免费
免费
每月 $0。无需信用卡。
- 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
- 黑名单用户
- 重复检测
- 每次会话 200+ 欺诈信号
- Didit 网络中可重复使用的 KYC
- 案件管理平台
- 工作流构建器
- 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
- 社区支持
全球2,000多家组织信赖。
为何是技能,而非文档
文档为人而生。技能为智能体而设。
给 Cursor 一个文档标签,它会自行创建端点并小写状态枚举。而给它一个 Didit 技能,每一行都指向真实的 API, 锁定端点、锁定请求头、签名 webhook 处理程序已搭建。只需一个 `npx` 命令。
工作原理
从 npx 安装到用户验证,仅需四步。
- 步骤 01
安装技能
在您的项目中运行 `npx skills add didit-protocol/skills`。CLI 会检测 Cursor、Claude Code、Codex 或 OpenCode,并将所有技能放入正确的文件夹。您也可以使用 `--skill didit-face-match` 只安装一个技能。
- 步骤 02
获取 API 密钥
您可以在 [business.didit.me](https://business.didit.me) 60秒内获取一个,并 `export DIDIT_API_KEY=…`;或者让代理通过编程方式自行注册, `POST /programmatic/register/` 后跟 `verify-email/`,密钥将在响应中返回。无需浏览器。
- 步骤 03
用自然语言提问
“将 Didit KYC 添加到我的注册流程中。”“根据 AML 列表筛选此用户。”代理会读取相关技能,编写代码,并连接签名 webhook 处理程序。首次尝试即正确, 无需切换文档标签。
- 步骤 04
用户验证
Didit 托管摄像头、证件捕获、自拍和移动设备切换。用户操作时间少于30秒。您的 webhook 在2秒内收到结果,并带有 `X-Signature-V2` 签名,确保可信。
技能为您带来什么
十二项技能。零幻觉。每个 Didit API。
每个技能都是一个独立的 Markdown 文件,锁定端点、请求头、请求体结构和状态枚举。开源。与 API 版本同步。
01 · 目录
十二项技能。每项对应 Didit 的一项功能。
一个中心技能,用于账户、会话、工作流和账单(45+ 个端点),外加十一个独立技能,用于身份、活体检测、人脸匹配、人脸搜索、年龄、AML、电子邮件、电话、地址证明和数据库验证。
完整目录请访问 docs.didit.meDidit · Catalog
Twelve skills · every API.
- didit-verification-managementThe hub · 45+ endpoints
- didit-kyc-onboardingFull KYC recipe
- didit-id-document-verificationPassports, IDs, licences
- didit-liveness-detection99.9% accurate selfie liveness
- didit-face-matchCompare two faces, 0–100 score
- didit-aml-screening1,300+ sanctions + PEP lists
- didit-proof-of-addressOCR + geocoding
- didit-database-validationGov databases · 18 countries
+ face-search, age, email, phone, 12 in total.
02 · 安装
一个 npx 命令。搞定。
`npx skills add didit-protocol/skills` 可安装所有十二项技能。添加 `--skill didit-face-match` 可选择一项。偏好 Git?`git clone` 并复制所需内容。不喜欢工具?将单个 `SKILL.md` 放入代理的技能文件夹。
用户验证模块Didit · npx install
One command. Skills installed.
$ npx skills add didit-protocol/skills
✓ 12 skills installed
# or just one
$ npx skills add didit-protocol/skills \
--skill didit-face-match
✓ didit-face-match installed
$ claude "add Didit KYC to signup"
→ reads the skill, writes the code.
Detects Cursor, Claude Code, Codex, OpenCode automatically.
03 · 主机
Cursor、Claude Code、Codex、OpenCode。
Markdown 技能处处通用。CLI 会自动检测您的运行时并写入 `.cursor/skills/` 或 `.claude/skills/`。基于 [agentskills.io](https://agentskills.io) 开放标准构建, 无需供应商 SDK。
工作流编排器Didit · Hosts
Every modern coding agent.
- Claude Code.claude/skills/
- Cursor.cursor/skills/
- CodexAuto-detected
- OpenCodeAuto-detected
Open standard at agentskills.io. No vendor SDK.
Didit · What skills lock
Stop the agent from guessing.
Common agent mistakeSkill fixesStatus
- Invents POST /v3/wallet-screening/Real pathBlock
- Lowercases status enumsTitle Case lockedBlock
- Re-serialises before HMAC checkRaw-body exampleBlock
- Quotes old prices from training dataLive $0.30 bundleBlock
- Skips signed-webhook handlerHandler scaffoldedReview
51 endpoints tested, every release.
05 · 设置
一个环境变量。或自行注册。
`export DIDIT_API_KEY=…` 即可连接技能。或者让代理通过 `POST /programmatic/register/` 自行注册,无需离开终端即可获取密钥。
获取 API 密钥Didit · Setup
One env var. Skill is wired.
# Console-issued key
export DIDIT_API_KEY="sk_live_..."
# or — agent self-registers
POST /programmatic/register/
POST /programmatic/verify-email/
→ api_key returned, no browser needed.
Optional: DIDIT_WORKFLOW_ID, DIDIT_WEBHOOK_SECRET.
06 · 开源
MIT 许可。可自由 Fork。
所有技能都位于 [github.com/didit-protocol/skills](https://github.com/didit-protocol/skills)。审计代码、自定义提示、发送 PR。端点发布当天,技能同步上线。
github.com/didit-protocol/skillsDidit · github.com/didit-protocol/skills
Open source. Yours to fork.
In every skill
SKILL.mdSpec + examples
scripts/Python CLI
languagesTypeScript · Python · cURL
tested51 endpoints
Three install paths
npxRecommended
git cloneCopy what you want
manualSingle SKILL.md
forkCustomise + PR back
Versioned with the API · new endpoint, same-day skill.
集成
安装技能。询问代理。发布。
左:安装。右:代理在技能到位后编写的 cURL。
npx skills add安装
$ npx skills add didit-protocol/skills
✓ 已安装 12 项技能
# or just one
$ npx skills add didit-protocol/skills \
--skill didit-face-match
# set the api key
$ export DIDIT_API_KEY="sk_live_..."OK就绪Cursor、Claude Code、Codex、OpenCode 已自动检测。
或 `git clone` 仓库以获得完全控制。仓库 →
POST /v3/session/代理输出
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "$DIDIT_WORKFLOW_ID",
"vendor_data": "user-42",
"callback_url": "https://app/cb"
}'201已创建{ "url": "verify.didit.me/..." }
由 `didit-kyc-onboarding` 技能生成。文档 →
代理就绪集成
一键安装所有 12 个 Didit 代理技能。
粘贴到 Cursor、Claude Code、Codex 或 OpenCode 中。代理将安装技能、设置环境、搭建会话创建 + 签名 Webhook 处理程序,并针对实时 API 进行测试。
didit-integration-prompt.md
You are installing the Didit Agent Skills into this project and wiring the first verification session against the live https://verification.didit.me/v3/ API. After this prompt, the project should pass identity verification — Know Your Customer (KYC), Anti-Money Laundering (AML) screening, document Optical Character Recognition (OCR) — through Didit.
Didit ships twelve open-source Agent Skills at https://github.com/didit-protocol/skills and follows the open standard at https://agentskills.io. The CLI auto-detects whether you are running inside Cursor, Claude Code, Codex, or OpenCode and drops the skills into the right folder.
PRE-REQUISITES
- A Didit API key (DIDIT_API_KEY). Either issued from https://business.didit.me, or self-registered by the agent via POST /programmatic/register/ + POST /programmatic/verify-email/ (no browser needed).
- A workflow_id from the Workflow Builder that bundles ID Verification + Passive Liveness + Face Match + IP Analysis + AML — or just use the didit-kyc-onboarding skill below to create one programmatically.
- A webhook endpoint that verifies the X-Signature-V2 header with HMAC-SHA256 on the raw body bytes (do NOT re-serialise the parsed JSON; the signature will not match).
STEP 1 — Install the skills
Recommended:
npx skills add didit-protocol/skills
This installs all twelve skills. To install only one:
npx skills add didit-protocol/skills --skill didit-face-match
Or git clone the repo and copy what you need:
git clone https://github.com/didit-protocol/skills.git
cp -r skills/didit-kyc-onboarding .claude/skills/
cp -r skills/didit-id-document-verification .claude/skills/
The twelve skills:
- didit-verification-management : the hub. Account, sessions, workflows, billing, blocklist, webhook config. 45+ endpoints
- didit-kyc-onboarding : full KYC recipe (ID + selfie + face match) in one call
- didit-id-document-verification : passports, ID cards, driver's licences. OCR, MRZ, NFC. 4,000+ documents, 220+ countries
- didit-liveness-detection : 99.9%-accurate liveness from a single selfie
- didit-face-match : compare two faces, get a 0–100 score
- didit-face-search : 1:N face search for deduplication and blocklists
- didit-biometric-age-estimation : estimate age from a selfie
- didit-email-verification : email OTP, detects breached / disposable / undeliverable
- didit-phone-verification : phone OTP via SMS, WhatsApp, or Telegram. Catches VoIP
- didit-aml-screening : 1,300+ sanctions, PEP, adverse-media lists. Dual-score risk
- didit-proof-of-address : utility bills, bank statements. OCR + geocoding
- didit-database-validation : government databases across 18 countries
STEP 2 — Set the environment
Every skill reads DIDIT_API_KEY. Session-based skills also expect DIDIT_WORKFLOW_ID. Signed-webhook handlers expect DIDIT_WEBHOOK_SECRET.
export DIDIT_API_KEY="<your api key>"
export DIDIT_WORKFLOW_ID="<your workflow id>" # optional
export DIDIT_WEBHOOK_SECRET="<your secret>" # optional
Programmatic alternative (no browser):
curl -X POST https://apx.didit.me/auth/v2/programmatic/register/ \
-H "Content-Type: application/json" \
-d '{"email": "dev@example.com", "password": "MyStr0ng!Pass"}'
# check the email, get the 6-char code, then:
curl -X POST https://apx.didit.me/auth/v2/programmatic/verify-email/ \
-H "Content-Type: application/json" \
-d '{"email": "dev@example.com", "code": "<code>"}'
# response includes api_key — export it as DIDIT_API_KEY.
STEP 3 — Create a verification session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: $DIDIT_API_KEY
Content-Type: application/json
Body:
{
"workflow_id": "$DIDIT_WORKFLOW_ID",
"vendor_data": "<your user id, max 256 chars>",
"callback_url": "https://<your-app>/kyc/callback",
"metadata": { "source": "agent-skill" }
}
Response: 201 Created. The hosted session URL is on the `url` field. Redirect the user, or send them the link by email / SMS / WhatsApp. Sub-2-second p99 verdict on completion.
STEP 4 — Read the signed webhook
Didit POSTs to your callback. KYC session statuses are Title Case With Spaces.
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your user id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"aml": { "status": "Approved", "hits": [] }
}
Full enum:
Approved | Declined | In Review | In Progress | Not Started | Abandoned | Expired | Resubmitted | Awaiting User | Not Finished
Verify X-Signature-V2 BEFORE parsing the body — HMAC-SHA256 of the raw bytes with your webhook secret. Re-serialising the parsed body changes whitespace and key order and the signature will not match.
STEP 5 — Read the decision on demand
GET https://verification.didit.me/v3/session/{sessionId}/decision/
Headers:
x-api-key: $DIDIT_API_KEY
Returns the full decision payload — id_verification, liveness, face, ip_analysis, aml. Use this whenever the agent needs to confirm the user's status before allowing an action. Never trust client-supplied "I'm verified" flags.
STEP 6 — Branch on status
Approved → continue
Declined → block, surface decision_reason_code, allow resubmit of the failed step
In Review → wait for the analyst webhook; don't block forever
Resubmitted → user re-took a failed step; new verdict is coming
Awaiting User → user hasn't completed the flow; nudge with a reminder
Expired → create a new session
Abandoned and Declined sessions are NOT billed.
STEP 7 — Optional: ongoing AML monitoring
If AML monitoring is enabled on the workflow ($0.07 per user per year), Didit fires status.updated whenever the user lands on a new sanctions / PEP / adverse-media list. No extra endpoint to call.
WEBHOOK EVENT NAMES
- status.updated : KYC or KYB session status changed
- data.updated : session data corrected after creation
- user.status.updated : User entity changed status (Active, Flagged, Blocked)
- user.data.updated : User entity counters, metadata, or aggregate fields changed
- activity.created : timeline activity recorded
Verify X-Signature-V2 on every payload. The webhook secret is per-environment — sandbox is separate from production.
CONSTRAINTS
- KYC session statuses use Title Case With Spaces (Approved, In Review). Do NOT transform them to UPPER_SNAKE_CASE — that casing is for Know Your Business (KYB) sessions and Transaction Monitoring, not KYC.
- HMAC verification runs against the RAW request body bytes. Never re-serialise the parsed JSON.
- Bundle price is $0.30 (ID + Liveness + Face Match + IP Analysis). AML adds $0.20. 500 verifications free every month, forever.
- Default record retention is unlimited unless you configure it shorter (30 days to 10 years per application).
Read the docs:
- https://docs.didit.me/getting-started/agent-skills
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/sessions-api/retrieve-session
- https://docs.didit.me/integration/webhooks
Skills repo:
- https://github.com/didit-protocol/skills
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.需要更多上下文?请参阅完整的模块文档。docs.didit.me →
合规性设计
一键开启新国家/地区业务。 我们为您解决难题。
我们负责设立当地子公司、获取许可证、进行渗透测试、获得认证,并与所有新法规保持一致。要在新国家/地区发布验证服务,只需轻点开关。已覆盖220多个国家/地区,每个季度进行审计和渗透测试, 是唯一一个被欧盟成员国政府正式认定比线下验证更安全的身份提供商。
阅读安全与合规性档案欧盟金融沙盒
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
信息安全 · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
原生符合欧盟标准
数据证明
数据证明
- 0开源代理技能。每个 Didit 功能对应一个。
- 0API 接口覆盖。每个版本都经过全面测试。
- <0sp99 端到端 KYC 验证结果。
- 0每个账户每月免费验证。
三个层级,一份价目表
免费开始。按使用量付费。可扩展至企业级。
每月 500 次免费验证,永久有效。生产环境按量付费。企业版提供定制合约、数据驻留和 SLA (Service Level Agreements)。
最受欢迎
按用量付费
按用量计费
按实际用量付费。25+模块。公开的模块定价,无每月最低费用。
- 完整KYC $0.33(身份+生物识别+IP/设备)
- 10,000+ AML数据集, 制裁、PEP、负面媒体
- 1,000+ 政府数据源用于数据库验证
- 交易监控 $0.02/笔交易
- 实时KYB $2.00/家企业
- 钱包筛选 $0.15/次检查
- 白标验证流程, 您的品牌,我们的基础设施
企业版
企业版
定制MSA和SLA。适用于大批量和受监管项目。
- 年度合同
- 定制MSA、DPA和SLA
- 专属Slack和WhatsApp频道
- 按需人工审核员
- 经销商和白标条款
- 独家功能和合作伙伴集成
- 指定CSM、安全审查、合规支持
免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。
FAQ
常见问题
What is Didit?
Didit is infrastructure for identity and fraud, the platform we wished existed when we were building products ourselves: open, flexible, and developer-friendly, so it works as a real part of your stack instead of a black box you integrate around.
One API covers verifying people (KYC, know your customer), verifying businesses (KYB, know your business), screening crypto wallets (KYT, know your transaction), and monitoring transactions in real time, on a stack built to be:
- Fast, sub-2-second p99 on every session
- Reliable, in production with 1,500+ companies across 220+ countries
- Secure, SOC 2 Type 1, ISO 27001, GDPR-native, and formally attested by Spain's financial regulator as safer than verifying someone in person
The footprint underneath: 14,000+ document types in 48+ languages, 1,000+ data sources, and 200+ fraud signals on every session. The Didit infrastructure dynamically learns from every session and gets better every day.
What is an Agent Skill?
A small Markdown file that teaches your AI agent how to call one of Didit's APIs, endpoint, headers, body shape, error cases, with working code in TypeScript, Python, and cURL.
Install it once. The next time you ask Cursor or Claude Code “add KYC to my signup flow”, the agent reads the skill and writes the right code on the first try. No tab-switching to docs. No invented endpoints. No wrong status casing.
It's the Agent Skills open standard. Didit ships twelve of them, free and open-source at github.com/didit-protocol/skills.
What can the twelve skills do?
One skill per Didit capability, twelve in total, 51 endpoints tested end-to-end:
- `didit-verification-management`, the hub. Account setup, workflows, sessions, billing, blocklist, webhooks (45+ endpoints)
- `didit-kyc-onboarding`, full KYC recipe (ID scan + selfie + face match) in one go
- `didit-id-document-verification`, passports, ID cards, driver's licences. OCR, MRZ, NFC. 4,000+ document types, 220+ countries
- `didit-liveness-detection`, 99.9% accurate liveness from a single selfie
- `didit-face-match`, compare two faces, get a 0–100 score
- `didit-face-search`, 1:N face search for deduplication and blocklists
- `didit-biometric-age-estimation`, estimate age from a selfie
- `didit-email-verification`, OTP, detects breached and disposable addresses
- `didit-phone-verification`, SMS, WhatsApp, or Telegram OTP. Catches VoIP
- `didit-aml-screening`, 1,300+ sanctions, PEP, and adverse-media lists
- `didit-proof-of-address`, utility bills, bank statements, OCR with geocoding
- `didit-database-validation`, government databases across 18 countries
Install the lot in one command: npx skills add didit-protocol/skills. Install just one: npx skills add didit-protocol/skills --skill didit-face-match.
How fast is the verification for my end user?
The full flow normally takes under 30 seconds end-to-end, pick up the ID, snap the document, snap the selfie, done. That is the fastest in the market. Legacy KYC providers usually take more than 90 seconds for the same flow.
On the back end, Didit returns the result in under two seconds at p99, measured from the moment the user finishes the selfie to the moment your webhook fires. Mobile capture is tuned for slow phones and slow networks: progressive image compression, lazy software development kit load, and a one-tap hand-off from desktop to phone via QR code if the user starts on web.
Which agents work with the skills?
Cursor, Claude Code, Codex, and OpenCode, plus anything that follows the agentskills.io open standard.
The npx CLI detects your agent and drops the skill into the right place, .claude/skills/, .cursor/skills/, and so on. Same Markdown file everywhere, no host-specific SDK.
Under the hood every skill points at the same https://verification.didit.me/v3/* API with the same x-api-key header and the same signed webhook. The skill is just how the agent reads it.
What happens if a user fails, abandons, or expires?
Every session lands on one of seven clear statuses, so your code always knows what to do:
Approved, every check passed. Move the user forward.Declined, one or more checks failed. You can allow the user to resubmit the specific failed step (for example, re-take the selfie) without re-running the whole flow.In Review, flagged for compliance review. Open the case in the console, see every signal, decide approve or decline.In Progress, user is mid-flow.Not Started, link sent, user has not opened it yet. Send a reminder if it sits too long.Abandoned, user opened the link but did not finish in time. Re-engage or expire.Expired, the session link aged out. Create a new session.
A signed webhook fires on every status change, so your database always stays in sync. Abandoned and declined sessions are free.
Where does my customer data live and how is it protected?
Production data is processed and stored in the European Union by default, on Amazon Web Services. Enterprise contracts can request alternative regions for jurisdictions whose regulators require it.
Encryption everywhere. AES-256 at rest across every database, object store, and backup. Transport Layer Security 1.3 in transit on every API call, webhook, and Business Console session. Biometric data is encrypted under a separate Customer Master Key.
Retention is yours to control. Default retention is indefinite (unlimited) unless you configure shorter, between 30 days and 10 years per application, and you can delete any individual session at any time from the dashboard or the API.
Certifications: SOC 2 Type 1 (Type 2 audit in progress), ISO/IEC 27001:2022, iBeta Level 1 PAD, and a public attestation from Spain''s Tesoro / SEPBLAC / CNMV that Didit''s remote identity verification is safer than verifying someone in person. Full report at /security-compliance.
Is Didit compliant for my industry?
Didit ships compliant by default for the regulators that matter to identity infrastructure:
- GDPR + UK GDPR, controller / processor split, full Data Processing Agreement published, lead supervisory authority named (Spain''s AEPD).
- AMLD6 + EU AML Single Rulebook, 1,300+ sanctions, politically exposed person, and adverse-media lists screened in real time.
- eIDAS 2.0, EU Digital Identity Wallet aligned; reusable-identity ready.
- MiCA (Markets in Crypto-Assets), ready for crypto on-ramps, exchanges, and custodians.
- DORA, Digital Operational Resilience Act, EU financial-services operational resilience.
- BIPA, CUBI, Washington HB 1493, CCPA / CPRA, US biometric privacy (Illinois, Texas, Washington) and California consumer privacy.
- UK Online Safety Act, age-gating and child-safety obligations.
- FATF Travel Rule, originator and beneficiary data on crypto transfers, IVMS-101 interoperable.
Detailed memo, every certificate, every regulator letter: /security-compliance.
How fast can I integrate and start verifying users?
- 60 seconds to a sandbox account at business.didit.me, no credit card.
- 5 minutes to a working verification through Claude Code, Cursor, or any coding agent via our Model Context Protocol (MCP) server.
- A weekend to a production-ready integration with signed-webhook verification, retries, and a remediation flow when a user is declined.
Three integration paths, pick whichever fits your stack:
- Embed natively with our Web, iOS, Android, React Native, or Flutter SDK.
- Redirect the user to the hosted verification page, zero SDK.
- Send a link by email, SMS, WhatsApp, or any channel, zero front-end work.
Same dashboard, same billing, same pay-per-success price for all three. Step-by-step guide at docs.didit.me/integration/integration-prompt.
How does the install actually work?
One command:
``bash
npx skills add didit-protocol/skills
``
The CLI detects whether you're in Cursor, Claude Code, Codex, or OpenCode and drops every skill into the right folder. Install just one with --skill didit-face-match.
Prefer Git? git clone https://github.com/didit-protocol/skills and copy what you want. Prefer no tooling? Open the repo and copy a single SKILL.md into your agent's skill directory, every skill is self-contained.
The only env var every skill needs is DIDIT_API_KEY. Get one in 60 seconds at business.didit.me, or let the agent register itself programmatically via POST /programmatic/register/.
What does a real prompt look like?
Plain English, no jargon, no boilerplate:
- “Register a Didit account for me”
- “Create a KYC workflow with ID scan and liveness”
- “Create a verification session for this user”
- “Screen John Smith against AML databases”
- “Check my credit balance”
The agent reads the relevant skill and writes production-ready code in TypeScript, Python, or Bash. No guesswork, the skill ships the exact endpoint, header, body, and status enum.
Why use a skill, not just the docs?
Docs are written for humans. Agents trip on the same things over and over:
- Invented endpoints, they make up
POST /v3/wallet-screening/when the real path lives inside/v3/transactions/ - Wrong status casing, KYC is
Approved, KYB isAPPROVED, agents mix them up - Broken webhook signatures, they re-serialise the JSON before verifying the HMAC, which breaks the signature
- Stale pricing, they quote old numbers from training data
Skills lock all of that. Versioned alongside the API: when Didit ships a new endpoint, the skill ships the same day. 51 endpoints tested, every release.