Ukaguzi mmoja wa Utendaji Tulivu mbele ya kitendo chochote cha thamani ya juu. Roboti hazina uso wa kuonyesha — haziwezi kupita. Uamuzi wa chini ya sekunde mbili, $0.10 kwa kila ukaguzi, 500 bure kila mwezi.
Inaaminika na mashirika 2,000+ duniani kote.
Kwa nini CAPTCHA iliacha kufanya kazi
Mashamba ya kibiashara ya kutatua CAPTCHA husafisha hCaptcha na reCAPTCHA Enterprise kwa sehemu za senti. Utendaji Tulivu huuliza kitu ambacho hati haina — binadamu halisi mbele ya kamera halisi. $0.10 kwa kila lango, chini ya sekunde mbili, 500 bure kila mwezi.
Chagua ukaguzi unaotaka — Kitambulisho, uhai, kulinganisha uso, vikwazo, anwani, umri, simu, barua pepe, maswali maalum. Ziburute kwenye mtiririko kwenye dashibodi, au tuma mtiririko huo huo kwa API yetu. Panga kwa masharti, fanya majaribio ya A/B, hakuna msimbo unaohitajika.
Pachika kiasili na Web, iOS, Android, React Native, au Flutter SDK yetu. Elekeza kwenye ukurasa uliopangishwa. Au tuma tu mtumiaji wako kiungo — kwa barua pepe, SMS, WhatsApp, popote. Chagua kinachofaa mfumo wako.
Didit huandaa kamera, vidokezo vya mwanga, uhamishaji wa simu, na ufikiaji. Wakati mtumiaji yuko kwenye mtiririko, tunapata alama za ishara 200+ za udanganyifu kwa wakati halisi na kuthibitisha kila sehemu dhidi ya vyanzo vya data vya mamlaka. Matokeo chini ya sekunde mbili.
Webhooks zilizotiwa saini kwa wakati halisi huweka hifadhidata yako sawa mara tu mtumiaji anapoidhinishwa, kukataliwa, au kutumwa kwa ukaguzi. Piga API inapohitajika. Au fungua koni ili kukagua kila kipindi, kila ishara, na kudhibiti kesi kwa njia yako.
Didit · Ramani ya uso
Didit · Uhai Tulivu
Kaa tuli · 1 kati ya 1
Angalia kamera
Didit · Ulinzi wa vekta ya bot
Didit · Uchambuzi wa Kifaa na IP
Didit · KYC inayoweza kutumika tena
Pasi ya kwanza
Cheza tena
Didit · Webhook · X-Signature-V2
{
"session_id": "abc-…",
"vendor_data": "signup-918",
"status": "Approved",
"liveness": { "status": "Approved" }
}$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "wf_bot_gate",
"vendor_data": "signup-918",
"metadata": { "surface": "signup_form" }
}'status: Approved.nyaraka →// X-Signature-V2 verified upstream
if (payload.status === "Imeidhinishwa") {
ruhusuKujisajili(payload.data_ya_muuzaji);
} vinginevyo ikiwa (payload.status === "Imekataliwa") {
punguzaIP(payload.uchambuzi_wa_ip.ip);
zuiaNaAndika(payload.data_ya_muuzaji);
}X-Signature-V2 kabla ya kusoma "payload".nyaraka →You are integrating Didit Passive Liveness as a bot-gate on a high-value action — sign-up, leaderboard submission, airdrop / token claim, referral payout, comment, or ticket queue. Bots cannot pass Passive Liveness because they have no face to present to the camera. One API call. One signed webhook. One decision.
WHY THIS SHAPE
- Bots scale because they cost nothing per attempt. CAPTCHA stops the dumbest ones but commercial solver farms beat hCaptcha and reCAPTCHA Enterprise at fractions of a cent per solve.
- Passive Liveness asks for something a script does not have: a live human face in front of a real camera. The model decides on one frame, in under two seconds, with no user interaction beyond "hold still".
- $0.10 per check (Passive Liveness module). 500 verifications free every month. Combine with $0.03 IP / device pre-screen to keep the camera off the obvious bots and the budget on real candidates.
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
- A webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header using your webhook secret.
- A Workflow Builder workflow containing the Passive Liveness module — optionally Device & IP Analysis pre-step.
- The high-value action wrapped in a server-side gate that defaults to BLOCK and only unblocks on a verified webhook with status: Approved.
STEP 1 — (Optional) Cheap IP / device pre-screen
Before opening a camera, score the network with Device & IP Analysis ($0.03 / call, under 100ms).
If the score is low and no datacenter / VPN / scripted-user-agent flags fire, run Step 2.
If the score is high or any of those flags fire, skip the liveness call and decline up-front — this saves the camera budget for plausible humans.
STEP 2 — Open a Passive Liveness session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with the Passive Liveness module>",
"vendor_data": "<your action / user id, max 256 chars>",
"callback": "https://<your-app>/bot-gate/callback",
"metadata": {
"surface": "signup_form",
"action_id": "<your internal reference>"
}
}
Response: 201 Created with a hosted session URL. Redirect inline (web) or open in a Software Development Kit (SDK) webview (mobile). The action stays BLOCKED on your side until the signed webhook lands.
STEP 3 — Read the signed webhook
Didit POSTs the verdict. Verify X-Signature-V2 (HMAC SHA-256 of the raw body using your webhook secret) BEFORE reading the JSON.
Payload (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your action / user id>",
"status": "Approved",
"liveness": { "status": "Approved" }
}
Session status enum (exact case, Title Case With Spaces): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
STEP 4 — Branch the action
Approved → allow the sign-up / claim / submission.
Declined → block the action. Log liveness warnings (image-only / virtual-cam / replay / deepfake) and throttle the source IP.
Not Finished → invite the user to retry with a fresh session URL.
Expired → session timed out. Resend the link.
Abandoned → the user closed the flow before completing. Resend the link.
STEP 5 — (Optional) Replay Reusable Know Your Customer (KYC) for known humans
If a user has previously completed a Didit-verified session, a fresh liveness check is not required for re-entry — they can replay their verified credential at no cost via Didit Reusable KYC. Use the user's existing session_id to confirm enrollment and skip Step 2. Free forever.
WEBHOOK EVENT NAMES
- Sessions: standard session webhook. One endpoint, status field tells you where in the lifecycle.
- Verify X-Signature-V2 (HMAC SHA-256) on every payload.
WHAT GETS BLOCKED
- Headless Chrome with scripted form submission
- Browser-automation farms (Puppeteer, Playwright, Selenium)
- Image-only submissions (no camera attached)
- Virtual-camera AI face injectors
- Pre-recorded screen replays
- Print or paper attacks
- Silicone / latex masks
- AI-generated deepfake faces
All independently tested at iBeta and certified at Level 1 Presentation Attack Detection (PAD) against the full ISO/IEC 30107-3 catalogue. Re-tested every year.
CONSTRAINTS
- Session statuses use Title Case With Spaces. Never use UPPER_SNAKE_CASE for session verdicts — that's the Transactions API.
- Default to BLOCK on the server. Only unblock when the verified webhook says Approved.
- 200+ fraud signals are evaluated on every session at no extra cost — read them off the decision payload, don't re-query.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/core-technology/liveness/overview
- https://docs.didit.me/core-technology/ip-analysis/overview
- https://docs.didit.me/core-technology/reusable-kyc/overview
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / mwezi. Hakuna kadi ya mkopo inayohitajika.
Lipa tu kwa kile unachotumia. Moduli 25+. Bei ya umma kwa kila moduli, hakuna ada ya chini ya kila mwezi.
MSA & SLA maalum. Kwa idadi kubwa na programu zilizodhibitiwa.
Anza bure → lipa tu wakati ukaguzi unafanyika → fungua Biashara kwa mkataba maalum, SLA, au makazi ya data.
API moja kwa KYC, KYB, Ufuatiliaji wa Miamala, na Uchunguzi wa Wallet. Unganisha kwa dakika 5.