免费
每月 $0。无需信用卡。
- 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
- 黑名单用户
- 重复检测
- 每次会话 200+ 欺诈信号
- Didit 网络中可重复使用的 KYC
- 案件管理平台
- 工作流构建器
- 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
- 社区支持


全球2,000多家组织信赖。

可复用身份解锁的价值
每次 Didit KYC 都会向用户钱包发送一份签名的可复用身份凭证。 每个接收平台都可以免费验证并进行选择性披露。 一次验证,所有接受 Didit 的业务均可使用。每月 500 次免费验证。
选择您需要的检查项, 身份、活体、人脸匹配、制裁名单、地址、年龄、电话、邮箱、自定义问题。在仪表盘中拖拽它们到流程中,或通过我们的 API 发布相同的流程。支持条件分支、A/B 测试,无需代码。
使用我们的 Web、iOS、Android、React Native 或 Flutter SDK 进行原生嵌入。重定向到托管页面。或者直接通过电子邮件、短信、WhatsApp 等任何方式向用户发送链接。选择适合您技术栈的方式。
Didit 负责托管摄像头、光线提示、移动端切换和无障碍功能。在用户进行流程时,我们实时评估 200 多个欺诈信号,并根据权威数据源验证每个字段。两秒内即可出结果。
实时签名的 Webhook 可在用户获批、拒绝或发送审核时,立即同步您的数据库。按需轮询 API。或打开控制台检查每个会话、每个信号,并按您的方式管理案例。
Didit · 一次验证
步骤 5 / 5
添加到钱包
Didit · 选择性披露
Didit · ARF 互操作
Didit · 信任三角
01
发行方
KYC 后签署
02
持有方
存储于钱包
03
验证方
使用时验证
流程
发行方签署凭证 → 持有方将其存储在钱包中 → 验证方请求字段 → 持有方批准披露 → 验证方仅验证披露字段上的签名。
Didit · 持续刷新
Didit · 成本模型
$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-d '{
"workflow_id": "wf_accept_reusable",
"vendor_data": "user-42",
"metadata": { "request_fields": ["full_name", "age_over_18"] }
}'托管流程检测凭证或运行完整 KYC$ curl https://verification.didit.me/v3/session/$SID/decision/ \
-H "x-api-key: $DIDIT_API_KEY"
# 返回披露字段 + 签发者链
# 当 reusable_identity.presented 为 true 时。
# 返回完整的 KYC 证据包
# 当执行了新的 KYC 时。状态:已批准 · 审核中 · 已拒绝 · 已过期You are integrating Didit's Reusable Identity / eIDAS 2.0 acceptance into your platform. Two flows:
1. Issue — when a new user runs a full KYC on your platform, they leave with a Didit-signed Reusable Identity credential in their wallet (the Didit app or any EU Digital Identity Wallet).
2. Accept — when a user arrives at your platform already holding a Didit-signed credential, the session detects it and short-circuits, returning Approved without re-running the full KYC.
Bundle pricing (verified live 2026-05-16):
- First verification (issuance side): $0.33 per user (Sessions API full KYC bundle)
- Issuance: free — the signed credential is included with every KYC
- Reuse on the verifying side: free, forever
- Selective disclosure: free
- Continuous Anti-Money Laundering (AML) refresh: $0.07 per user per year (automatic)
- First 500 verifications free every month, forever
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
- Webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header.
HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature. - A workflow_id from the no-code Workflow Builder with:
* ID Verification + Passive Liveness + Face Match 1:1 + Device & IP Analysis + AML Screening (for issuance)
* Reusable Identity acceptance turned on (for acceptance — toggle in the Workflow Builder)
- Optional: the Didit mobile SDK (iOS / Android / React Native / Flutter) for native deep-link wallet handoff.
STEP 1 — Open a session that accepts a Reusable Identity if presented
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with Reusable Identity acceptance on>",
"vendor_data": "<your user id>",
"callback": "https://<your-app>/onboarding/callback",
"metadata": {
"purpose": "platform_onboarding",
"request_fields": ["full_name", "age_over_18", "country_of_residence"]
}
}
Optional in body: declare the exact fields you need disclosed via metadata.request_fields. Didit's hosted flow will prompt the user to approve only those specific fields when they present a Reusable Identity credential.
Response: 201 Created with the hosted session URL. Redirect the user.
STEP 2 — The hosted flow detects (or runs) the verification
Two paths from this one endpoint:
Path A — User has a Didit-signed credential
- The hosted flow detects the credential via a wallet-handoff prompt (universal link on mobile, popup-bridge on desktop)
- The user approves the disclosure of the requested fields
- Didit validates the issuer signature + credential freshness server-side
- Session returns Approved with the disclosed fields populated on the decision payload
- Cost: $0 on the verifying side
Path B — User does NOT have a credential
- The hosted flow runs the full KYC bundle (ID + Liveness + Face Match + Device & IP + AML)
- At completion, Didit issues a Reusable Identity credential to the user's wallet
- Session returns Approved with the full decision payload
- Cost: $0.33 on the verifying-and-issuing side
Same endpoint, same webhook, same status enum. The path is transparent to your back-end.
STEP 3 — Read the signed webhook
Didit POSTs to your callback. Session statuses (Title Case With Spaces):
Body (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your user id>",
"status": "Approved",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.94 },
"ip_analysis": { "status": "Approved" },
"aml": { "status": "Approved", "hits": [] },
"reusable_identity": {
"presented": true,
"issuer": "<issuing-platform name>",
"issued_at": "<timestamp>",
"disclosed_fields": ["full_name", "age_over_18", "country_of_residence"]
}
}
Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
Verify the X-Signature-V2 header BEFORE reading the body.
When reusable_identity.presented is true, the user re-presented an existing credential and the verification was free; when false, a fresh KYC was run and billed at $0.33.
STEP 4 — Retrieve the full decision later
GET https://verification.didit.me/v3/session/{sessionId}/decision/
Headers:
x-api-key: <your api key>
Returns the full payload including: document scan + extracted Machine-Readable Zone (MRZ) data, biometric similarity, AML hits, device + IP risk signals, 200+ fraud signals, HMAC signature, and (if presented) the credential issuance chain.
Same evidence pack regardless of issuance vs reuse — the verifier never sees less than a fresh KYC would deliver.
STEP 5 — Continuous AML monitoring is automatic
Every approved user (issued OR presented) is re-screened daily against 1,300+ sanctions, PEP, and adverse-media lists at $0.07 per user per year on heavy-volume accounts. When a previously-clean user crosses an AML threshold, the credential's AML field is updated automatically; every receiving platform sees the refreshed status on next presentation.
When the user revokes a credential from their wallet, your receiving platform's webhook fires with status: Expired and the credential is dropped from the user's account.
STEP 6 — Selective disclosure at presentation time
Pass the exact fields you need via metadata.request_fields at session creation. Recommended minimum-disclosure patterns:
- Age-gate (UK Online Safety Act, France SREN): ["age_over_18"]
- Country-gate: ["country_of_residence"]
- Full name + verified-human: ["full_name", "verified_human"]
- AML-clear gate (lending): ["aml_clear", "full_name"]
- Full identity (banking, payments): ["full_name", "date_of_birth", "address", "document_number", "aml_clear"]
The user sees a single approval prompt listing the requested fields. Anything not listed is never disclosed to your platform.
WEBHOOK EVENT NAMES
- Sessions: status changes flow through the standard session webhook (verify X-Signature-V2 HMAC SHA-256).
- Credential lifecycle: status: Expired fires when a holder revokes the credential.
CONSTRAINTS
- Session statuses use Title Case With Spaces. Don't UPPER_SNAKE_CASE them.
- Reusable Identity acceptance is OFF by default; turn it on in the Workflow Builder.
- Selective disclosure is the privacy default — fields not in metadata.request_fields are never returned, even if the credential carries them.
- Default record retention is 5 years post-relationship per the EU AML package.
- 200+ fraud signals are evaluated on every session, issued or presented, at no extra cost.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/sessions-api/retrieve-session
- https://docs.didit.me/core-technology/reusable-kyc/overview
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.每月 $0。无需信用卡。
按实际用量付费。25+模块。公开的模块定价,无每月最低费用。
定制MSA和SLA。适用于大批量和受监管项目。
免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。
Didit是身份和欺诈基础设施, 是我们自己在构建产品时希望存在的平台:开放、灵活、开发者友好,因此它能真正成为您技术栈的一部分,而不是一个需要您围绕其集成的黑盒。
一个API即可覆盖人员验证(KYC,了解您的客户)、企业验证(KYB,了解您的业务)、加密钱包筛选(KYT,了解您的交易)以及实时交易监控, 构建于以下特点的技术栈:
底层支持:14000多种证件类型,支持48种以上语言,1000多个数据源,以及每个会话200多个欺诈信号。Didit基础设施从每个会话中动态学习,并日益完善。
eIDAS 2.0, 全称电子身份识别、认证和信任服务, 是欧盟2024年对其身份规则手册的更新。主要变化是欧洲数字身份钱包(通常简称EUDI钱包):到2026年底,每个欧盟公民和居民都将有权拥有一个智能手机应用程序。
该钱包存储可验证凭证, 数字驾驶执照、已验证身份证明、学术文凭, 由受信任方签发,并以加密证明形式提交给依赖方,可选择选择性披露(证明您已满18岁,而无需透露您的完整出生日期)。
对于企业而言,eIDAS 2.0既涉及接受钱包出示的凭证,也涉及签发用户携带的凭证。
强制接受正在按行业逐步推行:
在强制列表之外,每个欧盟企业都可以选择自愿发行和接受钱包凭证, 大多数受监管的企业都会这样做,因为用户体验比重新运行完整的 KYC 要好得多。
整个流程通常在 30 秒内完成, 拿起身份证,拍摄文件,拍摄自拍,完成。这是市场上最快的。传统的 KYC 提供商通常需要超过 90 秒才能完成相同的流程。
在后端,Didit 在 p99 下两秒内返回结果,从用户完成自拍到您的 webhook 触发的那一刻开始计算。移动捕获针对慢速手机和慢速网络进行了优化:渐进式图像压缩、延迟软件开发工具包加载,以及如果用户从网页开始,通过二维码从桌面到手机的一键式切换。
联邦登录证明身份提供商处存在账户,接收方企业可获得电子邮件地址和可能有的姓名。但这并非监管级别的身份验证。
可复用身份包含:
验证方可获得与自行运行 KYC 相同的监管保障,且无需承担成本、减少摩擦并避免转化率下降。
每个会话都有七种明确状态之一,因此您的代码始终知道如何处理:
Approved, 所有检查通过。让用户继续。Declined, 一项或多项检查失败。您可以允许用户重新提交特定的失败步骤(例如,重新拍摄自拍照),而无需重新运行整个流程。In Review, 标记为合规审查。在控制台中打开案例,查看所有信号,决定批准或拒绝。In Progress, 用户正在流程中。Not Started, 链接已发送,用户尚未打开。如果长时间未打开,发送提醒。Abandoned, 用户打开了链接但未及时完成。重新激活或使其过期。Expired, 会话链接已过期。创建新会话。每次状态更改都会触发签名 webhook,因此您的数据库始终保持同步。放弃和拒绝的会话是免费的。
生产数据默认在欧盟的 Amazon Web Services 上处理和存储。企业合同可根据监管机构要求,申请其他司法管辖区的备用区域。
全面加密。 所有数据库、对象存储和备份均采用 AES-256 静态加密。所有 API 调用、webhook 和业务控制台会话均采用传输层安全协议 1.3 进行传输加密。生物识别数据使用单独的客户主密钥进行加密。
保留期限由您控制。 默认保留期限为无限期(无限制),除非您配置更短的期限, 每个应用程序可在30 天到 10 年之间, 您可以随时通过仪表板或 API 删除任何单个会话。
认证:SOC 2 Type 1(Type 2 审计进行中)、ISO/IEC 27001:2022、iBeta Level 1 PAD,以及来自西班牙 Tesoro / SEPBLAC / CNMV 的公开证明,表明 Didit 的远程身份验证比亲自验证更安全。完整报告请访问 /security-compliance。
Didit 默认符合身份基础设施相关监管机构的要求:
详细备忘录、所有证书、所有监管机构函件:/security-compliance。
三种集成路径, 选择最适合您技术栈的:
所有三种方式都使用相同的仪表板、相同的计费和相同的按成功付费价格。分步指南请访问 docs.didit.me/integration/integration-prompt。
可复用身份是传统 KYC 堆栈的隐私升级:
接收方处理的法律依据是 GDPR 下的合法权益, 用户已明确出示凭证以访问服务。Didit 的标准数据处理协议 (DPA) 涵盖了联合控制者关系。
三种触发类型:
接收平台无需追溯用户更新, 凭证带有自己的新鲜度信号,过期的凭证在出示时会被拒绝。
验证者(接收平台)将获得与原始验证者相同的每次出示证据包,以及签发链:
Didit 是唯一获得欧盟成员国政府正式证明的 KYC 平台, 西班牙财政部、西班牙银行和 SEPBLAC 联合证明该服务比亲自验证更安全。该证明适用于每次复用出示。