Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
For telehealth, patient portals, and pharmacies

Verify patients and prescribers under HIPAA.

Identity, age, and DEA-registration checks on every patient and prescriber. Ready for telehealth, e-prescription, and controlled-substance flows. HIPAA-friendly architecture.

Start freeTalk to sales
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Didit healthcare workflow showing patient identity verification and prescriber KYB in one session.

Built for healthcare

HIPAA-aware identity.
Telehealth without friction.

Document, Liveness and Face Match in seconds. SOC 2 Type 1, EU + US data residency, audit-trail export on every session.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Compose a workflow

    Pick the modules your vertical needs in the Workflow Builder. ID Verification, Passive Liveness, Face Match, AML Screening, Device & IP Analysis, Proof of Address, AML monitoring, Biometric Authentication — one toggle each. No code.

  2. Step 02

    Open a session

    POST /v3/session/ with workflow_id and your vendor_data. Get a session_url back, redirect the user. Same call across web, iOS, Android, React Native, Flutter.

  3. Step 03

    Verify + decide

    Hosted UI captures the document, runs liveness, matches the face, screens AML lists, all in parallel. Verdict returned in sub-2 seconds. Risk policy decides Approve, Review, or Decline per application.

  4. Step 04

    Monitor + remediate

    Webhook on every status change with X-Signature-V2 verification. Ongoing AML hits stream into Case Management. Transaction Monitoring flags high-risk transfers and auto-triggers re-KYC for the user.

Built for developers · Built against fraud · Open by design

Every module you need for for telehealth, patient portals, and pharmacies. One workflow.

Twenty-five published modules in a single Workflow Builder. Each is a toggle on the same /v3/session/ endpoint — no upsell tiers, no separate SKUs, no add-on calls.
See pricingRead the docs
01 · Onboarding

Full KYC (know your customer) in under two seconds.

ID Verification, Passive Liveness, Face Match, and Device & IP Analysis on every session. iBeta Presentation Attack Detection (PAD) Level 1 certified. Sub-2-second end-to-end inference, $0.33 per bundled KYC, 500 free every month.
Read the docs
Session reportJSON · webhook
  • session_idses_3daf4c64
  • vendor_datauser-42891
  • countryESP
  • document_typeIdentity Card
  • full_nameCarmen Espanola
  • date_of_birth1980-01-01
  • expiration_date2031-06-02
02 · Compose

One workflow. Every module. One invoice.

Twenty-five published modules in a single Workflow Builder. Toggle ID Verification, Liveness, Face Match, AML, Proof of Address, Biometric Authentication — and the per-vertical extras your jurisdiction requires — without engineering work.
Browse modules
Module compositionone workflow
  • ID Verification$0.15
  • Passive Liveness$0.10
  • Face Match 1:1$0.05
  • AML Screening$0.20
  • Device & IP Analysis$0.03
  • Proof of Address$0.20
03 · AML

1,300+ sanction, PEP, and adverse-media lists.

AML Screening at $0.20 per check, ongoing monitoring at $0.07 per user per year. Daily delta refresh across 14 languages. Suspicious Activity Report (SAR) workflow and Case Management built in. 6AMLD, Bank Secrecy Act, and FFIEC-aligned out of the box.
AML coverage
AML coverage1,300+ lists
  • OFAC Specially Designated Nationals0Clear
  • EU Consolidated Sanctions0Clear
  • UN Security Council0Clear
  • HMT (UK Treasury)0Clear
  • Politically Exposed Persons (PEP)1Hit
  • Adverse media · 30 day window0Clear
04 · Risk policy

Decide. Review. Approve. Per risk. Per application.

Every risk category — duplicate user, AML hit, device-intelligence high-risk, document liveness low, geolocation mismatch — maps to a configurable action. Tune the policy per application, per country, per document type, without redeploying.
Risk policyper-application
  • POSSIBLE_DUPLICATED_USERReview
  • AML_HIT_SANCTIONSDecline
  • AML_HIT_PEPReview
  • DEVICE_INTEL_HIGH_RISKReview
  • DOCUMENT_LIVENESS_LOWDecline
  • IP_GEOLOCATION_MISMATCHApprove
05 · Monitor

Catch fraud after the user is onboarded.

Real-time Transaction Monitoring with 11 seeded rule bundles — velocity, structuring, mule patterns, Financial Action Task Force (FATF) Travel Rule. AWAITING_USER auto-remediation triggers a re-KYC step for high-risk transfers without engineering work.
Transaction monitoring
Rule engine11 seeded bundles
  • Velocity · 5 txns / 60slive
  • Structuring detectionlive
  • Mule patternslive
  • FATF Travel Rulelive
  • AWAITING_USER auto-remediationlive
  • Geolocation mismatchlive
06 · Lifecycle

Authenticate. Verify. Monitor. One contract.

Every regulated customer touches all three stages. One API, one orchestrator, one invoice — from re-authentication of returning users through onboarding KYC + Know Your Business (KYB) through continuous Transaction Monitoring and Wallet Screening at $0.15 per check.
Full lifecycle
Full lifecycleone contract
Authenticate
Biometric AuthFace Search 1:NDevice & IP Analysis
Verify
ID VerificationLivenessAML ScreeningKYB
Monitor
Transaction MonitoringOngoing AMLWallet Screening
Integrate

Two endpoints. Same JSON. Same price.

One call kicks off the verification flow. The webhook closes it. Same shape whether you use the hosted UI or call the standalone endpoint.
POST /v3/session/Hosted UI
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_3daf4c64",
    "vendor_data": "user_42"
  }'
201Created{ "session_url": "https://verify.didit.me/?session_token=..." }
We host the capture UI. You redirect to session_url.Read the integration docs →
POST /v3/workflows/For telehealth, patient portals, and pharmacies bundle
$ curl -X POST https://verification.didit.me/v3/workflows/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -d '{
    "workflow_id": "wf_industry_starter",
    "features": ["ID_VERIFICATION", "LIVENESS", "FACE_MATCH", "IP_ANALYSIS"]
  }'
201Created{ "workflow_id": "wf_3daf4c64" }
Full KYC bundle. $0.33 per session. 500 free every month.Read the integration docs →
Agent-ready integration

Ship for telehealth, patient portals, and pharmacies onboarding in one prompt.

Paste the block below into Claude Code, Cursor, ChatGPT, or any coding agent via our MCP server. The agent reads it and writes the integration.
didit-integration-prompt.md
# Didit industry onboarding — integrate in 5 minutes

You are integrating Didit's identity + fraud stack into <my_stack>. Follow
these steps exactly. Every URL, header, and enum value below is canonical —
do not paraphrase or "improve" them.

## 1. Provision an account
- Sign up: https://business.didit.me (no credit card required).
- Or provision programmatically: POST https://apx.didit.me/auth/v2/programmatic/register/
  (returns an API key bound to the workspace + application).

## 2. Compose a workflow for your vertical
Create a workflow with the modules your vertical needs:
  POST https://verification.didit.me/v3/workflows/
  Header:  x-api-key: <your-api-key>
  Body:    workflow_label, features array — UPPERCASE enum values

Recommended starter bundle (full KYC):
  [
    { "feature": "ID_VERIFICATION" },
    { "feature": "LIVENESS" },
    { "feature": "FACE_MATCH" },
    { "feature": "IP_ANALYSIS" }
  ]

Add per-vertical modules from this list:
  AML_SCREENING, PROOF_OF_ADDRESS, NFC, AGE_ESTIMATION, BIOMETRIC_AUTH,
  PHONE_VERIFICATION, EMAIL_VERIFICATION, QUESTIONNAIRE, DATABASE_VALIDATION.

## 3. Create a verification session
POST https://verification.didit.me/v3/session/
Headers:
  x-api-key: <your-api-key>
  Content-Type: application/json
Body:
  {
    "workflow_id": "<wf_id_from_step_2>",
    "vendor_data": "<your_internal_user_id>",
    "callback":    "<your_webhook_url>"
  }
Response:
  {
    "session_id":  "ses_...",
    "session_url": "https://verify.didit.me/?session_token=...",
    "status":      "Not Started"
  }

Redirect the user to session_url. The hosted UI handles capture, lighting,
mobile handoff, and accessibility for you.

## 4. Webhooks
- Register a destination once via
  POST https://verification.didit.me/v3/webhook/destinations/
  Body: url, subscribed_events: ["session.verified", "session.review_started",
                                  "session.declined", "kyc_expired"]
- Response includes secret_shared_key — store it.
- Every webhook delivery carries an X-Signature-V2 header you MUST verify
  before trusting the payload. Algorithm:
    1. sortKeys(payload) recursively
    2. shortenFloats (truncate trailing zeros after the decimal point)
    3. JSON.stringify the result
    4. HMAC-SHA256 with the secret_shared_key
    5. Hex-encode, compare to the X-Signature-V2 header.

## 5. Read the report
The session payload returns one object per feature. Common fields:
  - status: "Approved" | "Declined" | "In Review" | "Expired" | "Not Finished"
  - id_verification.document_type, document_number, expiration_date
  - liveness.score (0-100), liveness.passed (boolean)
  - face_match.confidence (0-100), face_match.passed
  - aml.hits: array (sanctions / PEP / adverse-media matches)
  - ip_analysis.country, ip_analysis.risk_level
  - warnings: array of risk codes — each surfaces in the console's risk policy

## 6. Hard rules — do not change
- Base URL for /v3/* endpoints is verification.didit.me (NOT apx.didit.me).
- Feature enum is UPPERCASE (e.g. ID_VERIFICATION, LIVENESS, FACE_MATCH, AML_SCREENING).
- Auth header is x-api-key (lowercase, hyphenated).
- Webhook signature header is X-Signature-V2 (NOT X-Signature).
- Always verify webhook signatures before trusting payload data.
- Status casing matches exactly: "Approved", "Declined", "In Review",
  "Expired", "Not Finished" (title-cased, space-separated).

## 7. Pricing reference (public)
- Full KYC bundle (ID + Liveness + Face Match + IP): $0.33 per session
- AML Screening: $0.20 per check, ongoing $0.07 / user / year
- Wallet Screening: $0.15 per screen — or bring your own provider
- 500 free verifications every month, forever, on every account.

## 8. Verify your integration
- Sandbox starts on signup at https://business.didit.me — no separate flag.
- Switch to live: flip the application's environment toggle in console.

When in doubt: https://docs.didit.me
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

By the numbers.

Proof
  • $0.00
    Per full KYC (know your customer) bundle.
  • <0s
    End-to-end inference per session.
  • 0+
    Countries and territories supported.
  • 0
    Free verifications every month, forever.
Typical solutions by industry.

Healthcare

Telehealth providers, online pharmacies, prescription-management apps — HIPAA-aware patient identity plus per-session re-auth for controlled substances.
01 · Verification

Onboard. Confirm identity. Screen.

Confirm a new user is real, unique, and matches the document they present. Screen against 1,300+ sanctions, PEP (Politically Exposed Persons), and adverse-media lists in the same call. Confirm the patient is real and matches the insurance / prescription record. Passive Liveness keeps capture light for vulnerable patients; Device & IP Analysis catches doctor-shopping rings.
Verification
$0.33per verified patient
  • ID Verification500 free / mo$0.15
  • Passive Liveness500 free / mo$0.10
  • Face Match (1:1)500 free / mo$0.05
  • Device & IP Analysis500 free / mo$0.03
  • Duplicate DetectionFreeFree
  • Blocklisted UsersFreeFree
  • AML ScreeningOptional+$0.20
02 · Authentication

Re-verify at the sensitive moments.

A returning user re-confirms identity with a fresh selfie — same infrastructure as onboarding. Trigger on high-value, high-risk, or high-trust actions. Trigger biometric re-auth before controlled-substance prescriptions or telehealth visits — same selfie infrastructure, low friction for the returning patient.
Authentication
$0.10per session
  • Biometric Authentication$0.10
  • Duplicate DetectionFreeFree
  • Blocklisted UsersFreeFree
  • Phone VerificationOptional+Variable
  • Email VerificationOptional+$0.03

Headline totals show required modules only. Free anti-fraud signals never cost extra; optional and recommended modules are tagged. Volume discounts on Enterprise — talk to sales for a custom quote.

Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related pages

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page