免费
每月 $0。无需信用卡。
- 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
- 黑名单用户
- 重复检测
- 每次会话 200+ 欺诈信号
- Didit 网络中可重复使用的 KYC
- 案件管理平台
- 工作流构建器
- 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
- 社区支持


全球2,000多家组织信赖。

BNPL 的责任
BNPL 计划并非一次性决策,而是一个连续过程。Didit 在结账时对借款人进行承保, 将每笔分期付款记录到 Transactions API,并在计划的整个生命周期内自动 重新筛查制裁或 PEP(政治公众人物)命中。申请时 $0.33,每期 $0.02, 包含持续的 AML。每月免费 500 次验证。
选择您需要的检查项, 身份、活体、人脸匹配、制裁、地址、年龄、电话、电子邮件、自定义问题。将它们拖入仪表盘中的流程,或将相同的流程发布到我们的 API。根据条件进行分支,运行 A/B 测试,无需代码。
通过我们的 Web、iOS、Android、React Native 或 Flutter SDK 进行原生嵌入。重定向到托管页面。或者直接通过电子邮件、短信、WhatsApp 等任何方式向用户发送链接。选择适合您技术栈的方式。
Didit 负责托管摄像头、灯光提示、移动设备切换和辅助功能。当用户在流程中时,我们实时评估 200 多个欺诈信号,并根据权威数据源验证每个字段。两秒内即可获得结果。
实时签名 Webhook 可在用户获批、拒绝或发送审核时立即同步您的数据库。按需轮询 API。或者打开控制台,检查每个会话、每个信号,并按您的方式管理案例。
Didit · BNPL 入驻
步骤 3 / 5
验证您的身份
Didit · 设备 + IP
Didit · 持续 AML + TM
Didit · 承保审计
借款人
承保
Didit · FPD 信号
Didit · 跨境 BNPL
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"workflow_id": "wf_bnpl_apply",
"vendor_data": "borrower-42",
"metadata": { "plan_id": "plan-9182" }
}'{ 返回托管会话URL。 }$ curl -X POST https://verification.didit.me/v3/transactions/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"transaction_id": "plan-9182-inst-1",
"transaction_details": { "direction": "INBOUND", "amount": "125.00", "currency": "GBP", "currency_kind": "fiat" },
"subject": { "vendor_data": "borrower-42", "full_name": “Jamie Example” },
“交易对手”: { “full_name”: “Merchant Ltd” }
}'{ 状态 APPROVED · IN_REVIEW · DECLINED · AWAITING_USER · $0.02 }You are integrating Didit into a Buy-Now-Pay-Later (BNPL) checkout flow — Klarna / Affirm / Clearpay / Tabby / Tamara / Kueski archetype. The recipe handles three obligations on every BNPL plan:
1. Verify the borrower at checkout — identity, liveness, face match, device + IP, AML against 1,300+ sanctions / PEP / adverse-media lists. ONE call to the Sessions API.
2. Log every instalment charge — Transaction Monitoring catches velocity, structuring, and chargeback patterns. ONE call to the Transactions API per instalment.
3. Continuous AML — the borrower is rescreened automatically across the lifetime of the plan. NO separate endpoint to call.
Cost:
- Borrower Know Your Customer (KYC) bundle: $0.33 per application (Sessions API)
- Transaction monitoring per instalment charge: $0.02 (Transactions API)
- Ongoing AML monitoring: $0.07 per user per year (automatic on any session with AML enabled)
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60s, no card).
- Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header and your webhook secret.
- A workflow_id from the Workflow Builder that bundles ID Verification + Passive Liveness + Face Match 1:1 + Device & IP Analysis + AML Screening.
- Transaction Monitoring enabled in the Business Console (Transactions > Settings).
STEP 1 — Underwrite the borrower at checkout
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with KYC + AML bundle>",
"vendor_data": "<your borrower id, max 256 chars>",
"callback": "https://<your-app>/bnpl/apply/callback",
"metadata": {
"purpose": "bnpl_application",
"plan_id": "<your internal plan reference>",
"merchant_id": "<merchant id>",
"principal_amount": "500.00",
"currency": "GBP"
}
}
Response: 201 Created with the hosted session URL. Embed the URL inline in the BNPL widget at checkout. Sub-2-second median verdict on completion.
STEP 2 — Read the signed webhook on application completion
Didit POSTs to your callback. Session statuses are Title Case With Spaces:
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your borrower id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"ip_analysis": { "status": "Approved" },
"aml": { "status": "Approved", "hits": [] }
}
Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.
On Approved + clean AML + acceptable Device & IP, approve the plan and schedule the instalments. On Declined or AML hit, decline. On In Review or AWAITING_USER, hold the plan and route to your underwriting analyst queue.
STEP 3 — Log every instalment charge
POST https://verification.didit.me/v3/transactions/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body (required fields verified live 2026-05-16):
{
"transaction_id": "<plan-id>-instalment-1",
"transaction_category": "finance",
"transaction_details": {
"direction": "INBOUND",
"amount": "125.00",
"currency": "GBP",
"currency_kind": "fiat",
"action_type": "deposit"
},
"subject": {
"entity_type": "individual",
"vendor_data": "<your borrower id>",
"full_name": "<borrower full name>"
},
"counterparty": {
"entity_type": "individual",
"full_name": "<merchant or BNPL settlement counterparty>"
}
}
REQUIRED fields the API rejects if missing:
- subject.vendor_data + subject.full_name
- counterparty.full_name
- transaction_details.direction + currency + currency_kind + amount
Response shape (excerpted from a real successful 201):
{
"uuid": "<server transaction uuid>",
"txn_id": "<your transaction_id echoed back>",
"status": "APPROVED",
"score": 0,
"severity": null,
"cost_breakdown": {
"total_price": 0.02,
"items": [{ "usage_type": "transaction_monitoring", "price": 0.02 }]
}
}
Transaction status enum (exact case, UPPER_SNAKE_CASE): APPROVED | IN_REVIEW | DECLINED | AWAITING_USER.
When a transaction enters AWAITING_USER, Didit creates a linked remediation session automatically and returns a verification URL on the response.
Per-instalment cost: $0.02 (transaction-monitoring base).
Branch logic:
APPROVED → charge the card / pull the bank transfer.
IN_REVIEW → hold the instalment, route to analyst queue.
DECLINED → hard-fail the instalment, mark the plan delinquent.
AWAITING_USER → redirect the borrower to the remediation session URL.
STEP 4 — Continuous AML monitoring is automatic
Any session with AML enabled is rescreened DAILY by Didit's continuous monitoring at $0.07 per user per year. There is NO separate endpoint to call.
When a previously-approved borrower crosses an AML threshold, the session status changes to "In Review" or "Declined" automatically and your webhook fires the update. Hold the remaining instalments and route the case to your collections / fraud team.
STEP 5 — Returning borrowers re-use the verified identity
When a borrower comes back for a second plan, open a new session against their existing vendor_data — Didit reuses the previously verified document and face match where policy allows, and you avoid paying for the full bundle again. Pair with Reusable KYC for the lightest path.
WEBHOOK EVENT NAMES
- Sessions: status changes flow through the standard session webhook.
- Transactions: transaction.created · transaction.updated · transaction.status.changed · transaction.alert.generated.
- Verify X-Signature-V2 on every payload.
CONSTRAINTS
- Session statuses use Title Case With Spaces (Approved, In Review). Transaction statuses use UPPER_SNAKE_CASE (APPROVED, IN_REVIEW). They live in different APIs — don't mix them in the same code path.
- Never approve a BNPL plan before the X-Signature-V2 webhook lands with status Approved + AML clear.
- 200+ fraud signals are evaluated on every session at no extra cost — surface the score via the session decision payload, don't re-query.
- Default record retention is 5 years post-relationship per the EU AML package; UK FCA rules and similar national rules sit on top.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/transaction-monitoring/overview
- https://docs.didit.me/transaction-monitoring/transactions
- https://docs.didit.me/core-technology/aml-screening/continuous-monitoring-aml-screening
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.每月 $0。无需信用卡。
按实际用量付费。25+模块。公开的模块定价,无每月最低费用。
定制MSA和SLA。适用于大批量和受监管项目。
免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。
Didit 是身份和欺诈基础设施, 这是我们自己构建产品时希望存在的平台:开放、灵活且对开发者友好,因此它能真正成为您技术栈的一部分,而不是一个需要您围绕其进行集成的黑盒。
一个 API 涵盖了人员验证(KYC,了解您的客户)、企业验证(KYB,了解您的业务)、加密钱包筛选(KYT,了解您的交易)以及实时交易监控, 构建于以下特点的技术栈之上:
其底层支持:14,000 多种文档类型,支持48 种以上语言,1,000 多个数据源,以及每个会话的200 多个欺诈信号。Didit 基础设施从每个会话中动态学习,并日益完善。
BNPL 允许购物者今天就把商品带回家,然后分期付款, 通常是六周内分四次付款,有时也有更长的带息计划。
行业现状:
监管转变:BNPL 过去处于宽松的消费信贷灰色地带。截至 2025-2026 年,英国 FCA(金融行为监管局)将 BNPL 纳入正式监管,欧盟消费信贷指令 II (CCD II) 将扩展到 BNPL,美国各州贷款机构将适用现有许可法。现在的合规标准是:真实身份、真实承保、真实监控、真实审计包。
因为 BNPL 提供的是信贷,而不仅仅是处理银行卡。
真实的身份验证(身份 + 人脸 + AML)从源头切断了首次付款违约 (FPD)。购物者出示真实的证件和真实的人脸;Didit 将申请绑定到一个人,而不仅仅是一个令牌。
整个流程通常在 30 秒内完成, 拿起身份证件,拍摄证件,拍摄自拍,完成。这是市场上最快的速度。传统的 KYC 提供商完成相同流程通常需要超过 90 秒。
在后端,Didit 在用户完成自拍到您的 webhook 触发的那一刻,p99 响应时间在两秒以内。移动端捕获针对慢速手机和慢速网络进行了优化:渐进式图像压缩、延迟加载软件开发工具包,以及如果用户从网页端开始,通过二维码一键从桌面端切换到手机端。
不再是了。2026 年左右的监管版图:
所有地区的合规标准都是相同的:验证借款人,筛选制裁和政治公众人物,在整个计划期间进行监控,并保留 5 年以上的审计追踪。Didit 在全球范围内提供符合这些标准的服务。
每个会话都有七种明确的状态之一,因此您的代码始终知道该怎么做:
Approved, 所有检查通过。让用户继续。Declined, 一项或多项检查失败。您可以允许用户重新提交特定的失败步骤(例如,重新拍摄自拍),而无需重新运行整个流程。In Review, 标记为合规审查。在控制台中打开案例,查看所有信号,决定批准或拒绝。In Progress, 用户正在进行中。Not Started, 链接已发送,用户尚未打开。如果长时间未打开,发送提醒。Abandoned, 用户打开了链接但未及时完成。重新激活或使其过期。Expired, 会话链接已过期。创建新会话。每次状态更改都会触发一个签名的 webhook,因此您的数据库始终保持同步。放弃和拒绝的会话是免费的。
生产数据默认在欧盟的 Amazon Web Services 上处理和存储。企业合同可根据监管机构要求,申请在其他区域存储。
全面加密。 所有数据库、对象存储和备份均采用 AES-256 静态加密。所有 API 调用、webhook 和业务控制台会话均采用传输层安全协议 1.3 (TLS 1.3) 进行传输加密。生物识别数据使用独立的客户主密钥进行加密。
数据保留期限由您掌控。 默认保留期限为无限期,除非您配置更短的期限(每个应用程序30 天至 10 年),并且您可以随时通过仪表板或 API 删除任何单个会话。
认证:SOC 2 Type 1(Type 2 审计进行中)、ISO/IEC 27001:2022、iBeta Level 1 PAD,以及西班牙 Tesoro / SEPBLAC / CNMV 的公开证明,表明 Didit 的远程身份验证比现场验证更安全。完整报告请访问 /security-compliance。
Didit 默认符合身份基础设施相关监管机构的合规要求:
详细备忘录、所有证书、所有监管机构函件:/security-compliance。
三种集成路径, 选择最适合您技术栈的方式:
所有三种方式均使用相同的仪表板、相同的计费和相同的按成功付费价格。分步指南请访问 docs.didit.me/integration/integration-prompt。
每个借款人都会生成一个可导出的数据包:
borrower_pid, 您的假名借款人 IDkyc_status, 已批准 / 已拒绝 / 审核中(首字母大写,带空格)aml_status, 清除 / 命中 / 人工审核device_risk, 分数 + 主要贡献信号plan_parameters, 分期付款次数、总金额、货币、商户 IDsignature, X-Signature-V2 HMAC SHA-256将其导入您的收款和合规系统,以及面向监管机构的报告层。根据欧盟 AML 方案,默认保留期限为关系结束后5 年;英国 FCA 的 BNPL 规则将在此基础上叠加。与 Didit 持有的 SOC 2 Type 1、ISO/IEC 27001 和通用数据保护条例保持一致。
可以。相同的 /v3/ API 覆盖所有市场:
一份合同、一个 API 密钥、一个工作流构建器。每个区域的规则都针对每个工作流进行了调整, Didit 处理220 多个国家/地区的 14,000 多种文档类型,入门级 Android 设备上的裁决时间不到 2 秒,托管 UI 支持48 种以上语言。
四步连接,一个下午搞定:
business.didit.me, 60 秒内获取沙盒密钥,无需信用卡POST /v3/session/ 连接到申请步骤 + 将签名 webhook 连接到您的决策引擎POST /v3/transactions/ 连接到每次分期付款收费 + 处理四值状态枚举Didit MCP (Model Context Protocol) 服务器免费提供, 将上述集成提示粘贴到 Claude Code、Cursor、Codex、Replit Agent、Devin 或 Aider 中,代理将根据实时 /v3/ API 搭建整个框架。