaguzi wa blocklist dhidi ya anwani zozote ulizoweka alama mwenyewe. Kila moja huonekana kama boolean (is_disposable, is_breached, is_undeliverable) pamoja na onyo lililoandikwa chini ya warnings array.
Muundo wa majibu ukoje?
Kuna email object iliyo na status (Approved, Declined, In Review, Not Finished), email iliyothibitishwa, is_breached, breaches array (kila kiingilio: name, domain, logo_path, breach_date, description, is_verified, data_classes, breach_emails_count), is_disposable, is_undeliverable, verification_attempts, verified_at (ISO 8601), matches array ya hits za sessions tofauti na session_id / vendor_data / verification_date / is_blocklisted, na warnings array (kila kiingilio: risk, additional_data, log_type, short_description, long_description). Muundo huohuo kwenye Njia A (workflow) na Njia B (standalone).
Uthibitishaji ni wa haraka kiasi gani kwa mtumiaji wangu wa mwisho?

Mchakato mzima kwa kawaida huchukua chini ya sekunde 30 kuanzia mwanzo hadi mwisho, chukua kitambulisho, piga picha ya hati, piga selfie, umemaliza. Huu ndio mchakato wa haraka zaidi sokoni. Watoa huduma wa zamani wa KYC kwa kawaida huchukua zaidi ya sekunde 90 kwa mchakato huohuo.

Kwa upande wa back end, Didit inarudisha matokeo kwa chini ya sekunde mbili kwa p99, ikipimwa kuanzia wakati mtumiaji anamaliza selfie hadi wakati webhook yako inapoanza kufanya kazi. Upigaji picha wa simu umeboreshwa kwa simu za polepole na mitandao ya polepole: ukandamizaji wa picha unaoendelea, upakiaji wa polepole wa software development kit, na uhamishaji wa mara moja kutoka desktop kwenda simu kupitia QR code ikiwa mtumiaji anaanza kwenye web.

Didit inagunduaje udanganyifu na matumizi mabaya?
Tabaka tano. (1) Kukataa kiotomatiki kwa nguvu kwenye EMAIL_CODE_ATTEMPTS_EXCEEDED, EMAIL_IN_BLOCKLIST, na UNDELIVERABLE_EMAIL_DETECTED, inatekelezwa upande wa server bila kujali. (2) Kukataa / Kukagua / Kuidhinisha kunakoweza kusanidiwa kwenye BREACHED_EMAIL_DETECTED, DISPOSABLE_EMAIL_DETECTED, na DUPLICATED_EMAIL. (3) Utambuzi wa catch-all na role-based ndani ya uchunguzi wa SMTP, huwekewa alama kabla ya OTP kutumwa. (4) Kikomo cha kutuma tena cha 2 kwa saa 24, kikomo cha majaribio ya kuingiza code cha 2, zote kwa kila session. (5) matches array ya sessions tofauti inayoonyesha barua pepe ileile iliyotumika tena kwenye vendor_data tofauti ili mashamba ya akaunti bandia yasiweze kujificha.
Nini hutokea ikiwa mtumiaji atashindwa, ataacha, au muda wake utaisha?

Kila session huishia kwenye mojawapo ya statuses saba zilizo wazi, hivyo code yako inajua nini cha kufanya kila wakati:

  • Approved, kila ukaguzi umefaulu. Mpeleke mtumiaji mbele.
  • Declined, ukaguzi mmoja au zaidi umeshindwa. Unaweza kumruhusu mtumiaji kutuma tena hatua maalum iliyoshindwa (kwa mfano, kupiga tena selfie) bila kurudia mchakato mzima.
  • In Review, imewekewa alama kwa ukaguzi wa kufuata sheria. Fungua kesi kwenye console, angalia kila ishara, amua kuidhinisha au kukataa.
  • In Progress, mtumiaji yuko katikati ya mchakato.
  • Not Started, link imetumwa, mtumiaji bado hajaifungua. Tuma ukumbusho ikiwa itakaa muda mrefu sana.
  • Abandoned, mtumiaji alifungua link lakini hakumaliza kwa wakati. Mshirikishe tena au muda wake uishe.
  • Expired, link ya session imepitwa na wakati. Unda session mpya.

Webhook iliyosainiwa huwashwa kwenye kila mabadiliko ya status, hivyo database yako inabaki sawa kila wakati. Sessions zilizoachwa na zilizokataliwa ni bure.

Data ya mteja wangu inakaa wapi na inalindwaje?

Data ya uzalishaji inachakatwa na kuhifadhiwa katika Umoja wa Ulaya kwa chaguo-msingi, kwenye Amazon Web Services. Mikataba ya biashara inaweza kuomba maeneo mbadala kwa mamlaka ambazo wasimamizi wake wanahitaji.

Usimbaji fiche kila mahali. AES-256 ikiwa imetulia kwenye kila database, object store, na backup. Transport Layer Security 1.3 ikiwa inasafiri kwenye kila API call, webhook, na session ya Business Console. Data ya kibayometriki imesimbwa kwa kutumia Customer Master Key tofauti.

Uhifadhi ni wako kudhibiti. Uhifadhi wa chaguo-msingi ni usio na kikomo (unlimited) isipokuwa ukisanidi muda mfupi zaidi, kati ya siku 30 na miaka 10 kwa kila application, na unaweza kufuta session yoyote binafsi wakati wowote kutoka kwenye dashboard au API.

Vyeti: SOC 2 Type 1 (ukaguzi wa Type 2 unaendelea), ISO/IEC 27001:2022, iBeta Level 1 PAD, na uthibitisho wa umma kutoka Tesoro / SEPBLAC / CNMV ya Hispania kwamba uthibitishaji wa utambulisho wa mbali wa Didit ni salama zaidi kuliko kumthibitisha mtu ana kwa ana. Ripoti kamili inapatikana /security-compliance.

Je, Didit inatii kanuni za sekta yangu?

Didit inatii kanuni muhimu za miundombinu ya utambulisho kiwango cha juu:

  • GDPR + UK GDPR, mgawanyo wa mtawala / mchakato, Mkataba kamili wa Uchakataji Data ulichapishwa, mamlaka kuu ya usimamizi imetajwa (AEPD ya Uhispania).
  • AMLD6 + EU AML Single Rulebook, vikwazo 1,300+, mtu aliye wazi kisiasa, na orodha za vyombo vya habari hasi huchunguzwa kwa wakati halisi.
  • eIDAS 2.0, Imeunganishwa na EU Digital Identity Wallet; tayari kwa utambulisho unaoweza kutumika tena.
  • MiCA (Markets in Crypto-Assets), tayari kwa crypto on-ramps, exchanges, na custodians.
  • DORA, Sheria ya Ustahimilivu wa Uendeshaji wa Kidijitali, ustahimilivu wa uendeshaji wa huduma za kifedha za EU.
  • BIPA, CUBI, Washington HB 1493, CCPA / CPRA, faragha ya kibayometriki ya Marekani (Illinois, Texas, Washington) na faragha ya watumiaji wa California.
  • UK Online Safety Act, mahitaji ya kuzuia umri na usalama wa watoto.
  • FATF Travel Rule, data ya mwanzilishi na mnufaika kwenye uhamishaji wa crypto, IVMS-101 inayoendana.

Memo ya kina, kila cheti, kila barua ya mdhibiti: /security-compliance.

Ninaweza kuunganisha na kuanza kuthibitisha watumiaji haraka kiasi gani?
  • Sekunde 60 kufungua akaunti ya sandbox kwenye business.didit.me, hakuna kadi ya mkopo inayohitajika.
  • Dakika 5 kufanya uthibitishaji ufanye kazi kupitia Claude Code, Cursor, au wakala yeyote wa kuandika code kupitia server yetu ya Model Context Protocol (MCP).
  • Wikiendi moja kwa muunganisho tayari kwa uzalishaji na uthibitishaji wa webhook uliosainiwa, majaribio upya, na mtiririko wa kurekebisha pale mtumiaji anapokataliwa.

Njia tatu za kuunganisha, chagua inayofaa stack yako:

  • Unganisha moja kwa moja na SDK yetu ya Web, iOS, Android, React Native, au Flutter.
  • Elekeza upya mtumiaji kwenye ukurasa wa uthibitishaji uliopangishwa, hakuna SDK.
  • Tuma kiungo kwa barua pepe, SMS, WhatsApp, au njia yoyote, hakuna kazi ya front-end.

Dashboard moja, bili moja, bei sawa ya kulipa-kwa-mafanikio kwa zote tatu. Mwongozo wa hatua kwa hatua unapatikana kwenye docs.didit.me/integration/integration-prompt.

Miundombinu ya utambulisho na udanganyifu.

API moja kwa KYC, KYB, Ufuatiliaji wa Miamala, na Uchunguzi wa Wallet. Unganisha ndani ya dakika 5.

Uliza AI ifupishe ukurasa huu