免费
每月 $0。无需信用卡。
- 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
- 黑名单用户
- 重复检测
- 每次会话 200+ 欺诈信号
- Didit 网络中可重复使用的 KYC
- 案件管理平台
- 工作流构建器
- 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
- 社区支持


全球2,000多家组织信赖。

为什么大多数结账无需摩擦
90% 的订单来自常用设备的日常买家, 他们应该一路畅通。 10% 存在风险高峰的订单则需要筛查:低价值订单只需 $0.03 的 IP + 设备检测, 高价值订单则需 $0.10 的生物识别升级。每月免费提供 500 次验证。
选择您需要的检查项, 身份、活体检测、人脸比对、制裁名单、地址、年龄、电话、邮箱、自定义问题。在控制面板中将它们拖入工作流,或通过我们的 API 发布相同的工作流。根据条件进行分支,运行 A/B 测试,无需代码。
通过我们的 Web、iOS、Android、React Native 或 Flutter SDK 进行原生嵌入。重定向到托管页面。或者直接通过电子邮件、短信、WhatsApp 等任何方式向用户发送链接。选择适合您技术栈的方式。
Didit 负责托管摄像头、灯光提示、移动设备切换和辅助功能。当用户在流程中时,我们实时评估 200 多个欺诈信号,并根据权威数据源验证每个字段。两秒内即可出结果。
实时签名 Webhook 可确保用户通过、拒绝或发送审核的瞬间,您的数据库保持同步。按需轮询 API。或者打开控制台检查每个会话、每个信号,并按您的方式管理案例。
Didit · 风险触发策略
Didit · 设备与 IP 分析
Didit · 生物识别认证
确认 · 1/1
请保持静止以进行检查
Didit · 拒付证据
订单-A4421 · 证据包
Didit · 可复用 KYC
首次通过
结账
Didit · Webhook · X-Signature-V2
{
"session_id": "order-A4421",
"vendor_data": "order-A4421",
"status": "Approved",
"ip_analysis": { "score": 11 },
"liveness": { "status": "Approved" }
}$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "wf_buyer_screen",
"vendor_data": "order-A4421",
"metadata": { "cart_total_cents": 78500 }
}'{ "session_url": "verify.didit.me/..." }// X-Signature-V2 verified upstream
if (payload.status === "Approved") {
shipOrder(payload.vendor_data);
} else if (payload.status === "Declined") {
cancelAndRefund(payload.vendor_data);
}{ status Approved · Declined · In Review · Not Finished }You are integrating a Didit buyer-side fraud screen on a marketplace / e-commerce checkout. Goal: catch stolen-card use, account takeover, gift-card stack abuse, geo-mismatch friendly fraud, and bot scalping on high-value carts. Two stages — cheap signals first, biometric step-up only when signals aren't enough.
WHY THIS SHAPE
- Most checkouts don't need any friction. Day-to-day buyers on trusted devices from residential networks should sail through.
- A small percentage are high-value or high-risk — cart over a threshold, gift-card stack, payout to a new card, geo mismatch, new device, velocity anomaly. On those, run a screen.
- Two stages keep the cost and the friction proportional to the risk. Cheap IP + device check ($0.03) is decisive on the obvious cases. Biometric step-up ($0.10) only fires when the cheap signals are inconclusive AND the order is high-value.
- 500 verifications free every month. The screen runs inside the free tier for most teams while they tune the thresholds.
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
- A webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header using your webhook secret.
- A Workflow Builder workflow with Device & IP Analysis and optionally Passive Liveness + Face Match 1:1 against the stored buyer portrait.
- A server-side cart-gate that defaults to BLOCK on the high-risk path and only unblocks on a verified webhook with status: Approved.
STEP 1 — Decide WHEN to screen (your code, not Didit's)
Run your usual checkout signals. Default triggers worth a screen:
- Cart total above your account-level tier (e.g. > $500)
- Gift-card stack of three or more cards in one order
- Shipping country that doesn't match the billing-card country
- First buy from a new device
- Velocity anomaly — N orders within window W from the same buyer
- Payout / refund destination changed mid-flow
Day-to-day reads from trusted-device + residential-network buyers do NOT need a screen.
STEP 2 — Open the screen session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id with Device & IP Analysis + optional Passive Liveness + Face Match 1:1>",
"vendor_data": "<your order id, max 256 chars>",
"callback": "https://<your-app>/checkout/screen/callback",
"metadata": {
"cart_total_cents": 78500,
"currency": "EUR",
"trigger": "high_value_cart"
}
}
Response: 201 Created with a hosted session URL. Show inline at checkout (web), or open in a Software Development Kit (SDK) webview (mobile). The order stays in HOLD on your side until the signed webhook lands.
STEP 3 — Read the signed webhook
Didit POSTs the verdict. Verify X-Signature-V2 (HMAC SHA-256 of the raw body) BEFORE reading the JSON.
Payload (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your order id>",
"status": "Approved",
"ip_analysis": { "status": "Approved", "score": 11 },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.93 }
}
Session status enum (exact case, Title Case With Spaces): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
STEP 4 — Branch the cart action
Approved → ship the order, capture the auth, send the confirmation.
In Review → hold the order. Route to manual review with the per-module signals as the case file.
Declined → cancel the order, refund the auth, log warnings (liveness / face-match / ip flags), throttle the source IP.
Not Finished → invite the buyer to retry the screen with a fresh session URL. Don't ship.
STEP 5 — (Optional) Reusable Know Your Customer (KYC) for returning trusted buyers
Once a buyer has passed identity once on the platform, the credential can replay on future checkouts at no cost via Reusable KYC. Look up the buyer's prior session_id; if the credential is valid and recent, skip the live screen.
That keeps the friction on the unknown traffic only. Free forever.
STEP 6 — Use the decision payload as the chargeback evidence pack
When a dispute lands, pull the full decision payload via:
GET https://verification.didit.me/v3/session/{session_id}/decision/
Headers:
x-api-key: <your api key>
Pairs naturally with:
- 3-D Secure 2.x (3DS2) liability shift on EU cards
- Visa Compelling Evidence 3.0 (CE3.0) — biometric + IP + device fingerprint + prior-order history meets the "trusted customer" bar
- Mastercard Identity Check chargeback dispute kit
WEBHOOK EVENT NAMES
- Sessions: standard session webhook. One endpoint, status field tells you the lifecycle.
- Verify X-Signature-V2 (HMAC SHA-256) on every payload.
WHAT IT BLOCKS
- Stolen-card use on first-time-buy + geo mismatch
- Account takeover on a previously-verified buyer (the step-up is the second-factor)
- Friendly fraud where the cardholder disputes a charge they actually authorised
- Bot scalpers running multi-item carts from datacenter Internet Protocol (IP) addresses
- Gift-card stack drains funded by a stolen card
- Reshipper / mule patterns (ship-to address inconsistent with prior orders)
CONSTRAINTS
- Session statuses use Title Case With Spaces. Never UPPER_SNAKE_CASE — that's the Transactions API.
- Start with IP-only on the cheap cases. Add the biometric step-up only on high-value carts or when IP alone is inconclusive — keeps cost down and friction proportional.
- 200+ fraud signals are evaluated on every session at no extra cost — read them off the decision payload, don't re-query.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/core-technology/ip-analysis/overview
- https://docs.didit.me/core-technology/biometric-auth/overview
- https://docs.didit.me/core-technology/reusable-kyc/overview
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.每月 $0。无需信用卡。
按实际用量付费。25+模块。公开的模块定价,无每月最低费用。
定制MSA和SLA。适用于大批量和受监管项目。
免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。
Didit 是身份和欺诈基础设施, 我们自己构建产品时所期望的平台:开放、灵活、对开发者友好,因此它能真正融入您的技术栈,而不是一个需要您围绕其进行集成的黑箱。
一个 API 即可覆盖个人验证(KYC,了解您的客户)、企业验证(KYB,了解您的业务)、加密钱包筛选(KYT,了解您的交易)以及实时交易监控, 所有这些都构建在以下技术栈之上:
底层支持:14,000 多种文档类型,支持 48 种以上语言,1,000 多个数据源,每次会话提供 200 多个欺诈信号。Didit 基础设施通过每次会话动态学习,并日益完善。
指付款人无权使用该支付工具进行支付,或交易结构旨在触发后续退款的任何模式。
常见形式:
摩擦是有代价的。每增加一个结账步骤,转化率都会明显下降。大多数买家, 已知设备、住宅网络、正常购物车总额, 应该无需任何筛选即可顺利通过。
两阶段方法使摩擦与风险成比例:
$0.03), 设备与 IP 分析,成本低且无感。对明显案例做出决定(VPN + 数据中心 IP + 无头浏览器 = 当场拦截;受信任设备 + 住宅 ISP = 当场通过)。$0.10), 被动活体检测,仅在第一阶段结果不确定且购物车总额超过值得投入的阈值时触发。结果:大多数结账流程零摩擦,高风险部分得到决定性检查。
整个流程通常在 30 秒内完成, 拿起身份证,拍摄证件,拍摄自拍,完成。这是市场上最快的速度。传统的 KYC 提供商完成相同流程通常需要超过 90 秒。
在后端,Didit 在用户完成自拍到您的 webhook 触发的瞬间,p99 响应时间低于两秒。移动端捕获针对慢速手机和慢速网络进行了优化:渐进式图像压缩、延迟加载软件开发工具包,以及如果用户从网页端开始,可通过二维码一键从桌面端切换到手机端。
仅当第一阶段结果不确定且订单价值足够高以证明摩擦合理时。例如:
升级是 $0.10 的被动活体检测,可选额外 $0.05 的人脸 1:1 比对,与存储的买家肖像进行比对。入门级安卓设备上,两秒内即可得出结果。
每个会话都会落入七种明确状态之一,因此您的代码始终知道如何处理:
Approved, 所有检查通过。让用户继续。Declined, 一个或多个检查失败。您可以允许用户重新提交特定失败步骤(例如,重新拍摄自拍),而无需重新运行整个流程。In Review, 标记为合规审查。在控制台中打开案例,查看所有信号,决定批准或拒绝。In Progress, 用户正在流程中。Not Started, 链接已发送,用户尚未打开。如果长时间未打开,发送提醒。Abandoned, 用户打开了链接但未及时完成。重新激活或使其过期。Expired, 会话链接已过期。创建新会话。每次状态更改都会触发一个签名 webhook,因此您的数据库始终保持同步。放弃和拒绝的会话是免费的。
生产数据默认在欧盟通过 Amazon Web Services 进行处理和存储。企业合同可根据监管机构要求申请其他区域。
全面加密。所有数据库、对象存储和备份中的静态数据均采用 AES-256 加密。所有 API 调用、webhook 和业务控制台会话中的传输数据均采用传输层安全协议 1.3。生物识别数据使用单独的客户主密钥加密。
保留期限由您控制。默认保留期限为无限期(无限制),除非您配置更短的期限, 每个应用程序可在30 天到 10 年之间, 您可以随时通过仪表板或 API 删除任何单个会话。
认证:SOC 2 Type 1(Type 2 审计进行中)、ISO/IEC 27001:2022、iBeta Level 1 PAD,以及来自西班牙 Tesoro / SEPBLAC / CNMV 的公开证明,表明 Didit 的远程身份验证比线下人工验证更安全。完整报告请访问 /security-compliance。
Didit 默认符合对身份基础设施至关重要的监管机构要求:
详细备忘录、所有证书、所有监管机构函件:/security-compliance。
三种集成路径, 选择最适合您技术栈的:
所有三种方式都使用相同的仪表板、相同的计费、相同的按成功付费价格。分步指南请访问 docs.didit.me/integration/integration-prompt。
是的。相同的 POST /v3/session/ 支持两者。在网页端,在结账时内联渲染返回的 session_url。在移动端,在 Didit 软件开发工具包 (SDK) webview 中打开, 提供五种 SDK:Web、iOS、Android、React Native、Flutter,全部免费。
无论平台如何,结果都通过相同的签名 webhook 返回。一次集成,覆盖所有平台。
最坏情况下有两项费用:
需要两个阶段的受保护结账中位数:约 $0.13。大多数结账仅运行第一阶段,费用为 $0.03。通过可复用 KYC 的回访受信任买家永久免费。
每个账户每月前 500 次验证免费。
任何篮子金额足够大,以至于盗卡购买会造成损失的场景:
一个工作流,适用于各种购物车形态。