免费
每月 $0。无需信用卡。
- 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
- 黑名单用户
- 重复检测
- 每次会话 200+ 欺诈信号
- Didit 网络中可重复使用的 KYC
- 案件管理平台
- 工作流构建器
- 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
- 社区支持


全球2,000多家组织信赖。

体育场 · 音乐节 · 公共交通 · 会议
无需掏出手机,告别电量焦虑,杜绝转售欺诈。购票时一次性注册,费用为 $0.25,此后每次闸机扫描都是免费的 1:N 人脸搜索匹配, 在音乐节规模下也能实现亚秒级响应。该流程适用于体育场、音乐节、公共交通枢纽和会议等多种场景。
选择您需要的验证项, 身份、活体、人脸匹配、制裁名单、地址、年龄、电话、邮箱、自定义问题。在控制台中拖拽构建流程,或通过 API 发布。支持条件分支和 A/B 测试,无需代码。
通过我们的 Web、iOS、Android、React Native 或 Flutter SDK 进行原生嵌入。也可重定向到托管页面。或者,只需通过电子邮件、短信、WhatsApp 等方式向用户发送链接。选择最适合您技术栈的集成方式。
Didit 负责摄像头、灯光提示、移动设备切换和无障碍功能。在用户进行流程时,我们实时评估 200 多种欺诈信号,并根据权威数据源验证每个字段。两秒内即可获得结果。
实时签名的 Webhook 可在用户通过、拒绝或需要审核时立即同步您的数据库。您也可以按需轮询 API。或打开控制台检查每个会话、每个信号,并按您的方式管理案例。
Didit · 注册
订单 #18472
采集您的人脸
Didit · 人脸搜索 1:N
Didit · 门禁决策
Didit · 场所覆盖
Didit · 容量
Didit · 公开定价
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"workflow_id": "wf_event_enrol",
"vendor_data": "buyer-42",
"metadata": { "event_id": "evt_1234" }
}'{ "session_url": "verify.didit.me/..." }$ curl -X POST https://verification.didit.me/v3/face-search/ \
-H "x-api-key: $DIDIT_API_KEY" \
-F "image=@gate-frame.jpg" \
-F "metadata={'event_id':'evt_1234'}"{ "status": "Approved", "matches": […] }You are integrating Didit's biometric event-ticketing into <my_stack>. The face IS the ticket — no QR code, no barcode, no printout. Two phases:
1. Enrol the buyer ONCE at ticket purchase. A Sessions API call runs ID Verification + Passive Liveness and stores the buyer's portrait as the event-index template.
2. At every gate scan, call the standalone Face Search 1:N endpoint with the camera frame. Sub-1-second match against the event index. Verdict returned inline.
Pricing (public):
- Enrolment (one-time per buyer): $0.15 ID Verification + $0.10 Passive Liveness = $0.25
- Face Search 1:N at the gate: free per scan
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60s, no card).
- Webhook endpoint with Hash-based Message Authentication Code (HMAC) SHA-256 verification using the X-Signature-V2 header.
HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature. - A workflow_id from the Workflow Builder. The workflow MUST contain ID_VERIFICATION + LIVENESS (and optionally Anti-Money Laundering (AML) if you sell age-restricted access).
- One Didit account = one face index. Tag every enrolment with metadata.event_id so the gate-side search filters by the right event.
STEP 1 — Enrol at ticket purchase
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<your enrolment workflow>",
"vendor_data": "<your buyer id — must be unique per buyer>",
"callback": "https://<your-app>/ticketing/enrol/callback",
"metadata": {
"order_id": "<your order reference>",
"event_id": "<the event the buyer is entering>",
"ticket_tier": "<GA | VIP | accessible | etc>"
}
}
Response: 201 Created with the hosted session_url. Redirect the buyer. After the buyer completes ID Verification + Passive Liveness, the portrait is stored as their face template and bound to vendor_data.
STEP 2 — Read the signed verdict on enrolment completion
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your buyer id>",
"status": "Approved",
"id_verification": { "status": "Approved", "document_type": "Passport" },
"liveness": { "status": "Approved", "method": "PASSIVE", "score": 94 }
}
Verify X-Signature-V2 BEFORE trusting the body. On Approved, mark the order as enrolled and bind the order to vendor_data in your application database.
Session status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
STEP 3 — At every gate scan, match the face against the event index
POST https://verification.didit.me/v3/face-search/
Headers:
x-api-key: <your api key>
Body (multipart/form-data):
image <the camera frame captured at the gate>
vendor_data <optional — restrict the search to a specific buyer>
metadata <optional JSON — e.g. { "event_id": "<...>" } to filter>
Response (excerpted):
{
"status": "Approved",
"matches": [
{
"vendor_data": "<buyer id>",
"similarity_score": 0.96
}
]
}
Match outcomes the gate logic should handle:
- Match found, ticket valid, no prior scan → grant entry, mark scanned
- Match found, already inside → apply re-entry policy
- Match found, ticket expired or canceled → route to staff
- Match found, ticket resold to another buyer → block, route to staff
- No match (similarity below threshold) → block, fall back to backup ticket flow
STEP 4 — Reusable across every event the same buyer attends
Because the buyer's face template is bound to vendor_data, the SAME enrolment works for every future event the same buyer holds a ticket for. No re-enrolment, no re-payment. Reusable Credential semantics applied to the venue use case.
CONSTRAINTS
- Base URL for /v3/* endpoints is verification.didit.me (NOT apx.didit.me).
- Feature enum is UPPERCASE: ID_VERIFICATION, LIVENESS, FACE_MATCH, AML, IP_ANALYSIS.
- Method enum is UPPERCASE: PASSIVE, FLASHING, ACTIVE_3D.
- Auth header is x-api-key (lowercase, hyphenated).
- Webhook signature header is X-Signature-V2 (NOT X-Signature).
- Status casing matches exactly: Approved, Declined, In Review, Expired, Not Finished, Resubmitted, Kyc Expired, Abandoned.
- The face template is irreversible (a one-way hash). End users can request deletion via the standard data-subject-request path.
ACCESS CONTROL CONSIDERATIONS
- For minor-attended events, run AGE_ESTIMATION during enrolment to gate age-restricted areas. See /solutions/age-verification.
- For high-value VIP areas, gate behind a Biometric Authentication step-up. See /solutions/biometric-2fa.
- For accessibility lanes, surface the ticket-tier metadata on the verdict payload and route the gate UI accordingly.
DATA-PROTECTION NOTES
- The enrolment selfie produces an irreversible face template; raw images are deleted unless retention is explicitly enabled.
- The gate frame is processed in memory and not persisted by default.
- Display the privacy notice (didit.me/terms/verification-privacy-notice) to the buyer before the enrolment selfie. EU GDPR Article 13 requires it.
Read the docs:
- https://docs.didit.me/core-technology/face-search/overview
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.每月 $0。无需信用卡。
按实际用量付费。25+模块。公开的模块定价,无每月最低费用。
定制MSA和SLA。适用于大批量和受监管项目。
免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。
Didit 是身份和欺诈基础设施, 这是我们自己构建产品时所希望拥有的平台:开放、灵活且对开发者友好,因此它能真正融入您的技术栈,而不是一个需要您围绕其进行集成的黑盒。
一个 API 涵盖了人员验证 (KYC,了解您的客户)、企业验证 (KYB,了解您的业务)、加密钱包筛选 (KYT,了解您的交易) 以及实时交易监控, 构建在以下技术栈之上:
底层支持:14,000 多种文档类型,支持 48 种以上语言,1,000 多个数据源,以及每个会话的 200 多个欺诈信号。Didit 基础设施从每个会话中动态学习,并日益完善。
一种访问凭证是买家面部的门票,而不是二维码、条形码或纸质打印件。
买家在购买时自拍。面部模板与订单一起存储。在闸机处,摄像头捕捉一帧图像,并进行 1:N 人脸搜索,与活动已注册的模板进行匹配。亚秒级裁决,即可通过。
二维码票务存在三个问题:
整个流程通常端到端耗时不到 30 秒, 拿起身份证,拍摄证件,拍摄自拍,完成。这是市场上最快的速度。传统的 KYC 提供商完成相同流程通常需要超过 90 秒。
在后端,Didit 在 p99 下不到两秒内返回结果,从用户完成自拍到您的 Webhook 触发的那一刻开始计算。移动端捕获针对慢速手机和慢速网络进行了优化:渐进式图像压缩、延迟加载 SDK,以及如果用户从网页端开始,可通过二维码一键从桌面端切换到手机端。
始终提供非生物识别备用方案, 打印的 PDF、通过电子邮件发送的二维码或人工检票口。欧盟人工智能法案和大多数国家消费者保护制度都要求提供替代路径。
实际上,采用生物识别票务的场馆报告称,70-85% 的用户选择加入,因为刷脸通道速度明显更快。非生物识别通道对其他人保持开放。
每个会话都会落入七种明确状态之一,因此您的代码始终知道该怎么做:
Approved, 所有检查通过。让用户继续。Declined, 一项或多项检查失败。您可以允许用户重新提交特定的失败步骤(例如,重新自拍),而无需重新运行整个流程。In Review, 标记为合规审查。在控制台中打开案例,查看所有信号,决定批准或拒绝。In Progress, 用户正在进行中。Not Started, 链接已发送,用户尚未打开。如果长时间未打开,发送提醒。Abandoned, 用户打开了链接但未及时完成。重新激活或使其过期。Expired, 会话链接已过期。创建新会话。每次状态更改都会触发一个签名 Webhook,因此您的数据库始终保持同步。废弃和拒绝的会话是免费的。
生产数据默认在欧盟通过 Amazon Web Services 进行处理和存储。企业合同可以根据监管机构要求,申请在其他区域存储。
全面加密。 所有数据库、对象存储和备份均采用 AES-256 静态加密。所有 API 调用、Webhook 和业务控制台会话均采用传输层安全协议 1.3 进行传输加密。生物识别数据使用单独的客户主密钥进行加密。
保留期限由您控制。 默认保留期限为无限期(无限制),除非您配置更短的期限, 每个应用程序可在 30 天到 10 年之间, 您可以随时通过仪表板或 API 删除任何单个会话。
认证:SOC 2 Type 1(Type 2 审计进行中)、ISO/IEC 27001:2022、iBeta Level 1 PAD,以及来自西班牙 Tesoro / SEPBLAC / CNMV 的公开证明,表明 Didit 的远程身份验证比亲自验证更安全。完整报告请访问 /security-compliance。
Didit 默认符合身份基础设施相关的重要监管机构要求:
详细备忘录、所有证书、所有监管机构函件:/security-compliance。
三种集成方式,任选其一,适配您的技术栈:
所有三种方式均使用相同的仪表板、相同的计费和按成功付费的价格。分步指南请访问 docs.didit.me/integration/integration-prompt。
任何商用 IP 摄像头或平板电脑都可以, POST /v3/face-search/ 接受通过 HTTPS 发送的单个 JPEG 帧。大多数场馆使用现有的入口自助服务机、票务扫描仪替代品或支架上的平板电脑。无需定制软件开发工具包 (SDK),无需特殊驱动程序,也无需现场推理盒。
对于边缘缓存闸机(交通枢纽、没有可靠连接的大型场馆),Didit 提供现场人脸搜索设备, 请联系销售。
在注册时对年龄限制区域(节日中 18 岁以上区域,体育场内的酒精吧台)运行 AGE_ESTIMATION。签名裁决会为每个买家提供一个年龄段,您的闸机逻辑会显示正确的腕带颜色或无腕带通道。
对于参加家庭活动的未成年人,父母/监护人代表未成年人完成门票注册并同意模板, 欧盟通用数据保护条例要求在大多数成员国中,16 岁以下儿童需获得明确的父母同意。