免费
每月 $0。无需信用卡。
- 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
- 黑名单用户
- 重复检测
- 每次会话 200+ 欺诈信号
- Didit 网络中可重复使用的 KYC
- 案件管理平台
- 工作流构建器
- 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
- 社区支持


全球2,000多家组织信赖。

旅行规则的义务
每个受监管的 VASP 在每次转账时都需履行两项义务, 为交易对手 VASP 提供 IVMS-101 数据包,并自行进行链上风险筛选。Didit 将它们整合为一次 Transactions API 调用:托管服务 $0.17,使用自带密钥(BYOK)的钱包提供商则为 $0.04。每月免费 500 次验证。
选择您需要的检查项, 身份、活体、人脸匹配、制裁、地址、年龄、电话、电子邮件、自定义问题。在仪表盘中将它们拖入流程,或通过我们的 API 发布相同的流程。根据条件进行分支,运行 A/B 测试,无需代码。
通过我们的 Web、iOS、Android、React Native 或 Flutter SDK 进行原生嵌入。重定向到托管页面。或者直接通过电子邮件、短信、WhatsApp 等任何方式向用户发送链接。选择适合您技术栈的方式。
Didit 负责托管摄像头、灯光提示、移动设备切换和辅助功能。在用户进行流程时,我们实时评估 200 多个欺诈信号,并根据权威数据源验证每个字段。两秒内出结果。
实时签名 webhook 可在用户获批、拒绝或发送审核时立即同步您的数据库。按需轮询 API。或者打开控制台,检查每个会话、每个信号,并按您的方式管理案例。
Didit · IVMS-101
发起人
受益人
Didit · 区域规则
Didit · TR 互操作性
Didit · 非托管钱包
Didit · 交易 API
Didit · 证据包
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"workflow_id": "wf_casp_onboard",
"vendor_data": "user-42"
}'{ 状态:已批准 · 审核中 · 已拒绝 }$ curl -X POST https://verification.didit.me/v3/transactions/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"transaction_id": "tx-9001",
"transaction_details": { "direction": "OUTBOUND", "currency_kind": "crypto" },
"subject": { "full_name": "J. Pérez" },
"counterparty": { "full_name": "R. Beneficiary", "payment_method": { "account_id": "bc1qa3…hk22" }}
}'{ 状态 APPROVED · IN_REVIEW · DECLINED · AWAITING_USER }You are integrating Didit into a Virtual Asset Service Provider (VASP) / Crypto-Asset Service Provider (CASP) to satisfy the Travel Rule on every crypto transfer. Two obligations:
1. Verify the user (KYC) — identity, liveness, face match, device + IP, AML. The originator data on every outbound transfer comes from this verified profile.
2. Submit each transfer with originator + beneficiary fields (IVMS-101) AND screen the counterparty wallet — one /v3/transactions/ call.
Bundle pricing (verified live 2026-05-16):
- User Verification (KYC) bundle: $0.33 per user (Sessions API)
- Transactions API call: $0.02 base + $0.15 managed wallet screen = $0.17 per managed transfer
- With Bring Your Own Key (BYOK) on the wallet provider: $0.04 per transfer ($0.02 + $0.02)
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
- Webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header.
HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature. - A workflow_id from the no-code Workflow Builder with ID Verification + Passive Liveness + Face Match 1:1 + Device & IP Analysis + AML Screening.
- Transaction Monitoring + Wallet Screening enabled in the Business Console (Transactions > Settings).
STEP 1 — Verify the user with the Sessions API (one-time onboarding)
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with KYC + AML modules>",
"vendor_data": "<your user id>",
"callback": "https://<your-app>/casp/onboard/callback",
"metadata": {
"purpose": "casp_onboarding"
}
}
Response: 201 Created with the hosted session URL. Sub-2-second median verdict on completion.
STEP 2 — Read the signed webhook on KYC completion
Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
Verify the X-Signature-V2 header BEFORE reading the body.
Capture the user's full name, date of birth, address, and any registered identity-document number from the decision payload. These fields populate the IVMS-101 originator block on every subsequent transfer.
STEP 3 — Submit every transfer with IVMS-101 + wallet screen in one call
POST https://verification.didit.me/v3/transactions/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body (required fields verified live 2026-05-16):
{
"transaction_id": "<your internal transfer reference>",
"transaction_category": "finance",
"include_crypto_screening": true,
"transaction_details": {
"direction": "OUTBOUND",
"amount": "0.45",
"currency": "ETH",
"currency_kind": "crypto",
"action_type": "transfer"
},
"subject": {
"entity_type": "individual",
"vendor_data": "<your user id>",
"full_name": "<originator name from KYC>",
"address": "<originator address from KYC>",
"dob": "<originator dob from KYC, YYYY-MM-DD>"
},
"counterparty": {
"entity_type": "individual",
"full_name": "<beneficiary name>",
"address": "<beneficiary address if known>",
"payment_method": {
"method_type": "crypto_wallet",
"account_id": "<counterparty wallet address>"
}
}
}
REQUIRED fields the API rejects if missing:
- subject.vendor_data + subject.full_name
- counterparty.full_name
- transaction_details.direction + currency + currency_kind + amount
- counterparty.payment_method.account_id (the wallet address)
Didit packages the subject + counterparty fields into an IVMS-101 payload, hands them off to the connected Travel Rule protocol (TRP / Sumsub TR / Notabene / Veriscope), runs Wallet Screening on the counterparty address server-side, and returns one verdict.
Response shape (excerpted from a real successful 201):
{
"uuid": "<server transaction uuid>",
"txn_id": "<your transaction_id echoed back>",
"status": "APPROVED",
"score": 0,
"severity": null,
"travel_rule": { "status": "EXCHANGED", "protocol": "<network>", "ivms_packet_id": "<id>" },
"props": {
"wallet_risk_score": 0,
"sanctions_hit": false,
"aml_provider": "<provider slug>",
"aml_screening_type": "WALLET_SCREENING",
"aml_screening_status": "COMPLETED"
},
"cost_breakdown": {
"total_price": 0.17,
"items": [
{ "usage_type": "transaction_aml_monitoring", "price": 0.15 },
{ "usage_type": "transaction_monitoring", "price": 0.02 }
]
}
}
Transaction status enum (exact case, UPPER_SNAKE_CASE): APPROVED | IN_REVIEW | DECLINED | AWAITING_USER.
Wallet-screen severity (UPPER): LOW | MEDIUM | HIGH | CRITICAL | UNKNOWN.
Branch logic:
APPROVED → release the crypto.
IN_REVIEW → hold the transfer, route to analyst queue.
DECLINED → refuse the transfer, log the IVMS attempt for the audit.
AWAITING_USER → redirect the user to the remediation URL on the response.
STEP 4 — Inbound transfers: ingest the counterparty's IVMS packet
When you RECEIVE a transfer from another VASP:
- The connected Travel Rule protocol delivers the originator IVMS data to you BEFORE the on-chain transfer settles.
- Submit it via the same POST /v3/transactions/ with direction: "INBOUND" and the originator fields on subject and your own beneficiary on counterparty.
- Wallet Screening runs on the originator wallet (subject.payment_method.account_id).
- Verdict drives whether to credit the user.
STEP 5 — Self-hosted (unhosted) wallet transfers
For transfers TO a self-hosted wallet (no counterparty VASP to exchange with):
- Collect the beneficiary identity from the user via a custom questionnaire ($0.10).
- Above local enhanced-due-diligence thresholds, prompt the user to sign a short message with the beneficiary wallet's private key as proof of control.
- Submit the transaction with the captured beneficiary fields + wallet address.
- Didit still runs Wallet Screening on the destination and stores the IVMS-format record for the audit.
STEP 6 — Continuous AML on the user is automatic
Every approved user is re-screened daily against 1,300+ sanctions, PEP, and adverse-media lists. There is NO separate endpoint to call. When a previously-clean user crosses an AML threshold, the session status updates and a signed webhook fires.
WEBHOOK EVENT NAMES
- Sessions: status changes flow through the standard session webhook.
- Transactions: transaction.created · transaction.updated · transaction.status.changed · transaction.alert.generated.
Verify X-Signature-V2 on every payload.
CONSTRAINTS
- Session statuses Title Case With Spaces; transaction statuses UPPER_SNAKE_CASE. Don't mix.
- EU Transfer of Funds Regulation has NO de minimis threshold for crypto — every transfer carries originator + beneficiary data.
- US Travel Rule kicks in at $3,000; UK at £1,000; Singapore at SGD 1,500; Switzerland at CHF 1,000. Apply per-workflow.
- Default record retention is 5 years post-transfer per most AML regimes; extensible per supervisor guidance.
- Wallet Screening MUST run BEFORE the crypto leaves — a post-transfer screen is useful for audit but useless for blocking.
Read the docs:
- https://docs.didit.me/transaction-monitoring/overview
- https://docs.didit.me/transaction-monitoring/transactions
- https://docs.didit.me/transaction-monitoring/aml-screening
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.每月 $0。无需信用卡。
按实际用量付费。25+模块。公开的模块定价,无每月最低费用。
定制MSA和SLA。适用于大批量和受监管项目。
免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。
Didit 是身份和欺诈基础设施, 一个我们自己在构建产品时希望存在的平台:开放、灵活且对开发者友好,因此它能真正融入您的技术栈,而不是一个需要您围绕其进行集成的黑盒。
一个 API 涵盖了个人验证(KYC,了解您的客户)、企业验证(KYB,了解您的业务)、加密钱包筛选(KYT,了解您的交易)以及实时交易监控, 所有这些都建立在一个旨在实现以下目标的堆栈上:
其底层支持:14,000 多种文档类型,支持 48 种以上语言,1,000 多个数据源,以及每次会话的 200 多个欺诈信号。Didit 基础设施通过每次会话动态学习,并日益完善。
“旅行规则”是指,当价值在两个受监管的提供商之间转移时,某些客户信息(姓名、账号、地址)必须随价值本身一同转移。
它起源于传统金融(1970年美国银行保密法),于2019年由金融行动特别工作组(FATF)在全球范围内推广,现在适用于全球所有加密货币。标准的数据格式是 InterVASP Messaging Standard 101 (IVMS-101),这是所有主要旅行规则协议都支持的JSON Schema。
监管机构的目标很简单:通过确保身份数据在每个环节都随价值流转,阻止不法分子通过一系列提供商匿名洗钱。
所有受监管的虚拟资产服务提供商 (VASP) 或加密资产服务提供商 (CASP),包括交易所、出入金平台、托管钱包、经纪商、OTC柜台以及涉及加密结算的支付机构。
已生效的司法管辖区:
FATF对每个国家/地区的实施情况进行相互评估。不合规的司法管辖区面临被列入灰名单的风险。
整个流程通常在30秒内完成, 拿起身份证件,拍摄证件,拍摄自拍,完成。这是市场上最快的速度。传统的KYC提供商完成相同流程通常需要90秒以上。
在后端,Didit在p99下两秒内返回结果,时间从用户完成自拍到您的webhook触发。移动端捕获针对慢速手机和慢速网络进行了优化:渐进式图像压缩、延迟加载SDK,以及如果用户从网页端开始,通过二维码一键从桌面端切换到手机端。
FATF的最低数据集包括:
数据通过两个提供商之间的旅行规则协议传输,而不是在链上或交易备注中。当前市场碎片化:提供商选择TRP、Sumsub Travel Rule、Notabene、Veriscope、OpenVASP和Shyft中的一个或多个。共享语言是IVMS-101,所有协议都能读写。
转账接收方在将资金存入受益人账户之前会验证数据。
每个会话都会落入七种明确状态之一,因此您的代码始终知道如何处理:
Approved, 所有检查通过。用户可以继续。Declined, 一项或多项检查失败。您可以允许用户重新提交特定的失败步骤(例如,重新拍摄自拍),而无需重新运行整个流程。In Review, 标记为合规审查。在控制台中打开案例,查看所有信号,决定批准或拒绝。In Progress, 用户正在进行中。Not Started, 链接已发送,用户尚未打开。如果长时间未打开,发送提醒。Abandoned, 用户打开了链接但未及时完成。重新激活或使其过期。Expired, 会话链接已过期。创建新会话。每次状态更改都会触发一个签名的webhook,因此您的数据库始终保持同步。放弃和拒绝的会话是免费的。
生产数据默认在欧盟通过Amazon Web Services进行处理和存储。企业合同可以根据监管机构要求,申请在其他区域存储。
全面加密。 所有数据库、对象存储和备份均采用AES-256静态加密。所有API调用、webhook和业务控制台会话在传输过程中均采用传输层安全协议1.3。生物识别数据使用独立的客户主密钥加密。
保留期限由您控制。 默认保留期限为无限期(无限制),除非您配置更短的期限, 每个应用程序可在30天到10年之间, 您可以随时通过仪表板或API删除任何单个会话。
认证:SOC 2 Type 1(Type 2审计进行中)、ISO/IEC 27001:2022、iBeta Level 1 PAD,以及西班牙财政部/SEPBLAC/CNMV的公开证明,表明Didit的远程身份验证比现场验证更安全。完整报告请访问 /security-compliance。
Didit默认符合对身份基础设施至关重要的监管机构要求:
详细备忘录、所有证书、所有监管机构函件:/security-compliance。
三种集成路径, 选择最适合您技术栈的:
所有这三种方式都使用相同的仪表板、相同的计费、相同的按成功付费价格。分步指南请访问 docs.didit.me/integration/integration-prompt。
现实生活中很少有完美的旅行规则数据包, 交易对手发送部分数据,字段与KYC名称不匹配,地址格式不同。有两种处理路径:
DECLINED,并提示用户重新提交IN_REVIEW,并在业务控制台中打开一个案例,突出显示差异AWAITING_USER,Didit自动创建补救会话,并在响应中返回验证URL您的合规团队会分类处理案例,如果需要,请求更多数据,并在控制台内批准或拒绝。审阅者备注、决定和时间戳都会记录在审计包中。
旅行规则数据是按每次转账收集的,而不是按关系收集的, 不存在旅行规则数据包的“刷新”。但转账背后的用户必须根据欧盟AML方案和同等制度进行持续监控。
Didit运行:
所有这三项都汇集到同一个案例管理界面,因此单个审阅者可以全面了解每个用户的情况。
大多数监管机构要求对每笔旅行规则转账和底层用户身份保留至少5年的记录,如果您的监管机构要求,有时会更长。
Didit的保留模型:
Didit是唯一获得欧盟成员国政府正式认证的KYC平台, 西班牙财政部、西班牙银行和SEPBLAC共同证明该服务比现场验证更安全。该报告直接归入您的CASP授权包。