English
Bangla
Arabic
Didit API Integration Guide
This guide compiles the full details from the Didit API documentation, covering introduction, setup, workflows, integration methods for web and mobile, no-code options, webhooks, verification statuses, rate limiting, and pricing. It is based on the available reference materials to provide a comprehensive, step-by-step resource for integrating Didit’s AI-native identity verification platform.
#Introduction
Didit is an AI-native identity platform designed to help developers and businesses verify users instantly, combat sophisticated fraud, and reduce costs by up to 70% without compromising user experience (UX), privacy, or control.
##Problems with Legacy Identity Verification
Traditional systems suffer from:
- **Exorbitant Costs**: $1–$3 per check with minimum commitments.
- **Manual Reviews**: Slow and error-prone decisioning.
- **Opaque Pricing & Sales Loops**: Testing requires sales interactions.
- **Developer-Hostile Integration**: Poor documentation and clunky SDKs leading to weeks-long setups.
- **Bundled, Inflexible Products**: Forced purchases of unnecessary features via contracts.
- **Not Ready for AI Fraud**: Inadequate detection of deepfakes, spoofing, and synthetic identities.
- **Slow & Painful User Flows**: 60–90 second processes causing high drop-off rates.
##Didit V2 Principles
Didit aims to build an open, modular identity layer for the internet, powered by AI in a developer-first manner.
| Principle | Description |
|-----------------|-------------|
| **AI-Native** | Fully automated verifications detecting spoofs and synthetic fraud in milliseconds. |
| **Developer-First** | Open docs, clear pricing, instant sandbox—integrate in hours. |
| **Modular & Flexible** | Compose workflows with features like IDV, AML, NFC, Liveness, Face Match, Age-Check. |
| **Affordable** | Free Core KYC, prepaid credits, pay only for successful checks—up to 70% cheaper. |
##Use Cases
- Seamless user onboarding (KYC / KYB).
- Age & geolocation compliant access.
- Fraud-proof face authentication.
- AML / politically exposed person screening.
- Self-sovereign identity wallets.
- Global ID document verification.
##Getting Started
1. Create an account for instant sandbox access.
2. Choose integration: No-Code Workflows via Console or APIs & SDKs for custom builds.
3. Launch your first verification in minutes. Start with the Quick Start Guide.
#Quick Start
Follow these steps to create a Didit account, configure a workflow, secure an API key, and launch your first verification session.
##Step 1: Create Your Free Didit Account
1. Visit [business.didit.me](https://business.didit.me).
2. Sign up with a business email and authenticate via magic login link.
3. Set up an Organization workspace for managing workflows, API keys, and verifications.
##Step 2: Build Your First Verification Workflow
1. In the Console, go to **Verifications → Workflows → Create New**.
2. Select a template:
- **KYC**: Standard onboarding.
- **Adaptive Age Verification**: Selfie check with document fallback.
- **Biometric Authentication**: Password-less selfie login.
- **Address Verification**.
3. Customize by adding blocks (e.g., Liveness Detection, Face Match, AML, NFC) and fallback logic.
##Step 3: Configure Webhook & Copy API Key
1. Navigate to **Verifications → Settings → API & Webhooks**.
2. Add your Webhook URL for status updates.
3. Copy and securely store your API Key (avoid frontend exposure).
##Step 4: Start a Verification Session
###Option A: Verification Links (Fastest)
- In **Verifications**, click “+” and select a workflow.
- Generate a link or QR code.
- Distribute via email, SMS, or embed.
Programmatically (via API):
```
POST /v2/session/
{
"workflow_id": "your-workflow-id"
}
```
(Note: Find `workflow_id` in Console under **Verifications → Workflows**.)
###Option B: Standalone APIs (Advanced)
Call endpoints directly from backend:
- `/v2/id-verification/`: ID document checks.
- `/v2/face-match/`: Selfie vs. ID comparison.
- `/v2/aml/`: Compliance list checks.
- `/v2/passive-liveness/`: Deepfake detection.
Suitable for custom UI or backend-only flows.
##Step 5: Receive Real-Time Results
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Didit is an AI-native identity platform designed to help developers and businesses verify users instantly, combat sophisticated fraud, and reduce costs by up to 70% without compromising user experience (UX), privacy, or control.
##
Problems with Legacy Identity Verification
Traditional systems suffer from:
- **Exorbitant Costs**: $1–$3 per check with minimum commitments.
- **Manual Reviews**: Slow and error-prone decisioning.
- **Opaque Pricing & Sales Loops**: Testing requires sales interactions.
- **Developer-Hostile Integration**: Poor documentation and clunky SDKs leading to weeks-long setups.
- **Bundled, Inflexible Products**: Forced purchases of unnecessary features via contracts.
- **Not Ready for AI Fraud**: Inadequate detection of deepfakes, spoofing, and synthetic identities.
- **Slow & Painful User Flows**: 60–90 second processes causing high drop-off rates.
##Didit V2 Principles
Didit aims to build an open, modular identity layer for the internet, powered by AI in a developer-first manner.
| Principle | Description |
|-----------------|-------------|
| **AI-Native** | Fully automated verifications detecting spoofs and synthetic fraud in milliseconds. |
| **Developer-First** | Open docs, clear pricing, instant sandbox—integrate in hours. |
| **Modular & Flexible** | Compose workflows with features like IDV, AML, NFC, Liveness, Face Match, Age-Check. |
| **Affordable** | Free Core KYC, prepaid credits, pay only for successful checks—up to 70% cheaper. |
##Use Cases
- Seamless user onboarding (KYC / KYB).
- Age & geolocation compliant access.
- Fraud-proof face authentication.
- AML / politically exposed person screening.
- Self-sovereign identity wallets.
- Global ID document verification.
##Getting Started
1. Create an account for instant sandbox access.
2. Choose integration: No-Code Workflows via Console or APIs & SDKs for custom builds.
3. Launch your first verification in minutes. Start with the Quick Start Guide.
#Quick Start
Follow these steps to create a Didit account, configure a workflow, secure an API key, and launch your first verification session.
##Step 1: Create Your Free Didit Account
1. Visit [business.didit.me](https://business.didit.me).
2. Sign up with a business email and authenticate via magic login link.
3. Set up an Organization workspace for managing workflows, API keys, and verifications.
##Step 2: Build Your First Verification Workflow
1. In the Console, go to **Verifications → Workflows → Create New**.
2. Select a template:
- **KYC**: Standard onboarding.
- **Adaptive Age Verification**: Selfie check with document fallback.
- **Biometric Authentication**: Password-less selfie login.
- **Address Verification**.
3. Customize by adding blocks (e.g., Liveness Detection, Face Match, AML, NFC) and fallback logic.
##Step 3: Configure Webhook & Copy API Key
1. Navigate to **Verifications → Settings → API & Webhooks**.
2. Add your Webhook URL for status updates.
3. Copy and securely store your API Key (avoid frontend exposure).
##Step 4: Start a Verification Session
###Option A: Verification Links (Fastest)
- In **Verifications**, click “+” and select a workflow.
- Generate a link or QR code.
- Distribute via email, SMS, or embed.
Programmatically (via API):
```
POST /v2/session/
{
"workflow_id": "your-workflow-id"
}
```
(Note: Find `workflow_id` in Console under **Verifications → Workflows**.)
###Option B: Standalone APIs (Advanced)
Call endpoints directly from backend:
- `/v2/id-verification/`: ID document checks.
- `/v2/face-match/`: Selfie vs. ID comparison.
- `/v2/aml/`: Compliance list checks.
- `/v2/passive-liveness/`: Deepfake detection.
Suitable for custom UI or backend-only flows.
##Step 5: Receive Real-Time Results
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Didit aims to build an open, modular identity layer for the internet, powered by AI in a developer-first manner.
| Principle | Description |
|-----------------|-------------|
| **AI-Native** | Fully automated verifications detecting spoofs and synthetic fraud in milliseconds. |
| **Developer-First** | Open docs, clear pricing, instant sandbox—integrate in hours. |
| **Modular & Flexible** | Compose workflows with features like IDV, AML, NFC, Liveness, Face Match, Age-Check. |
| **Affordable** | Free Core KYC, prepaid credits, pay only for successful checks—up to 70% cheaper. |
##
Use Cases
- Seamless user onboarding (KYC / KYB).
- Age & geolocation compliant access.
- Fraud-proof face authentication.
- AML / politically exposed person screening.
- Self-sovereign identity wallets.
- Global ID document verification.
##Getting Started
1. Create an account for instant sandbox access.
2. Choose integration: No-Code Workflows via Console or APIs & SDKs for custom builds.
3. Launch your first verification in minutes. Start with the Quick Start Guide.
#Quick Start
Follow these steps to create a Didit account, configure a workflow, secure an API key, and launch your first verification session.
##Step 1: Create Your Free Didit Account
1. Visit [business.didit.me](https://business.didit.me).
2. Sign up with a business email and authenticate via magic login link.
3. Set up an Organization workspace for managing workflows, API keys, and verifications.
##Step 2: Build Your First Verification Workflow
1. In the Console, go to **Verifications → Workflows → Create New**.
2. Select a template:
- **KYC**: Standard onboarding.
- **Adaptive Age Verification**: Selfie check with document fallback.
- **Biometric Authentication**: Password-less selfie login.
- **Address Verification**.
3. Customize by adding blocks (e.g., Liveness Detection, Face Match, AML, NFC) and fallback logic.
##Step 3: Configure Webhook & Copy API Key
1. Navigate to **Verifications → Settings → API & Webhooks**.
2. Add your Webhook URL for status updates.
3. Copy and securely store your API Key (avoid frontend exposure).
##Step 4: Start a Verification Session
###Option A: Verification Links (Fastest)
- In **Verifications**, click “+” and select a workflow.
- Generate a link or QR code.
- Distribute via email, SMS, or embed.
Programmatically (via API):
```
POST /v2/session/
{
"workflow_id": "your-workflow-id"
}
```
(Note: Find `workflow_id` in Console under **Verifications → Workflows**.)
###Option B: Standalone APIs (Advanced)
Call endpoints directly from backend:
- `/v2/id-verification/`: ID document checks.
- `/v2/face-match/`: Selfie vs. ID comparison.
- `/v2/aml/`: Compliance list checks.
- `/v2/passive-liveness/`: Deepfake detection.
Suitable for custom UI or backend-only flows.
##Step 5: Receive Real-Time Results
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
1. Create an account for instant sandbox access.
2. Choose integration: No-Code Workflows via Console or APIs & SDKs for custom builds.
3. Launch your first verification in minutes. Start with the Quick Start Guide.
#
Quick Start
Follow these steps to create a Didit account, configure a workflow, secure an API key, and launch your first verification session.
##Step 1: Create Your Free Didit Account
1. Visit [business.didit.me](https://business.didit.me).
2. Sign up with a business email and authenticate via magic login link.
3. Set up an Organization workspace for managing workflows, API keys, and verifications.
##Step 2: Build Your First Verification Workflow
1. In the Console, go to **Verifications → Workflows → Create New**.
2. Select a template:
- **KYC**: Standard onboarding.
- **Adaptive Age Verification**: Selfie check with document fallback.
- **Biometric Authentication**: Password-less selfie login.
- **Address Verification**.
3. Customize by adding blocks (e.g., Liveness Detection, Face Match, AML, NFC) and fallback logic.
##Step 3: Configure Webhook & Copy API Key
1. Navigate to **Verifications → Settings → API & Webhooks**.
2. Add your Webhook URL for status updates.
3. Copy and securely store your API Key (avoid frontend exposure).
##Step 4: Start a Verification Session
###Option A: Verification Links (Fastest)
- In **Verifications**, click “+” and select a workflow.
- Generate a link or QR code.
- Distribute via email, SMS, or embed.
Programmatically (via API):
```
POST /v2/session/
{
"workflow_id": "your-workflow-id"
}
```
(Note: Find `workflow_id` in Console under **Verifications → Workflows**.)
###Option B: Standalone APIs (Advanced)
Call endpoints directly from backend:
- `/v2/id-verification/`: ID document checks.
- `/v2/face-match/`: Selfie vs. ID comparison.
- `/v2/aml/`: Compliance list checks.
- `/v2/passive-liveness/`: Deepfake detection.
Suitable for custom UI or backend-only flows.
##Step 5: Receive Real-Time Results
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
1. Visit [business.didit.me](https://business.didit.me).
2. Sign up with a business email and authenticate via magic login link.
3. Set up an Organization workspace for managing workflows, API keys, and verifications.
##
Step 2: Build Your First Verification Workflow
1. In the Console, go to **Verifications → Workflows → Create New**.
2. Select a template:
- **KYC**: Standard onboarding.
- **Adaptive Age Verification**: Selfie check with document fallback.
- **Biometric Authentication**: Password-less selfie login.
- **Address Verification**.
3. Customize by adding blocks (e.g., Liveness Detection, Face Match, AML, NFC) and fallback logic.
##Step 3: Configure Webhook & Copy API Key
1. Navigate to **Verifications → Settings → API & Webhooks**.
2. Add your Webhook URL for status updates.
3. Copy and securely store your API Key (avoid frontend exposure).
##Step 4: Start a Verification Session
###Option A: Verification Links (Fastest)
- In **Verifications**, click “+” and select a workflow.
- Generate a link or QR code.
- Distribute via email, SMS, or embed.
Programmatically (via API):
```
POST /v2/session/
{
"workflow_id": "your-workflow-id"
}
```
(Note: Find `workflow_id` in Console under **Verifications → Workflows**.)
###Option B: Standalone APIs (Advanced)
Call endpoints directly from backend:
- `/v2/id-verification/`: ID document checks.
- `/v2/face-match/`: Selfie vs. ID comparison.
- `/v2/aml/`: Compliance list checks.
- `/v2/passive-liveness/`: Deepfake detection.
Suitable for custom UI or backend-only flows.
##Step 5: Receive Real-Time Results
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
1. Navigate to **Verifications → Settings → API & Webhooks**.
2. Add your Webhook URL for status updates.
3. Copy and securely store your API Key (avoid frontend exposure).
##
Step 4: Start a Verification Session
###Option A: Verification Links (Fastest)
- In **Verifications**, click “+” and select a workflow.
- Generate a link or QR code.
- Distribute via email, SMS, or embed.
Programmatically (via API):
```
POST /v2/session/
{
"workflow_id": "your-workflow-id"
}
```
(Note: Find `workflow_id` in Console under **Verifications → Workflows**.)
###Option B: Standalone APIs (Advanced)
Call endpoints directly from backend:
- `/v2/id-verification/`: ID document checks.
- `/v2/face-match/`: Selfie vs. ID comparison.
- `/v2/aml/`: Compliance list checks.
- `/v2/passive-liveness/`: Deepfake detection.
Suitable for custom UI or backend-only flows.
##Step 5: Receive Real-Time Results
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
- In **Verifications**, click “+” and select a workflow.
- Generate a link or QR code.
- Distribute via email, SMS, or embed.
Programmatically (via API):
```
POST /v2/session/
{
"workflow_id": "your-workflow-id"
}
```
(Note: Find `workflow_id` in Console under **Verifications → Workflows**.)
###
Option B: Standalone APIs (Advanced)
Call endpoints directly from backend:
- `/v2/id-verification/`: ID document checks.
- `/v2/face-match/`: Selfie vs. ID comparison.
- `/v2/aml/`: Compliance list checks.
- `/v2/passive-liveness/`: Deepfake detection.
Suitable for custom UI or backend-only flows.
##Step 5: Receive Real-Time Results
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Didit sends webhook events (no polling needed):
- **status.updated**: On any status change, including session start.
- **data.updated**: On manual KYC/POA updates by reviewers.
##
Step 6: Manage & Monitor in the Console
- View real-time session progress.
- Export PDF/CSV reports.
- Blocklist suspicious IDs/faces.
- Manually delete/reject sessions.
##Support
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
- WhatsApp: [Link](https://api.whatsapp.com/send/?phone=%2B34681310687).
- Email: support@didit.me.
#
Workflows Dashboard
Didit’s Orchestrated Workflows enable no-code design of multi-step identity verification journeys using a visual builder in the Business Console. Define logic once; Didit handles user-facing experience, state, and conditions. Ideal for onboarding, age verification, or re-authentication with minimal development.
##Workflow Builder
Start with templates and customize features/parameters via settings.
###Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Start with templates and customize features/parameters via settings.
###
Templates
| Template | Description | Starts With | Common Features |
|----------|-------------|-------------|-----------------|
| **KYC** | Onboarding for compliance. | ID Document Verification. | Liveness, Face Match 1:1, AML, NFC, PoA, Phone/Email Verification, Database Validation, Questionnaire, IP Analysis. |
| **Adaptive Age Verification** | Low-friction age gating. | Selfie-based Age Estimation. | Fallback to ID if age in buffer (e.g., 16-20 for 18+); IP Analysis. |
| **Biometric Authentication** | Re-verify returning users. | Liveness Detection. | Face Match to trusted template (pass `portrait_image` URL); Phone/Email Verification, IP Analysis. |
| **Address Verification** | Focus on PoA. | Proof of Address submission. | AI extraction/validation; Phone/Email Verification, IP Analysis. |
| **Questionnaire Verification** | Collect attestations/forms. | Questionnaire. | Configurable sections/translations/fields/uploads; IP Analysis. |
##Customization
Adjust parameters for each feature in the builder.
##API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Adjust parameters for each feature in the builder.
##
API Integration Flow
1. Server POSTs to `/v2/session/` to create session.
2. Didit returns unique URL.
3. Redirect user to URL.
4. Didit handles steps and webhooks status to server.
5. Server updates and redirects to callback.
#Web App Integration
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Integrate Didit into web apps using redirect buttons or embedded iframes. Include `allow="camera; microphone; fullscreen; autoplay; encrypted-media"` for iframes.
##
Methods
- **Redirect Button**: User clicks to navigate to verification URL (from `/v2/session/` API).
- **Embedded Iframe**: Load verification URL inline.
Basic code examples and callback parameters are available, referencing `verification_url` from the Create Verification Session API (see Quick Start for API details).
#Unilinks (No-Code Verification Links)
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Unilinks are unique, no-code URLs for launching verifications without API integration. Suitable for simple use cases.
##
Introduction & Usage
- Create via Console for specific workflows.
- Distribute as links, QR codes, or buttons.
- Example Website Button: Embed a button linking to the Unilink.
##When to Use
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
- Quick prototypes or low-volume verifications.
- Avoid for high customization or scalable integrations (use API instead).
##
Comparison with API
- Unilinks: No-code, limited options.
- API: Full control, programmatic sessions.
Best practices include secure distribution and monitoring in Console.
#iOS & Android Integration
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Embed verification natively using WebViews (no dedicated SDKs). Create session via API, load URL in WebView, handle callbacks.
##
Overview
1. Create session (get `session_url`; specify callback like `myapp://didit-callback`).
2. Open URL in configured WebView.
3. Intercept callback via custom scheme.
##Common WebView Config
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
- User-Agent: Generic mobile (e.g., "Mozilla/5.0 (Linux; Android 10; Mobile) ...").
- Allow inline media playback without user gesture.
- Enable JavaScript and DOM storage (Android).
##
Code Examples
###iOS (Swift - WKWebView)
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
```swift
import UIKit
import WebKit
class VerificationViewController: UIViewController, WKNavigationDelegate {
private var webView: WKWebView!
override func viewDidLoad() {
super.viewDidLoad()
setupWebView()
}
private func setupWebView() {
let configuration = WKWebViewConfiguration()
configuration.allowsInlineMediaPlayback = true
configuration.mediaTypesRequiringUserActionForPlayback = []
webView = WKWebView(frame: view.bounds, configuration: configuration)
webView.navigationDelegate = self
webView.autoresizingMask = [.flexibleWidth, .flexibleHeight]
view.addSubview(webView)
webView.configuration.preferences.javaScriptEnabled = true
webView.customUserAgent = "Mozilla/5.0 (Linux; Android 10; Mobile) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
if let url = URL(string: "{session_url}") {
webView.load(URLRequest(url: url))
}
}
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
decisionHandler(.allow)
}
func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
decisionHandler(.allow)
}
}
```
Similar examples for Objective-C, Android (Java/Kotlin), React Native, and Flutter are provided in the docs, focusing on WebView setup and permissions.
##
Callback Handling
Use custom schemes; parse results and close WebView. Register in app manifests/plists.
##Mobile UX Best Practices
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
| Practice | Reason |
|----------|--------|
| Full-screen WebView | Prevents accidental exits. |
| Loading spinner | Improves perception. |
| Disable pull-to-refresh | Avoids navigation issues. |
| Session timeout | Handles incomplete flows. |
| Network check | Prevents failures. |
| Real-device testing | Simulator differences. |
| Back button handling | Cancel or return gracefully. |
Demo repos: Expo (React Native), Flutter.
#
Webhooks
Configure webhooks for real-time session updates.
##Introduction
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Receive notifications on status changes. Events:
| Event | Trigger |
|-------|---------|
| **status.updated** | Any status change (includes initial start). |
| **data.updated** | Manual KYC/POA updates via API. |
Payload includes `webhook_type`; final statuses add `decision` object.
##
Configuration
1. Set up team/app (Quick Start steps 1-2).
2. In Console (**Verification Settings**): Add HTTPS endpoint, copy Webhook Secret Key.
- Cloudflare: Whitelist IP `18.203.201.92`.
##Payload Structure
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
| Field | Description |
|-------|-------------|
| `session_id` | UUID of session. |
| `status` | Current status (e.g., In Progress). |
| `webhook_type` | Event type. |
| `created_at` | Event timestamp (Unix). |
| `timestamp` | Delivery timestamp (Unix). |
| `workflow_id` | Workflow UUID (optional). |
| `vendor_data` | Internal ID (optional). |
| `metadata` | Attached JSON (optional). |
Final payloads include `decision` with details like features, images, warnings.
##
HMAC Validation
Headers: `X-Signature` (HMAC-SHA256 of raw body), `X-Timestamp`.
Validate: Check existence, timestamp (±5 min), compute HMAC, constant-time compare.
##Retry Policy
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
- Retry on 5xx/404 with exponential backoff (1 min, then 4 min).
- Abandons after two failures; logs in dashboard.
##
Language Examples
Full code for Node.js (Express), Python (FastAPI), PHP (Laravel) including validation and DB upserts.
##Example Payloads
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
- Non-final (e.g., In Progress): Basic fields.
- Final (e.g., Declined): Adds detailed `decision` with images, warnings, etc.
#
Verification Statuses
Manage KYC with these statuses and reasons.
| Status | Description |
|--------------|-------------|
| Not Started | Process not initiated. |
| In Progress | User submitting info. |
| Approved | All checks passed. |
| Declined | Issues with submissions. |
| Kyc Expired | Renewal needed after expiration. |
| In Review | Manual review required. |
| Expired | Session timed out. |
| Abandoned | Incomplete within timeframe. |
Decision reasoning ties to descriptions (e.g., Declined due to non-meeting requirements).
#Rate Limiting
Multi-layer limits for API stability, allowing bursts.
##Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Multi-layer limits for API stability, allowing bursts.
##
Global Limits
- GET: 300/min per app.
- Write (POST/PATCH/DELETE): 300/min per app.
- 429 responses include headers: `X-RateLimit-Limit`, `-Remaining`, `-Reset`, `Retry-After`.
##Endpoint-Specific
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session//decision/ etc. | 100/min | Prevents polling abuse. |
| session-generate-pdf | GET /session//generate-pdf/ | 100/min | CPU-intensive. |
##Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
| Scope | Endpoint(s) | Limit | Notes |
|------------------------|--------------------------------------|-------|-------|
| session-v2-create:free | POST /v2/session/ | 5/min | For free workflows. |
| session-v2-create:paid | POST /v2/session/ | 600/min | For paid. |
| session-decision | GET /v2/session/
| session-generate-pdf | GET /session/
##
Best Practices
- Throttle on low remaining.
- Exponential backoff on 429s.
- Log retries.
Contact support for overrides.
#Pricing
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Prepaid USD credits (no expiry, no fees/minimums). Deducted only on successful verifications. Core KYC free forever.
##
Free Services
Unlimited: ID Verification (220+ countries), NFC, Document Monitoring, Reusable KYC, IP Analysis, Face Match 1:1, Passive Liveness.
##Premium Workflow Features
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Sum of enabled features per session.
| Feature | Description | Price |
|----------------------|-------------|-------|
| Active Liveness | Enhanced spoof prevention. | $0.15 |
| Biometric Authentication | Re-verify users. | $0.10 |
| Phone Verification | Fraud prevention. | $0.10 |
| Email Verification | Risk detection. | $0.03 |
| Age Estimation | Facial + ID fallback. | $0.10 |
| AML Screening | Watchlists/PEP. | $0.35 |
| AML Monitoring | Ongoing. | $0.07/year |
| Proof of Address | Document validation. | $0.50 |
| Questionnaire | Custom forms. | $0.10 |
| Database Validation | Government checks. | Varies by country |
| Whitelabel | Branding. | $0.30 |
##
Database Validation (Workflows)
Per successful match; 1x1/2x2 matching.
| Country | 1x1 | 2x2 |
|------------------|-----|-----|
| Argentina | $0.20 | N/A |
| Bolivia | $0.20 | N/A |
| Brazil | $0.20 | N/A |
| Chile | $0.20 | N/A |
| Colombia | $0.20 | N/A |
| Costa Rica | $0.20 | N/A |
| Dominican Republic | $0.05 | N/A |
| Ecuador | $0.20 | $0.30 |
| El Salvador | $0.20 | N/A |
| Guatemala | $0.20 | N/A |
| Honduras | $0.20 | N/A |
| Mexico | $0.20 | N/A |
| Panama | $0.20 | N/A |
| Paraguay | $0.20 | N/A |
| Peru | $0.20 | $0.30 |
| Spain | $0.20 | N/A |
| Uruguay | $0.20 | N/A |
| Venezuela | $0.20 | N/A |
##Standalone API Pricing
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##Business Model
- Prepaid credits: Buy packages; bonuses for volume (e.g., $68k purchase = $100k value, 32% discount).
- Free Plan: Unlimited core KYC.
- Enterprise: Dedicated support, custom SLAs.
- No contracts/fees; charges only on finished sessions.
Per successful call.
| API | Description | Price |
|----------------------|-------------|-------|
| Face Match | 1:1 comparison. | $0.05 |
| Face Search | Database search. | $0.05 |
| Age Estimation | Facial. | $0.10 |
| ID Verification | Documents. | $0.20 |
| Proof of Address | Residential. | $0.50 |
| AML Screening | Watchlists. | $0.35 |
| Passive Liveness | Spoof detection. | $0.05 |
| Phone Verification | Fraud check. | $0.10 |
| Email Verification | Risk check. | $0.03 |
| Database Validation | Authoritative. | Varies |
##
