Didit Identity Verification Platform

The single skill for the entire Didit verification platform. Covers account creation, session management, workflow configuration, questionnaires, user management, billing, blocklist, and webhook configuration — 45+ endpoints across 9 categories.

For standalone verification APIs (ID scan, liveness, face match, AML, etc.), see the individual didit-* skills.

API Reference Links:

- Account Setup: Register | Verify Email | Login | Get Credentials
Sessions: Create | Retrieve | List | Delete | Update Status | PDF | Share | Import
Workflows: Create | List | Get | Update | Delete
Questionnaires: Create | List | Get | Update | Delete
Users: List | Get | Update | Delete
Billing: Balance | Top Up
Blocklist: Add | Remove | List
Session Operations: Batch Delete | List Reviews | Create Review
Webhook Config: Get | Update
Guides: Programmatic Registration | Webhooks | AI Agent Integration | API Overview

Getting Started — Zero to Verifying

Go from nothing to a live verification link in 4 API calls, no browser needed:

CODEBLOCK0

To add credits: GET /v3/billing/balance/ to check, POST /v3/billing/top-up/ with {"amount_in_dollars": 50} for a Stripe checkout link.

Authentication

Two auth schemes are used across the platform:

Endpoints	Auth	Header
Register, Verify Email, Login	None	(unauthenticated)
List Organizations, Get Credentials

Get your api_key via programmatic registration (above) or from Didit Business Console → API & Webhooks.

Account Setup

Base URL: INLINECODE7

1. Register

CODEBLOCK1

Body	Type	Required	Description
INLINECODE8	string	Yes	Any email address
INLINECODE9

string | Yes | Min 8 chars, 1 upper, 1 lower, 1 digit, 1 special |

Response (201): INLINECODE10

Rate limit: 5 per IP per hour.

2. Verify Email & Get Credentials

CODEBLOCK2

Body	Type	Required	Description
INLINECODE11	string	Yes	Same email from register
INLINECODE12

string | Yes | 6-character alphanumeric OTP from email |

Response (200):

CODEBLOCK3

application.api_key is the x-api-key for all subsequent calls.

3. Login (Existing Accounts)

CODEBLOCK4

Body	Type	Required	Description
INLINECODE15	string	Yes	Account email
INLINECODE16

string | Yes | Account password |

Response (200): INLINECODE17

Progressive lockout: 5 fails = 15min, 10 = 1hr, 20 = 24hr.

4. List Organizations

CODEBLOCK5

Auth: INLINECODE18

Response (200): Array of INLINECODE19

5. Get Application Credentials

CODEBLOCK6

Auth: INLINECODE20

Response (200): {"uuid": "...", "client_id": "...", "api_key": "..."}

Workflows

Base URL: INLINECODE22

Workflows define verification steps, thresholds, and accepted documents. Each has a UUID used as workflow_id when creating sessions.

Workflow Types:

Type	Purpose	Typical Features
INLINECODE24	Full identity verification (ID + selfie)	ID Verification, Liveness, Face Match, AML, NFC
INLINECODE25

Features (toggleable per workflow): ID Verification, Liveness, Face Match, NFC, AML, Phone, Email, Proof of Address, Database Validation, IP Analysis, Age Estimation, Questionnaire.

1. List Workflows

CODEBLOCK7

Response (200): Array of workflow objects with uuid, workflow_label, workflow_type, is_default, features, total_price.

2. Create Workflow

CODEBLOCK8

Body	Type	Default	Description
INLINECODE37	string	auto	Display name
INLINECODE38

string | kyc | Workflow template type |
| is_default | boolean | false | Set as default |
| is_liveness_enabled | boolean | false | Liveness detection |
| face_liveness_method | string | passive | "passive", "active_3d", "flashing" |
| face_liveness_score_decline_threshold | integer | 50 | Below this → auto-decline |
| is_face_match_enabled | boolean | false | Selfie-to-document match |
| face_match_score_decline_threshold | integer | 50 | Below this → auto-decline |
| face_match_score_review_threshold | integer | 70 | Below this → manual review |
| is_aml_enabled | boolean | false | AML/PEP/sanctions screening |
| aml_decline_threshold | integer | 80 | Above this → auto-decline |
| is_phone_verification_enabled | boolean | false | Phone verification step |
| is_email_verification_enabled | boolean | false | Email verification step |
| is_database_validation_enabled | boolean | false | Gov database validation |
| is_ip_analysis_enabled | boolean | false | IP risk analysis |
| is_nfc_enabled | boolean | false | NFC chip reading (mobile only, ePassports) |
| is_age_restrictions_enabled | boolean | false | Enable per-country age restrictions (for adaptive_age_verification) |
| documents_allowed | object | {} | Restrict accepted countries/doc types (empty = accept all) |
| duplicated_user_action | string | no_action | no_action, review, decline (set after creation via update) |
| max_retry_attempts | integer | 3 | Max retries per session |
| retry_window_days | integer | 7 | Days within which retries are allowed |

Response (201): Workflow object with uuid.

CODEBLOCK9

3. Get Workflow

CODEBLOCK10

4. Update Workflow

CODEBLOCK11

Partial update — only send fields to change.

5. Delete Workflow

CODEBLOCK12

Response: 204 No Content. Existing sessions are not affected.

Sessions

Base URL: INLINECODE87

Sessions are the core unit of verification. Every verification starts by creating a session linked to a workflow.

Lifecycle: INLINECODE88

Statuses: Not Started, In Progress, In Review, Approved, Declined, Abandoned, Expired, INLINECODE96

Rate limits: 300 req/min per method. Session creation: 600/min. Decision polling: 100/min.

1. Create Session

CODEBLOCK13

Body	Type	Required	Description
INLINECODE97	uuid	Yes	Workflow UUID
INLINECODE98

Response (201):

CODEBLOCK14

Send the user to url to complete verification.

2. Retrieve Session (Get Decision)

CODEBLOCK15

Returns all verification results. Image URLs expire after 60 minutes.

Response (200): Full decision with status, features, id_verifications, liveness_checks, face_matches, aml_screenings, phone_verifications, email_verifications, poa_verifications, database_validations, ip_analyses, reviews.

3. List Sessions

CODEBLOCK16

Query	Type	Default	Description
INLINECODE140	string	—	Filter by your user identifier
INLINECODE141

Response (200): Paginated list with count, next, previous, results[].

4. Delete Session

CODEBLOCK17

Response: 204 No Content. Permanently deletes all associated data.

5. Batch Delete Sessions

CODEBLOCK18

Body	Type	Description
INLINECODE156	array	List of session numbers to delete
INLINECODE157

boolean | Delete all sessions (use with caution) |

6. Update Session Status

CODEBLOCK19

Body	Type	Required	Description
INLINECODE158	string	Yes	INLINECODE159, `"Declined"`, or INLINECODE161
INLINECODE162

string | No | Reason for change |
| send_email | boolean | No | Send notification email |
| email_address | string | Conditional | Required when send_email is true |
| email_language | string | No | Email language (default: "en") |
| nodes_to_resubmit | array | No | For Resubmitted: [{"node_id": "feature_ocr", "feature": "OCR"}] |

Resubmit requires session to be Declined, In Review, or Abandoned.

7. Generate PDF Report

CODEBLOCK20

Rate limit: 100 req/min.

8. Share Session

CODEBLOCK21

Generates a share_token for B2B KYC sharing. Only works for finished sessions.

9. Import Shared Session

CODEBLOCK22

Body	Type	Required	Description
INLINECODE172	string	Yes	Token from sharing partner
INLINECODE173

A session can only be imported once per partner application.

10. List Session Reviews

CODEBLOCK23

Response (200): Array of review activity items:

CODEBLOCK24

11. Create Session Review

CODEBLOCK25

Body	Type	Required	Description
INLINECODE178	string	Yes	INLINECODE179, `"Declined"`, or INLINECODE181
INLINECODE182

string | No | Review note |

Response (201): The created review item.

Blocklist

Block entities from a session to auto-decline future matches.

1. Add to Blocklist

CODEBLOCK26

Body	Type	Required	Description
INLINECODE183	uuid	Yes	Session to blocklist items from
INLINECODE184

Warning tags on match: FACE_IN_BLOCKLIST, ID_DOCUMENT_IN_BLOCKLIST, PHONE_NUMBER_IN_BLOCKLIST, INLINECODE191

2. Remove from Blocklist

CODEBLOCK27

Same structure with unblock_face, unblock_document, unblock_phone, unblock_email.

3. List Blocklist

CODEBLOCK28

Query	Type	Description
INLINECODE196	string	INLINECODE197, `"document"`, `"phone"`, `"email"`. Omit for all.

Questionnaires

Custom forms attached to verification workflows. Support 7 element types: short_text, long_text, multiple_choice, checkbox, file_upload, date, number.

1. List Questionnaires

CODEBLOCK29

2. Create Questionnaire

CODEBLOCK30

Body	Type	Required	Description
INLINECODE208	string	Yes	Display title
INLINECODE209

Form element:

Field	Type	Required	Description
INLINECODE213	string	Yes	One of the 7 types above
INLINECODE214

object | Yes | Translations: {"en": "Question?", "es": "¿Pregunta?"} |
| is_required | boolean | No | Mandatory answer |
| options | array | Conditional | Required for multiple_choice/checkbox |

CODEBLOCK31

3. Get Questionnaire

CODEBLOCK32

4. Update Questionnaire

CODEBLOCK33

5. Delete Questionnaire

CODEBLOCK34

Response: 204 No Content.

Users

Manage verified individuals identified by vendor_data.

1. List Users

CODEBLOCK35

Query	Type	Description
INLINECODE222	string	INLINECODE223, `Declined`, `In Review`, INLINECODE226
INLINECODE227

Response (200): Paginated list with vendor_data, full_name, status, session_count, issuing_states, approved_emails, approved_phones.

2. Get User

CODEBLOCK36

3. Update User

CODEBLOCK37

Body	Type	Description
INLINECODE238	string	Custom display name
INLINECODE239

4. Batch Delete Users

CODEBLOCK38

Body	Type	Description
INLINECODE244	array	List of vendor_data strings
INLINECODE245

boolean | Delete all users |

Billing

1. Get Credit Balance

CODEBLOCK39

Response (200):

CODEBLOCK40

2. Top Up Credits

CODEBLOCK41

Body	Type	Required	Description
INLINECODE246	number	Yes	Minimum $50
INLINECODE247

Response (200):

CODEBLOCK42

Present checkout_session_url to the user for payment.

Webhook Configuration

Set up webhooks programmatically — no console needed.

1. Get Webhook Configuration

CODEBLOCK43

Response (200):

CODEBLOCK44

Field	Type	Description
INLINECODE250	string/null	URL where notifications are sent (`null` if not configured)
INLINECODE252

2. Update Webhook Configuration

CODEBLOCK45

Body	Type	Required	Description
INLINECODE263	string/null	No	URL for notifications (set `null` to disable)
INLINECODE265

Example — set webhook URL:

CODEBLOCK46

Example — rotate secret:

CODEBLOCK47

Example — disable webhooks:

CODEBLOCK48

Response (200): Same shape as GET — returns the updated configuration.

Webhook Events & Signatures

Didit sends POST requests to your webhook URL when session status changes. Retries up to 2 times with exponential backoff (1 min, 4 min).

Payload

CODEBLOCK49

Event types: status.updated (status change), data.updated (KYC/POA data manually updated).

Signature Verification (V2 — recommended)

Two headers: X-Signature-V2 (HMAC-SHA256 hex) and X-Timestamp (Unix seconds).

CODEBLOCK50

Simple Signature (Fallback)

Header: X-Signature-Simple — HMAC of key fields only.

CODEBLOCK51

Error Responses (All Endpoints)

Code	Meaning	Action
INLINECODE283	Invalid request	Check required fields and formats
INLINECODE284

Common Workflows

Full KYC Onboarding

CODEBLOCK52

Programmatic Review + Blocklist

CODEBLOCK53

B2B KYC Sharing

CODEBLOCK54

Check Balance Before Sessions

CODEBLOCK55

Questionnaire + Workflow

CODEBLOCK56

Utility Scripts

setup_account.py — Register and verify accounts

CODEBLOCK57

manage_workflows.py — CRUD workflows

CODEBLOCK58

create_session.py — Create verification sessions

CODEBLOCK59

All scripts can be imported as libraries:

CODEBLOCK60

Didit 身份验证平台

涵盖整个 Didit 验证平台的单一技能。包括账户创建、会话管理、工作流配置、问卷、用户管理、计费、黑名单和 Webhook 配置——涵盖 9 个类别共 45+ 个端点。

如需独立的验证 API（身份证扫描、活体检测、人脸匹配、反洗钱等），请参阅单独的 didit-* 技能。

API 参考链接：

- 账户设置： 注册 | 验证邮箱 | 登录 | 获取凭证
会话： 创建 | 获取 | 列表 | 删除 | 更新状态 | PDF | 分享 | 导入
工作流： 创建 | 列表 | 获取 | 更新 | 删除
问卷： 创建 | 列表 | 获取 | 更新 | 删除
用户： 列表 | 获取 | 更新 | 删除
计费： 余额 | 充值
黑名单： 添加 | 移除 | 列表
会话操作： 批量删除 | 审核列表 | 创建审核
Webhook 配置： 获取 | 更新
指南： 程序化注册 | Webhooks | AI 代理集成 | API 概述

快速入门——从零到验证

只需 4 次 API 调用即可从零获得一个实时验证链接，无需浏览器：

python
import requests

1. 注册（任意邮箱，无需企业邮箱）

requests.post(https://apx.didit.me/auth/v2/programmatic/register/, json={email: you@gmail.com, password: MyStr0ng!Pass})

2. 查看邮箱中的 6 位 OTP，然后验证 → 获取 api_key

resp = requests.post(https://apx.didit.me/auth/v2/programmatic/verify-email/, json={email: you@gmail.com, code: A3K9F2}) apikey = resp.json()[application][apikey] headers = {x-api-key: api_key, Content-Type: application/json}

3. 创建 KYC 工作流

wf = requests.post(https://verification.didit.me/v3/workflows/, headers=headers, json={workflowlabel: My KYC, workflowtype: kyc, islivenessenabled: True, isfacematch_enabled: True}).json()

4. 创建会话 → 将用户发送到该 URL

session = requests.post(https://verification.didit.me/v3/session/, headers=headers, json={workflowid: wf[uuid], vendordata: user-123}).json() print(f将用户发送至：{session[url]})

如需添加积分： 使用 GET /v3/billing/balance/ 检查余额，使用 POST /v3/billing/top-up/ 并传入 {amountindollars: 50} 获取 Stripe 结账链接。

身份认证

整个平台使用两种认证方案：

端点	认证方式	请求头
注册、验证邮箱、登录	无	（未认证）
列出组织、获取凭证

通过程序化注册（如上）或从 Didit 业务控制台 → API 和 Webhooks 获取您的 apikey。

账户设置

基础 URL： https://apx.didit.me/auth/v2

1. 注册

POST /programmatic/register/

请求体	类型	必填	描述
email	string	是	任意邮箱地址
password

string | 是 | 至少 8 个字符，包含 1 个大写字母、1 个小写字母、1 个数字、1 个特殊字符 |

响应 (201)： {message: 注册成功..., email: ...}

速率限制：每个 IP 每小时 5 次。

2. 验证邮箱并获取凭证

POST /programmatic/verify-email/

请求体	类型	必填	描述
email	string	是	与注册时相同的邮箱
code

string | 是 | 邮箱中收到的 6 位字母数字 OTP |

响应 (200)：

json
{
access_token: eyJ...,
refresh_token: eyJ...,
expires_in: 86400,
organization: {uuid: ..., name: ...},
application: {uuid: ..., clientid: ..., apikey: YOURKEYHERE}
}

application.api_key 是所有后续调用的 x-api-key。

3. 登录（已有账户）

POST /programmatic/login/

请求体	类型	必填	描述
email	string	是	账户邮箱
password

string | 是 | 账户密码 |

响应 (200)： {accesstoken: ..., refreshtoken: ..., expires_in: 86400}

渐进式锁定：5 次失败 = 15 分钟，10 次 = 1 小时，20 次 = 24 小时。

4. 列出组织

GET /organizations/me/

认证： Authorization: Bearer

响应 (200)： {uuid: ..., name: ..., contact_email: ...} 数组

5. 获取应用凭证

GET /organizations/me/{orgid}/applications/{appid}/

认证

didit-verification-management身份验证管理

didit-verification-management

Didit Identity Verification Platform

Getting Started — Zero to Verifying

Authentication

Account Setup

1. Register

2. Verify Email & Get Credentials

3. Login (Existing Accounts)

4. List Organizations

5. Get Application Credentials

Workflows

1. List Workflows

2. Create Workflow

3. Get Workflow

4. Update Workflow

5. Delete Workflow

Sessions

1. Create Session

2. Retrieve Session (Get Decision)

3. List Sessions

4. Delete Session

5. Batch Delete Sessions

6. Update Session Status

7. Generate PDF Report

8. Share Session

9. Import Shared Session

10. List Session Reviews

11. Create Session Review

Blocklist

1. Add to Blocklist

2. Remove from Blocklist

3. List Blocklist

Questionnaires

1. List Questionnaires

2. Create Questionnaire

3. Get Questionnaire

4. Update Questionnaire

5. Delete Questionnaire

Users

1. List Users

2. Get User

3. Update User

4. Batch Delete Users

Billing

1. Get Credit Balance

2. Top Up Credits

Webhook Configuration

1. Get Webhook Configuration

2. Update Webhook Configuration

Webhook Events & Signatures

Payload

Signature Verification (V2 — recommended)

Simple Signature (Fallback)

Error Responses (All Endpoints)

Common Workflows

Full KYC Onboarding

Programmatic Review + Blocklist

B2B KYC Sharing

Check Balance Before Sessions

Questionnaire + Workflow

Utility Scripts

setup_account.py — Register and verify accounts

manage_workflows.py — CRUD workflows

create_session.py — Create verification sessions

Didit 身份验证平台

快速入门——从零到验证

1. 注册（任意邮箱，无需企业邮箱）

2. 查看邮箱中的 6 位 OTP，然后验证 → 获取 api_key

3. 创建 KYC 工作流

4. 创建会话 → 将用户发送到该 URL

身份认证

账户设置

1. 注册

2. 验证邮箱并获取凭证

3. 登录（已有账户）

4. 列出组织

5. 获取应用凭证

标签

通过对话安装