Pima mtandao na kifaa kwenye kila gari la hatari kubwa kwa $0.03. Ongeza ukaguzi wa biometriska kwenye sehemu ndogo ambapo ishara pekee hazitoshi. Uthibitishaji 500 bure kila mwezi.
Inaaminika na mashirika 2,000+ duniani kote.
Kwa nini malipo mengi hayahitaji msuguano
90% ya maagizo ni wanunuzi wa kila siku kwenye vifaa vinavyoaminika — wanapaswa kupita bila shida. 10% yenye kilele cha hatari hupata uchunguzi: IP ya $0.03 + kifaa kwenye kesi za bei nafuu, hatua ya biometriska ya $0.10 kwenye zile za thamani kubwa. Uthibitishaji 500 bure kila mwezi.
Chagua ukaguzi unaotaka — Kitambulisho, uhai, kulinganisha uso, vikwazo, anwani, umri, simu, barua pepe, maswali maalum. Ziburute kwenye mtiririko kwenye dashibodi, au chapisha mtiririko huo huo kwenye API yetu. Tawi kwenye masharti, endesha majaribio ya A/B, hakuna msimbo unaohitajika.
Pachika asili na Web, iOS, Android, React Native, au Flutter SDK yetu. Elekeza kwenye ukurasa uliopangishwa. Au tuma tu kiungo kwa mtumiaji wako — kwa barua pepe, SMS, WhatsApp, popote. Chagua kinachofaa mfumo wako.
Didit huandaa kamera, ishara za mwanga, uhamishaji wa simu, na ufikiaji. Wakati mtumiaji yuko kwenye mtiririko, tunapata alama za ishara 200+ za ulaghai kwa wakati halisi na kuthibitisha kila sehemu dhidi ya vyanzo vya data vya mamlaka. Matokeo chini ya sekunde mbili.
Webhooks zilizotiwa saini za wakati halisi huweka hifadhidata yako ikiwa sawa mara tu mtumiaji anapoidhinishwa, kukataliwa, au kutumwa kwa ukaguzi. Uliza API inapohitajika. Au fungua koni ili kukagua kila kipindi, kila ishara, na kudhibiti kesi kwa njia yako.
Didit · Sera ya kichochezi cha hatari
Didit · Uchambuzi wa Kifaa na IP
Didit · Uthibitishaji wa Kibayometriki
Thibitisha · 1 kati ya 1
Tuliza kwa ukaguzi
Didit · Ushahidi wa kurejesha malipo
agizo-A4421 · kifurushi cha ushahidi
Didit · KYC inayoweza kutumika tena
Pasi ya kwanza
Malipo
Didit · Webhook · X-Signature-V2
{
"session_id": "order-A4421",
"vendor_data": "order-A4421",
"status": "Approved",
"ip_analysis": { "score": 11 },
"liveness": { "status": "Approved" }
}$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "wf_buyer_screen",
"vendor_data": "order-A4421",
"metadata": { "cart_total_cents": 78500 }
}'status: Approved.nyaraka →// X-Signature-V2 verified upstream
if (payload.status === "Imeidhinishwa") {
shipOrder(payload.vendor_data);
} vinginevyo ikiwa (payload.status === "Imekataliwa") {
cancelAndRefund(payload.vendor_data);
}X-Signature-V2 kabla ya kusoma malipo.nyaraka →You are integrating a Didit buyer-side fraud screen on a marketplace / e-commerce checkout. Goal: catch stolen-card use, account takeover, gift-card stack abuse, geo-mismatch friendly fraud, and bot scalping on high-value carts. Two stages — cheap signals first, biometric step-up only when signals aren't enough.
WHY THIS SHAPE
- Most checkouts don't need any friction. Day-to-day buyers on trusted devices from residential networks should sail through.
- A small percentage are high-value or high-risk — cart over a threshold, gift-card stack, payout to a new card, geo mismatch, new device, velocity anomaly. On those, run a screen.
- Two stages keep the cost and the friction proportional to the risk. Cheap IP + device check ($0.03) is decisive on the obvious cases. Biometric step-up ($0.10) only fires when the cheap signals are inconclusive AND the order is high-value.
- 500 verifications free every month. The screen runs inside the free tier for most teams while they tune the thresholds.
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
- A webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header using your webhook secret.
- A Workflow Builder workflow with Device & IP Analysis and optionally Passive Liveness + Face Match 1:1 against the stored buyer portrait.
- A server-side cart-gate that defaults to BLOCK on the high-risk path and only unblocks on a verified webhook with status: Approved.
STEP 1 — Decide WHEN to screen (your code, not Didit's)
Run your usual checkout signals. Default triggers worth a screen:
- Cart total above your account-level tier (e.g. > $500)
- Gift-card stack of three or more cards in one order
- Shipping country that doesn't match the billing-card country
- First buy from a new device
- Velocity anomaly — N orders within window W from the same buyer
- Payout / refund destination changed mid-flow
Day-to-day reads from trusted-device + residential-network buyers do NOT need a screen.
STEP 2 — Open the screen session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with Device & IP Analysis + optional Passive Liveness + Face Match 1:1>",
"vendor_data": "<your order id, max 256 chars>",
"callback": "https://<your-app>/checkout/screen/callback",
"metadata": {
"cart_total_cents": 78500,
"currency": "EUR",
"trigger": "high_value_cart"
}
}
Response: 201 Created with a hosted session URL. Show inline at checkout (web), or open in a Software Development Kit (SDK) webview (mobile). The order stays in HOLD on your side until the signed webhook lands.
STEP 3 — Read the signed webhook
Didit POSTs the verdict. Verify X-Signature-V2 (HMAC SHA-256 of the raw body) BEFORE reading the JSON.
Payload (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your order id>",
"status": "Approved",
"ip_analysis": { "status": "Approved", "score": 11 },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.93 }
}
Session status enum (exact case, Title Case With Spaces): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
STEP 4 — Branch the cart action
Approved → ship the order, capture the auth, send the confirmation.
In Review → hold the order. Route to manual review with the per-module signals as the case file.
Declined → cancel the order, refund the auth, log warnings (liveness / face-match / ip flags), throttle the source IP.
Not Finished → invite the buyer to retry the screen with a fresh session URL. Don't ship.
STEP 5 — (Optional) Reusable Know Your Customer (KYC) for returning trusted buyers
Once a buyer has passed identity once on the platform, the credential can replay on future checkouts at no cost via Reusable KYC. Look up the buyer's prior session_id; if the credential is valid and recent, skip the live screen.
That keeps the friction on the unknown traffic only. Free forever.
STEP 6 — Use the decision payload as the chargeback evidence pack
When a dispute lands, pull the full decision payload via:
GET https://verification.didit.me/v3/session/{session_id}/decision/
Headers:
x-api-key: <your api key>
Pairs naturally with:
- 3-D Secure 2.x (3DS2) liability shift on EU cards
- Visa Compelling Evidence 3.0 (CE3.0) — biometric + IP + device fingerprint + prior-order history meets the "trusted customer" bar
- Mastercard Identity Check chargeback dispute kit
WEBHOOK EVENT NAMES
- Sessions: standard session webhook. One endpoint, status field tells you the lifecycle.
- Verify X-Signature-V2 (HMAC SHA-256) on every payload.
WHAT IT BLOCKS
- Stolen-card use on first-time-buy + geo mismatch
- Account takeover on a previously-verified buyer (the step-up is the second-factor)
- Friendly fraud where the cardholder disputes a charge they actually authorised
- Bot scalpers running multi-item carts from datacenter Internet Protocol (IP) addresses
- Gift-card stack drains funded by a stolen card
- Reshipper / mule patterns (ship-to address inconsistent with prior orders)
CONSTRAINTS
- Session statuses use Title Case With Spaces. Never UPPER_SNAKE_CASE — that's the Transactions API.
- Start with IP-only on the cheap cases. Add the biometric step-up only on high-value carts or when IP alone is inconclusive — keeps cost down and friction proportional.
- 200+ fraud signals are evaluated on every session at no extra cost — read them off the decision payload, don't re-query.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/core-technology/ip-analysis/overview
- https://docs.didit.me/core-technology/biometric-auth/overview
- https://docs.didit.me/core-technology/reusable-kyc/overview
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.$0 / mwezi. Hakuna kadi ya mkopo inayohitajika.
Lipa tu kwa kile unachotumia. Moduli 25+. Bei ya umma kwa kila moduli, hakuna ada ya chini ya kila mwezi.
MSA & SLA maalum. Kwa idadi kubwa na programu zilizodhibitiwa.
Anza bure → lipa tu wakati ukaguzi unafanyika → fungua Biashara kwa mkataba maalum, SLA, au makazi ya data.
API moja kwa KYC, KYB, Ufuatiliaji wa Miamala, na Uchunguzi wa Wallet. Unganisha kwa dakika 5.