Ruka hadi maudhui makuu
Didit Yakusanya $7.5M Kujenga Miundombinu ya Utambulisho na Udanganyifu
Didit
Biometric 2FA

Badilisha nenosiri la mara moja la SMS. Fanya selfie iwe kipengele cha pili.

Imarisha mifumo nyeti kwa uthibitisho wa uso unaochukua chini ya sekunde 2 dhidi ya picha iliyosajiliwa. Inazuia phishing. Inazuia SIM-swap. $0.10 kwa uthibitisho. Uthibitishaji 500 bila malipo kila mwezi.

Inaungwa mkono na
Y CombinatorRobinhood Ventures
Firecrawl
Slash
Crnogorski Telekom
UCSF Neuroscape
Bit2Me
Shiply

Inaaminika na mashirika 2,000+ duniani kote.

Biometric 2FA ya giza, ya sinema, paneli nne za glasi zinazoelea, zinazopitisha mwanga katika mtazamo wa 3D kwenye nyeusi safi, zikipitishwa na mstari wa Didit Blue unaong'aa na kuwekewa fremu na mabano ya skana yanayong'aa. Kila paneli ina motifu ndogo nyeupe-nyepesi inayowakilisha kufuli, jozi ya mviringo ya kulinganisha uso, kifaa cha rununu, na kiputo cha SMS kilichovukwa.

Inazuia phishing · Inazuia SIM-swap

Hakuna code ya kuphish. Hakuna SIM ya kubadilisha.

Kipengele cha pili ni uso wa mtumiaji, unaolinganishwa 1:1 na picha waliyosajili wakati wa kujisajili. Liveness inazuia shambulio la kuchapisha / kucheza tena / barakoa / Generative Adversarial Network (GAN) kwenye fremu hiyo hiyo. Uamuzi wa chini ya sekunde 2 kwenye Android ya kiwango cha chini. $0.10 kwa uthibitisho. Uthibitishaji 500 bila malipo kila mwezi.

Jinsi inavyofanya kazi

Kutoka kujisajili hadi mtumiaji aliyethibitishwa kwa hatua nne.

  1. Hatua 01

    Unda mtiririko wa kazi

    Chagua ukaguzi unaotaka, kitambulisho, liveness, kulinganisha uso, vikwazo, anwani, umri, simu, barua pepe, maswali maalum. Ziburute kwenye mtiririko kwenye dashibodi, au tuma mtiririko huo huo kwenye API yetu. Panga masharti, fanya majaribio ya A/B, hakuna msimbo unaohitajika.

  2. Hatua 02

    Unganisha

    Pachika asili na SDK yetu ya Web, iOS, Android, React Native, au Flutter. Elekeza kwenye ukurasa uliopangishwa. Au tuma tu kiungo kwa mtumiaji wako, kwa barua pepe, SMS, WhatsApp, popote. Chagua kinachofaa stack yako.

  3. Hatua 03

    Mtumiaji anapitia mtiririko

    Didit inasimamia kamera, ishara za mwanga, uhamishaji wa simu, na ufikiaji. Wakati mtumiaji yuko kwenye mtiririko, tunapima ishara 200+ za udanganyifu kwa wakati halisi na kuthibitisha kila sehemu dhidi ya vyanzo vya data vya mamlaka. Matokeo chini ya sekunde mbili.

  4. Hatua 04

    Unapokea matokeo

    Webhooks zilizosainiwa kwa wakati halisi huweka database yako sawa mara tu mtumiaji anapoidhinishwa, kukataliwa, au kutumwa kwa ukaguzi. Piga API inapohitajika. Au fungua console kukagua kila kikao, kila ishara, na kudhibiti kesi zako mwenyewe.

Badilisha SMS OTP · Imeunganishwa na mtumiaji, si msimbo

Uwezo sita. $0.10 kwa uthibitisho.

Mtiririko mmoja unaobadilika, uamuzi mmoja uliosainiwa, umbo la callback sawa na mtiririko wako uliopo wa OAuth. Hakuna utegemezi wa mtoa huduma, hakuna uso wa SS7, hakuna hatari ya SIM-swap.
01 · Mtiririko wa kugusa ili kuthibitisha

Gonga mara moja. Selfie ya chini ya sekunde 2. Imekamilika.

Fungua simu ya Sessions API, elekeza mtumiaji kwenye UI iliyopangishwa, piga fremu moja tulivu. Liveness + Kulinganisha Uso 1:1 + webhook iliyosainiwa inarudi ndani ya sekunde mbili hizo hizo. Hakuna usakinishaji wa programu, hakuna SDK, hakuna njia ya mtoa huduma.
Moduli ya Uthibitishaji wa Kibayometriki
02 · Kulinganisha Uso 1:1

Linganisha selfie ya moja kwa moja na picha iliyosajiliwa.

Picha iliyopigwa wakati wa kipindi cha awali cha KYC cha mtumiaji ndiyo template. Kila uthibitishaji unaofuata unalinganisha selfie mpya nayo na kurejesha similarity_score (0-1). Rekebisha kizingiti cha kujithibitisha kiotomatiki kwa kila workflow. $0.05 kwa kila simu ya Face Match inayojitegemea; $0.10 inapounganishwa na Liveness.
Moduli ya Face Match 1:1
03 · Inashinda mashambulizi ya SMS

SIM swap. OTP phishing. Smishing. SS7. Zote zimezuiwa.

Mashambulizi manne ambayo Shirika la Upelelezi la Marekani (FBI) na Kituo cha Kitaifa cha Usalama wa Mtandao cha Uingereza (NCSC) yanaonya kuhusu neno la siri la mara moja la SMS, SIM swap, OTP phishing, smishing kits, carrier interception, yote yanashinda SMS. Hakuna hata moja kati ya hayo yanayofanya kazi dhidi ya selfie ya moja kwa moja inayolingana na picha iliyosajiliwa. FIDO Alliance inaorodhesha uso kwenye kifaa kama sugu dhidi ya phishing.
Kwa nini SMS imevunjika
04 · Imarisha pale inapohitajika

Washa tu kwenye sehemu zinazostahili.

Ingia kutoka kifaa kipya, hamisha zaidi ya kizingiti chako cha hatari, nenosiri / mabadiliko ya mipangilio, urejeshaji wa akaunti. Unganisha na Device + IP Analysis ili uthibitishaji upya kwenye kifaa kipya kabisa + Internet Protocol (IP) mpya kabisa uongezeke kiotomatiki. Mtiririko uleule, vichochezi nadhifu zaidi.
Moduli ya Uchambuzi wa Kifaa na IP
05 · Payload moja iliyosainiwa

Mbadala rahisi wa callback yako ya OTP iliyopo.

Webhook inatoa status, similarity_score, method, na header ya X-Signature-V2 kwa uthibitishaji wa Hash-based Message Authentication Code (HMAC) SHA-256. Muundo uleule wa callback, muundo uleule wa kuelekeza upya. Timu nyingi hubadilisha SMS na uso ndani ya wiki moja.
Mkataba wa Webhook
06 · Nafuu kuliko SMS

$0.10 per auth, no carrier fees, no minimums.

Neno la siri la mara moja la SMS la Tier-1 la Marekani linagharimu kati ya $0.05 na $0.30 kwa kila kutuma kulingana na mtoa huduma, na unalipa hata kama mtumiaji hajawahi kupokea msimbo. Uthibitishaji wa kibayometriki wa Didit ni $0.10 tu na uthibitishaji 500 bila malipo kila mwezi. Hakuna utegemezi wa mtoa huduma, hakuna ushuru wa kila nchi, hakuna viwango vya chini vya mkataba.
Angalia bei
Unganisha

Kikao kimoja. Callback moja. Uamuzi mmoja.

Fungua kikao cha uthibitishaji wa kibayometriki, piga selfie kwenye UI iliyopangishwa, soma uamuzi uliosainiwa kwenye webhook yako.
POST /v3/session/Uthibitishaji upya
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -d '{
    "workflow_id": "wf_bio_2fa",
    "workflow_type": "biometric_authentication",
    "vendor_data": "user-42",
    // base64 reference selfie, ≤ 1MB (omit for liveness-only)
    "portrait_image": "/9j/4AAQSkZJRgABAQE..."
  }'
201Imeundwa{ "session_url": "verify.didit.me/..." }
Inatumia LIVENESS + FACE_MATCH dhidi ya portrait_image iliyotolewa.nyaraka →
POST /v3/face-match/Seva kwa seva
$ curl -X POST https://verification.didit.me/v3/face-match/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -F "image_a=@live.jpg" \
  -F "image_b=@enrolled.jpg"
200Sawa{ "hali": "Imeidhinishwa", "alama_ya_kufanana": 0.96 }
Tumia tu unapomiliki mfumo wa kukamata data. Browser flows = hosted session.nyaraka →
Ujumuishaji tayari kwa agent

Badilisha SMS OTP kwa prompt moja.

Bandika kwenye Claude Code, Cursor, Codex, Devin, Aider, au Replit Agent. Jaza stack yako. Agent itaweka Didit, itajenga mfumo wa uthibitishaji wa biometriska, itabadilisha callback yako ya OTP iliyopo, na itakamilisha ndani ya wikiendi.
didit-integration-prompt.md
You are integrating Didit's Biometric 2FA into <my_stack>. Replace SMS one-time-password (OTP) on sensitive flows — login from a new device, large-value transfer, settings change, account recovery — with a sub-2-second face match against the user's enrolled portrait. Cheaper than SMS. Phishing-resistant. SIM-swap-proof.

  1. Enrol the user's portrait ONCE at sign-up via the standard Know Your Customer (KYC) session.
  2. On every sensitive action, open a Biometric Authentication session that runs Passive Liveness + Face Match 1:1 against the stored portrait. Verdict in sub-2-seconds.

Pricing (public):
  - Biometric Authentication: $0.10 per authentication (Sessions API)
  - Standalone Face Match 1:1: $0.05 per match (server-to-server)
  - First 500 verifications free every month, forever

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60s, no card).
  - Webhook endpoint with Hash-based Message Authentication Code (HMAC) SHA-256 verification using the X-Signature-V2 header.
  - The user has previously enrolled — either via a full KYC session (recommended; the portrait is stored automatically and never leaves Didit) or via a portrait you supply on each re-auth.
  - A workflow_id from the Workflow Builder. The workflow MUST contain LIVENESS, and the session must be opened with workflow_type = "biometric_authentication" (or use a workflow that has FACE_MATCH and pass a portrait_image at session creation).

STEP 1 — Enrolment (one-time, at user sign-up)

  Run a standard KYC session at sign-up. Didit stores the portrait (the face captured during the liveness step) as the user's enrolled template, bound to vendor_data.

  POST https://verification.didit.me/v3/session/
  Body:
    {
      "workflow_id": "<your KYC workflow>",
      "vendor_data": "<your user id>"
    }

  No additional code — once the user passes KYC, their enrolled portrait is ready for every future re-auth.

STEP 2 — Re-authentication (on every sensitive action)

  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<your biometric_authentication workflow>",
      "workflow_type": "biometric_authentication",
      "vendor_data": "<the same user id used at enrolment>",
      "callback": "https://<your-app>/2fa/callback",
      "metadata": {
        "reason": "<login_new_device | high_value_txn | settings_change | account_recovery>",
        "amount": "<optional, for large-value transfers>"
      },
      "portrait_image": "<base64 JPEG of the user's enrolment selfie, ≤ 1 MB — REQUIRED when the workflow has FACE_MATCH active; OMIT for liveness-only mode>"
    }

  Response: 201 Created with the hosted session_url. Redirect the user to it. The hosted UI:
    - Opens the front camera
    - Captures one passive frame
    - Runs Liveness + Face Match 1:1 against the user's enrolled portrait
    - Returns the verdict in sub-2-seconds

STEP 3 — Read the signed verdict on the webhook

  Body (excerpted for a passing re-auth):
    {
      "session_id": "<uuid>",
      "vendor_data": "<your user id>",
      "status": "Approved",
      "liveness": { "status": "Approved", "method": "PASSIVE", "score": 96 },
      "face": {
        "status": "Approved",
        "similarity_score": 0.96
      }
    }

  Verify X-Signature-V2 BEFORE trusting the body — HMAC SHA-256 of the raw bytes with your webhook secret.

  Session status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

  Branch your application:
    Approved      → execute the action (sign in, release the transfer, save settings).
    Declined      → block the action, re-prompt with a higher-friction recovery path (support contact / KYC re-do).
    In Review     → hold; route to your operations queue.
    Not Finished  → user abandoned the capture; safe to re-prompt or fall back.

STEP 4 — Alternate path (server-to-server, when you already have the selfie)

  If you already captured the selfie locally (native mobile SDK, in-app camera):

  POST https://verification.didit.me/v3/face-match/
  Headers:
    x-api-key: <your api key>
  Body (multipart/form-data):
    image_a         <the live selfie>
    image_b         <the enrolled portrait>

  Response: similarity_score (0-1), status (Approved | Declined | In Review).

  Use the standalone path only when you trust your client-side capture pipeline. For browser flows or any surface where the SDK is not embedded, always prefer the hosted session — Didit's liveness check is harder to defeat than a raw camera grab.

WEBHOOK EVENT NAMES
  - Sessions: status changes flow through the standard session webhook.
  - Always verify X-Signature-V2 on every payload.

CONSTRAINTS
  - Base URL for /v3/* endpoints is verification.didit.me (NOT apx.didit.me).
  - Feature enum is UPPERCASE: LIVENESS, FACE_MATCH, ID_VERIFICATION, AML, IP_ANALYSIS, AGE_ESTIMATION.
  - Method enum is UPPERCASE: PASSIVE, FLASHING, ACTIVE_3D.
  - Auth header is x-api-key (lowercase, hyphenated).
  - Webhook signature header is X-Signature-V2 (NOT X-Signature).
  - Status casing matches exactly: Approved, Declined, In Review, Expired, Not Finished, Resubmitted, Kyc Expired, Abandoned.
  - The biometric template is irreversible (a one-way hash) and stored on Didit's infrastructure. You never receive the raw template. Standard data-subject-deletion rules apply.

PRO TIPS
  - Pair Biometric 2FA with Device & IP Analysis (bundled into the 200+ fraud-signal stack). A re-auth that originates from a brand-new device + a brand-new IP should always step up to face.
  - For the strongest possible surface, swap method PASSIVE for ACTIVE_3D — a short motion challenge — on transfers above your operational risk threshold.

Read the docs:
  - https://docs.didit.me/core-technology/biometric-auth/overview
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.
Inatii kwa muundo

Fungua nchi mpya kwa kubofya mara moja. Tunafanya kazi ngumu.

Tunafungua kampuni tanzu za ndani, tunapata leseni, tunafanya majaribio ya kupenya, tunapata vyeti, na tunalingana na kila kanuni mpya. Ili kusafirisha uthibitishaji katika nchi mpya, geuza swichi. Nchi 220+ ziko hewani, zinakaguliwa na kupimwa kila robo mwaka, mtoa huduma pekee wa utambulisho ambaye serikali ya nchi mwanachama wa EU imemwita rasmi kuwa salama zaidi kuliko uthibitishaji wa ana kwa ana.
Soma faili ya usalama na utiifu
EU financial sandbox
Tesoro · SEPBLAC · BdE
Jugendschutz geprüft
FSM · JMStV §4(2) · 2026
ISO/IEC 27001
Usalama wa habari · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned kwa muundo

Namba zinazothibitisha

Namba zinazothibitisha
  • $0.00
    Kwa kila uthibitishaji, bei tambarare. SMS OTP inatofautiana $0.05 hadi $0.30 nchini Marekani.
  • <0s
    Uthibitishaji upya kamili kwenye Android ya kiwango cha chini, kutoka kukamata hadi webhook iliyosainiwa.
  • 0
    Utegemezi wa watoa huduma, hatari ya SIM-swap, au mashambulizi ya SS7.
  • 0
    Uthibitishaji wa bure kila mwezi, milele.
Ngazi tatu, orodha moja ya bei

Anza bure. Lipa kulingana na matumizi. Panua hadi Enterprise.

Uthibitishaji 500 bila malipo kila mwezi, milele. Lipa kadri unavyotumia kwa uzalishaji. Mikataba maalum, uhifadhi wa data, na SLA (Service Level Agreements) kwenye Enterprise.
Bure

Bure

$0 / mwezi. Hakuna kadi ya mkopo inayohitajika.

  • Kifurushi cha bure cha KYC (Uthibitishaji wa Kitambulisho + Passive Liveness + Face Match + Uchambuzi wa Kifaa & IP), 500 / mwezi, kila mwezi
  • Watumiaji Waliozuiwa
  • Utambuzi wa Marudio
  • Ishara 200+ za udanganyifu kwenye kila session
  • KYC inayoweza kutumika tena kwenye mtandao wa Didit
  • Jukwaa la Usimamizi wa Kesi
  • Workflow Builder
  • Nyaraka za umma, sandbox, SDKs, server ya MCP (Model Context Protocol)
  • Usaidizi wa jamii
Maarufu zaidi
Lipa kulingana na matumizi

Kulingana na Matumizi

Lipa tu kwa unachotumia. Moduli 25+. Bei za umma kwa kila moduli, hakuna ada ya chini ya kila mwezi.

  • KYC kamili kwa $0.33 (Kitambulisho + Biometric + IP / Kifaa)
  • Data za AML 10,000+, vikwazo, PEPs, habari hasi
  • Vyanzo vya data vya serikali 1,000+ kwa Uthibitishaji wa Database
  • Ufuatiliaji wa Miamala kwa $0.02 kwa kila muamala
  • KYB ya moja kwa moja kwa $2.00 kwa kila biashara
  • Uchunguzi wa Wallet kwa $0.15 kwa kila ukaguzi
  • Mtiririko wa uthibitishaji wa Whitelabel, brand yako, miundombinu yetu
Biashara Kubwa

Biashara Kubwa

MSA & SLA maalum. Kwa idadi kubwa na programu zilizodhibitiwa.

  • Mikataba ya kila mwaka
  • MSA, DPA, na SLA maalum
  • Kituo maalum cha Slack na WhatsApp
  • Wakaguzi wa mikono wanapohitajika
  • Masharti ya muuzaji na white-label
  • Vipengele vya kipekee na ushirikiano wa washirika
  • CSM aliyetajwa, ukaguzi wa usalama, usaidizi wa kufuata

Anza bure → lipa tu wakati ukaguzi unafanyika → fungua Enterprise kwa mkataba maalum, SLA, au uhifadhi wa data.

FAQ

Maswali ya kawaida

Didit ni nini?

Didit ni miundombinu ya utambulisho na udanganyifu, jukwaa ambalo tulitamani lingekuwepo tulipokuwa tukijenga bidhaa sisi wenyewe: wazi, rahisi, na rafiki kwa watengenezaji, ili lifanye kazi kama sehemu halisi ya stack yako badala ya sanduku jeusi unalounganisha.

API moja inashughulikia kuthibitisha watu (KYC, mjue mteja wako), kuthibitisha biashara (KYB, ijue biashara yako), kuchunguza pochi za crypto (KYT, ijue muamala wako), na kufuatilia miamala kwa wakati halisi, kwenye stack iliyojengwa kuwa:

  • Haraka, chini ya sekunde 2 p99 kwenye kila kipindi
  • Inaaminika, katika uzalishaji na kampuni 1,500+ katika nchi 220+
  • Salama, SOC 2 Type 1, ISO 27001, GDPR-native, na kuthibitishwa rasmi na mdhibiti wa kifedha wa Hispania kuwa salama zaidi kuliko kumthibitisha mtu ana kwa ana

Msingi wake: aina 14,000+ za nyaraka katika lugha 48+, vyanzo vya data 1,000+, na ishara za udanganyifu 200+ kwenye kila kipindi. Miundombinu ya Didit inajifunza kwa nguvu kutoka kila kipindi na inaboresha kila siku.

Biometric 2FA ni nini?

Uthibitishaji wa kipengele cha pili kwa kutumia uso wa mtumiaji, sio code iliyotumwa kupitia mtandao. Kipengele cha kwanza ni kile mtumiaji anachokijua (nenosiri, passkey, magic link). Kipengele cha pili ni kile mtumiaji alicho, selfie ya moja kwa moja inayolingana 1:1 dhidi ya picha ambayo mtumiaji alijisajili nayo hapo awali.

Inakaa mahali pale pale kama nenosiri la mara moja la SMS (OTP) katika mtiririko wa programu yako, lakini kwa gharama tofauti, usalama, na wasifu wa ubadilishaji.

Kwa nini nenosiri la mara moja la SMS linaonekana kuwa dhaifu?

Aina nne za mashambulizi zilizoelezwa vizuri huishinda. Shirika la Upelelezi la Shirikisho la Marekani (FBI) na Kituo cha Kitaifa cha Usalama wa Mtandao cha Uingereza (NCSC) vyote vimechapisha mwongozo unaoelekeza mashirika mbali na SMS kwa mifumo nyeti.

  • SIM swap. Mshambuliaji anashawishi mtoa huduma kuhamisha namba ya mtumiaji kwenye SIM mpya. Kila code sasa inakwenda kwa mshambuliaji.
  • OTP phishing. Mshambuliaji anatumia tovuti halali kama wakala, anakamata code mtumiaji anapoandika, anairudia kabla haijaisha muda wake.
  • Smishing kits. Vifaa vilivyojengwa tayari huendesha maelfu ya ujumbe bandia wa utoaji / benki ambao hukamata codes kwa wingi.
  • Signalling System 7 (SS7) interception. Maadui wenye ufikiaji wa mtoa huduma wanaweza kusoma codes kutoka kwenye mtandao bila kujulikana.
Uthibitishaji ni wa haraka kiasi gani kwa mtumiaji wangu wa mwisho?

Mchakato mzima kwa kawaida huchukua chini ya sekunde 30 kuanzia mwanzo hadi mwisho, chukua kitambulisho, piga picha ya hati, piga selfie, umemaliza. Huu ndio wa haraka zaidi sokoni. Watoa huduma wa zamani wa KYC kwa kawaida huchukua zaidi ya sekunde 90 kwa mchakato huohuo.

Kwa upande wa nyuma, Didit inarudisha matokeo katika chini ya sekunde mbili kwa p99, ikipimwa kuanzia wakati mtumiaji anamaliza selfie hadi wakati webhook yako inawashwa. Ukamataji wa simu umeboreshwa kwa simu za polepole na mitandao ya polepole: ukandamizaji wa picha unaoendelea, upakiaji wa polepole wa software development kit, na uhamishaji wa kugusa mara moja kutoka desktop kwenda simu kupitia QR code ikiwa mtumiaji anaanza kwenye wavuti.

Uso wa mtumiaji "unasajiliwaje" hasa?

Timu nyingi husajili wakati wa kipindi cha awali cha Know Your Customer (KYC) cha mtumiaji. Picha iliyokamatwa na hatua ya uhai huhifadhiwa ikiwa imeunganishwa na vendor_data yako na kutumika kama template kwa kila uthibitishaji upya unaofuata.

Ikiwa huendeshi KYC wakati wa kujisajili, unaweza kuendesha kipindi cha usajili cha mara moja dhidi ya mtiririko wa kazi wa Didit ambao una LIVENESS + FACE_MATCH pekee. Njia yoyote inagharimu $0.10 mara moja, na template inayotokana inaweza kutumika tena kwa kila uthibitishaji wa baadaye.

Nini hutokea ikiwa mtumiaji atashindwa, ataacha, au muda wake utaisha?

Kila kipindi huishia kwenye mojawapo ya hadhi saba zilizo wazi, kwa hivyo code yako daima inajua nini cha kufanya:

  • Approved, hundi zote zimepita. Mpeleke mtumiaji mbele.
  • Declined, hundi moja au zaidi zimeshindwa. Unaweza kumruhusu mtumiaji kutuma upya hatua maalum iliyoshindwa (kwa mfano, kupiga selfie upya) bila kuendesha mchakato mzima upya.
  • In Review, imewekwa alama kwa ukaguzi wa kufuata sheria. Fungua kesi kwenye console, angalia kila ishara, amua kuidhinisha au kukataa.
  • In Progress, mtumiaji yuko katikati ya mchakato.
  • Not Started, kiungo kimetumwa, mtumiaji bado hajafungua. Tuma ukumbusho ikiwa itakaa muda mrefu.
  • Abandoned, mtumiaji alifungua kiungo lakini hakumaliza kwa wakati. Mshirikishe tena au muda wake uishe.
  • Expired, kiungo cha kipindi kimepitwa na wakati. Unda kipindi kipya.

Webhook iliyosainiwa huwashwa kila mabadiliko ya hadhi, kwa hivyo database yako daima inabaki sawa. Vipindi vilivyoachwa na kukataliwa ni bure.

Data ya mteja wangu inakaa wapi na inalindwaje?

Data ya uzalishaji inachakatwa na kuhifadhiwa katika Umoja wa Ulaya kwa chaguo-msingi, kwenye Amazon Web Services. Mikataba ya biashara inaweza kuomba maeneo mbadala kwa mamlaka ambazo wasimamizi wake wanahitaji.

Usimbaji fiche kila mahali. AES-256 ikiwa imetulia kwenye kila database, hifadhi ya vitu, na backup. Transport Layer Security 1.3 ikiwa safarini kwenye kila API call, webhook, na kipindi cha Business Console. Data ya kibayometriki imesimbwa kwa kutumia Customer Master Key tofauti.

Uhifadhi ni wako kudhibiti. Uhifadhi chaguomsingi ni usio na kikomo (unlimited) isipokuwa ukisanidi muda mfupi, kati ya siku 30 na miaka 10 kwa kila programu, na unaweza kufuta kipindi chochote cha kibinafsi wakati wowote kutoka kwenye dashibodi au API.

Vyeti: SOC 2 Type 1 (ukaguzi wa Type 2 unaendelea), ISO/IEC 27001:2022, iBeta Level 1 PAD, na uthibitisho wa umma kutoka Tesoro / SEPBLAC / CNMV ya Hispania kwamba uthibitishaji wa utambulisho wa mbali wa Didit ni salama zaidi kuliko kumthibitisha mtu ana kwa ana. Ripoti kamili inapatikana kwenye /security-compliance.

Je, Didit inatii sheria kwa tasnia yangu?

Didit inatii sheria kwa chaguo-msingi kwa wasimamizi muhimu kwa miundombinu ya utambulisho:

  • GDPR + UK GDPR, mgawanyo wa mtawala / mchakataji, Mkataba kamili wa Uchakataji Data ulichapishwa, mamlaka kuu ya usimamizi imetajwa (AEPD ya Hispania).
  • AMLD6 + EU AML Single Rulebook, vikwazo 1,300+, mtu aliye wazi kisiasa, na orodha za vyombo vya habari hasi zimechunguzwa kwa wakati halisi.
  • eIDAS 2.0, Inalingana na EU Digital Identity Wallet; tayari kwa utambulisho unaoweza kutumika tena.
  • MiCA (Markets in Crypto-Assets), tayari kwa crypto on-ramps, exchanges, na custodians.
  • DORA, Digital Operational Resilience Act, uthabiti wa uendeshaji wa huduma za kifedha za EU.
  • BIPA, CUBI, Washington HB 1493, CCPA / CPRA, faragha ya kibayometriki ya Marekani (Illinois, Texas, Washington) na faragha ya watumiaji wa California.
  • UK Online Safety Act, masharti ya kuzuia umri na usalama wa watoto.
  • FATF Travel Rule, data ya mwanzilishi na mnufaika kwenye uhamishaji wa crypto, IVMS-101 inayoendana.

Memo ya kina, kila cheti, kila barua ya mdhibiti: /security-compliance.

Ninaweza kuunganisha na kuanza kuthibitisha watumiaji haraka kiasi gani?
  • Sekunde 60 hadi akaunti ya sandbox kwenye business.didit.me, hakuna kadi ya mkopo.
  • Dakika 5 hadi uthibitishaji unaofanya kazi kupitia Claude Code, Cursor, au wakala yeyote wa kuweka code kupitia seva yetu ya Model Context Protocol (MCP).
  • Wikiendi moja hadi muunganisho tayari kwa uzalishaji na uthibitishaji wa webhook uliosainiwa, majaribio upya, na mtiririko wa kurekebisha mtumiaji anapokataliwa.

Njia tatu za kuunganisha, chagua inayofaa stack yako:

  • Pachika asili na Web, iOS, Android, React Native, au Flutter SDK yetu.
  • Elekeza upya mtumiaji kwenye ukurasa wa uthibitishaji uliopangishwa, hakuna SDK.
  • Tuma kiungo kwa barua pepe, SMS, WhatsApp, au chaneli yoyote, hakuna kazi ya front-end.

Dashibodi moja, bili moja, bei sawa ya kulipa-kwa-mafanikio kwa zote tatu. Mwongozo wa hatua kwa hatua kwenye docs.didit.me/integration/integration-prompt.

Muunganisho unaonekanaje?

Ni drop-in kwa mkataba wako uliopo wa one-time-password callback.

  • POST /v3/session/ na workflow_type: "biometric_authentication" na vendor_data ile ile uliyotumia wakati wa usajili.
  • Elekeza upya mtumiaji kwenye session_url iliyorudishwa.
  • Thibitisha X-Signature-V2 header kwenye webhook kabla ya kuamini body.
  • Branch kwenye status, Approved (tekeleza hatua), Declined (zuia), In Review (weka foleni), Not Finished (omba tena).

Timu nyingi hubadilisha SMS kwa uso ndani ya wikiendi. Prompt kamili inayoweza kubandikwa na wakala iko hapo juu; seva ya Model Context Protocol (MCP) inazungumza nyuso zote mbili.

Je, ikiwa uso wa mtumiaji ulibadilika (kukata nywele, ndevu, miwani)?

Face Match 1:1 ni imara dhidi ya mabadiliko ya wastani ya sura, nywele za usoni, miwani, rangi ya nywele, mwanga. Alama ya kufanana inayorudishwa kwa kila uthibitishaji inaonyesha jinsi model ilivyo na uhakika.

Kwa watumiaji wanaotoka nje ya kizingiti cha kuidhinisha kiotomatiki (kisa cha kawaida: mabadiliko makubwa ya uzito, upasuaji, kuzeeka kwa miaka mingi), uamuzi unarudi In Review na kuelekezwa kwenye foleni yako ya shughuli. Njia ya kawaida ya kurejesha ni kikao cha kusajili upya, simu moja ya KYC inaburudisha picha, na uthibitishaji unaofuata unatumia template mpya.

Je, hii inatii PSD2 strong customer authentication ya EU?

Ndio kwa kategoria ya inherence. Viwango vya Kiufundi vya Udhibiti wa Mamlaka ya Benki ya Ulaya kuhusu Uthibitishaji Imara wa Wateja vinatambua sifa za kibayometriki (kitu ulicho nacho) kama sababu halali ya pili inapounganishwa na mojawapo ya kategoria nyingine mbili (maarifa au milki).

Kwa mtiririko kamili wa PSD2 strong-customer-authentication, unganisha biometric 2FA na nenosiri la mtumiaji (maarifa) au kikao kilichofungwa na kifaa (milki). Uamuzi uliosainiwa wa Didit ni ushahidi wa audit-pack wa sababu ya inherence.

Miundombinu ya utambulisho na udanganyifu.

API moja kwa KYC, KYB, Ufuatiliaji wa Miamala, na Uchunguzi wa Wallet. Unganisha ndani ya dakika 5.

Uliza AI ifupishe ukurasa huu