Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
AML Screening

Screen any user.
Against 1,300+ global lists.

Screen any user or company against 1,300+ sanctions, PEP (politically exposed person), adverse-media, and watchlist databases. $0.20 per check, $0.07/user/year for ongoing monitoring. 500 free/month.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

1,300+ watchlists

PEPs, sanctions, adverse media.
All in one $0.20 call.

One call covers global sanctions, PEPs, relatives and close associates, adverse media, and warnings. Bundle it inside a full KYC, or refresh every user daily for $0.07 per year.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Create the workflow

    Pick the checks you want — ID, liveness, face match, sanctions, address, age, phone, email, custom questions. Drag them into a flow in the dashboard, or post the same flow to our API. Branch on conditions, run A/B tests, no code required.

  2. Step 02

    Integrate

    Embed natively with our Web, iOS, Android, React Native, or Flutter SDK. Redirect to a hosted page. Or just send your user a link — by email, SMS, WhatsApp, anywhere. Pick what fits your stack.

  3. Step 03

    User goes through the flow

    Didit hosts the camera, the lighting cues, the mobile hand-off, and accessibility. While the user is in the flow, we score 200+ fraud signals in real time and verify every field against authoritative data sources. Result in under two seconds.

  4. Step 04

    You receive the results

    Real-time signed webhooks keep your database in sync the moment a user is approved, declined, or sent to review. Poll the API on demand. Or open the console to inspect every session, every signal, and manage cases your way.

Built for compliance · Built against fraud · Open by design

Six capabilities. One feature flag. AML.

Every capability below is a toggle on the same module. No upsell tiers, no separate SKUs, no add-on calls. Switch them on per workflow in the console or pass them inline on the API call.
Read the docsGet an API key
01 · Coverage

1,300+ global lists. Sanctions, PEPs, adverse media, warnings.

Global sanctions (OFAC, EU, UN, HMT, and every G20 national list), PEPs across four levels plus their relatives and close associates, adverse-media news, regulatory enforcement, fitness and probity, insolvency, special-interest persons and entities, and your own custom lists. One call hits all of them — refreshed continuously.
02 · Entities

One module. People and companies.

Entity type `person` screens individuals against PEPs, sanctions, and adverse-media lists. Entity type `company` screens legal entities against sanctions, regulatory enforcement, and Ultimate Beneficial Owner (UBO) registries. Same call, same JSON, same $0.20 — chain it inside a Business Verification flow or run it before a B2B deal closes.
03 · PEP

PEP categorisation in four levels.

Every PEP hit is tagged Level 1 (heads of state, supreme-court judges, central bankers), Level 2 (parliamentarians, ambassadors, military leaders), Level 3 (mid-level civil servants), or Level 4 (relatives and close associates). Per-level actions in the console — auto-approve, route to review, or decline.
04 · Match scoring

Two scores. False positives drop out automatically.

Match Score (0–100, default threshold 93) decides whether the hit is the same person — weighted 60% name, 25% date of birth, 15% country. Risk Score (0–100) decides how risky it is — weighted 50% category, 30% country, 20% criminal. Reviewers see both scores plus source URL, sentiment, and document-number override in the console.
05 · Ongoing monitoring

Daily rescreen. $0.07 per user per year.

Toggle ongoing monitoring and we rescreen every enrolled user daily against the full 1,300+ list catalog. New sanction or PEP hit fires a webhook, flips the session status, surfaces the hit in the console with full audit trail. Same payload as the initial screen — no extra integration work.
06 · Regulators

FATF, AMLD6, OFAC, MiCA. Compliant by design.

Mapped to FATF (Financial Action Task Force) customer-due-diligence, the EU's 6th AML Directive, US OFAC sanctions enforcement, and MiCA (Markets in Crypto-Assets). Spain's Tesoro, Banco de España, and SEPBLAC have formally attested Didit as safer than in-person — the only such attestation in the market.
Integrate

Two endpoints. Same JSON. Same price.

Chain AML inside a KYC or KYB workflow when you want our hosted UI to drive the flow. Call the standalone API when you already have the entity fields. Same report shape either way.
POST /v3/session/Hosted UI
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_kyc_aml",
    "vendor_data": "user-42"
  }'
201Created{ "session_url": "verify.didit.me/..." }
Chain AML after an ID Verification step, or run it on its own.docs →
POST /v3/aml/Server to server
$ curl -X POST https://verification.didit.me/v3/aml/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -d '{
    "entity_type": "person",
    "full_name": "Carmen Espanola"
  }'
200OK{ "status": "Approved", "total_hits": 0 }
You own the identity inputs. We return the full hits inline.docs →
Agent-ready integration

Ship AML Screening in one prompt.

Paste the block below into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. Fill in the my_stack placeholder with your framework, language, and use case. The agent provisions Didit, creates the workflow, wires the webhook, and ships.
didit-integration-prompt.md
# Didit AML Screening — integrate in 5 minutes

You are integrating Didit's Anti-Money Laundering (AML) Screening module into
<my_stack>. Follow these steps exactly. Every URL, header, and enum value
below is canonical — do not paraphrase or "improve" them.

AML Screening covers four lookup categories on every call:
  - Sanctions (OFAC, EU, UN, HMT, and 1,300+ more global lists)
  - Politically Exposed Persons (PEPs) — Levels 1 through 4 + RCAs
  - Adverse Media — financial-crime news, court records, regulatory press
  - Warnings and Regulatory Enforcement, Insolvency, SIP / SIE lists

The same module screens BOTH persons and companies — set the
"entity_type" parameter to "person" or "company".

## 1. Provision an account
- Sign up: https://business.didit.me (no credit card required).
- Or provision programmatically: POST https://apx.didit.me/auth/v2/programmatic/register/
  (returns an API key bound to the workspace + application).

## 2. Two integration paths — pick one

### Path A — Workflow Builder (hosted UI / linked KYC)
Best when you want AML screened automatically as part of a verification
session. Run it alongside ID Verification, or chain it after a Know Your
Customer (KYC) check, or fire it on its own.

1. Create a workflow that contains the AML feature:
   POST https://verification.didit.me/v3/workflows/
   Authorization header:  x-api-key: <your-api-key>
   Body: workflow_label, features array with the entry
         { "feature": "AML" }     (UPPERCASE — strict enum)
   Optional per-workflow configuration:
     - match_score_threshold        (default 93)
     - approve_risk_threshold       (default 80)
     - review_risk_threshold        (default 100)
     - include_adverse_media        (default true; adds ~10s to the call)
     - include_ongoing_monitoring   (default false; +$0.07/user/year if on)
     - sanctions_categories         (subset of dataset enums)

2. Create a verification session for an end user:
   POST https://verification.didit.me/v3/session/
   Body: workflow_id (from step 1), vendor_data (your own user id),
         expected_details { first_name, last_name, date_of_birth,
                            nationality, document_number }.
   Response: session_url — redirect the user to it. If your workflow has
   only the AML feature and you already collected the identity fields,
   the session resolves server-side with no UI step.

3. Listen for webhook callbacks (see "Webhooks" below).

### Path B — Standalone server-to-server API
Best when you already have the screened entity's name + identifiers and
do not want a hosted session. Synchronous response, no webhook needed.

POST https://verification.didit.me/v3/aml/
Content-Type: application/json
Headers:
  x-api-key: <your-api-key>
Body (person):
  {
    "entity_type": "person",
    "full_name": "Carmen Espanola",
    "date_of_birth": "1980-01-01",
    "nationality": "ESP",
    "document_number": "CAA000000",
    "include_adverse_media": true,
    "include_ongoing_monitoring": false
  }
Body (company):
  {
    "entity_type": "company",
    "full_name": "Acme Holdings Ltd",
    "registration_number": "12345678",
    "incorporation_country": "GBR",
    "include_adverse_media": true
  }

Response: JSON report with status, hits, scores, and a warnings array.

## 3. Webhooks (Path A and Path B ongoing monitoring)
- Register a webhook destination once via
  POST https://verification.didit.me/v3/webhook/destinations/
  Body: url, subscribed_events: ["session.verified", "session.review_started",
                                  "session.declined", "aml.new_hit"]
- Response includes secret_shared_key — store it.
- Every webhook delivery carries an X-Signature-V2 header you MUST verify
  before trusting the payload.  HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature.Algorithm:
    1. sortKeys(payload) recursively
    2. shortenFloats (truncate trailing zeros after the decimal point)
    3. JSON.stringify the result
    4. HMAC-SHA256 with the secret_shared_key
    5. Hex-encode, compare to the X-Signature-V2 header.

## 4. Reading the report (both paths return the same shape)
The aml object includes:
- status: "Approved" | "Rejected" | "In Review" | "Not Started"
- total_hits: integer
- score: number 0-100 (overall AML risk score; highest non-False-Positive
  match risk score wins)
- screened_data: the inputs used for the lookup
- hits: array of matched entities. Each hit includes:
    - id, url, caption (matched display name)
    - datasets: which categories matched (PEP, PEP Level 1..4, Sanctions,
      Adverse Media, Warnings and Regulatory Enforcement, Fitness and
      Probity, SIP, SIE, Insolvency)
    - match_score (0-100, identity confidence — is it the same person)
    - risk_view.categories.score (0-100, entity risk if it IS a match)
    - sanction_matches, pep_matches, warning_matches,
      adverse_media_matches (typed arrays with list names, source URLs,
      legal basis, sanction program, sanctioning authority, publication
      dates, sentiment scores, etc.)
- warnings: Array<{ risk, log_type, short_description, long_description }>

Two-score system (the part most agents get wrong):
  1. Match Score answers "is this the same person we are screening".
     Below the match_score_threshold (default 93) the hit is a
     False Positive and excluded from the final status. At or above the
     threshold it is Unreviewed (a possible match).
  2. Risk Score answers "how risky is this entity if it IS a match".
     The session's final status comes from the highest risk score among
     non-False-Positive hits:
       - risk score below approve_risk_threshold (80)   => Approved
       - between approve and review                     => In Review
       - above review_risk_threshold (100)              => Declined

Warning codes you should branch on:
- POSSIBLE_MATCH_FOUND          (informational — at least one hit above the
                                 match threshold; review or auto-approve
                                 per your risk policy)
- COULD_NOT_PERFORM_AML_SCREENING  (KYC fields incomplete; session is held
                                 in In Review and re-triggered automatically
                                 once full_name, date_of_birth, issuing
                                 state and document_number are populated)

## 5. Hard rules — do not change
- Base URL for /v3/* endpoints is verification.didit.me (NOT apx.didit.me).
- Feature enum is UPPERCASE: AML, ID_VERIFICATION, LIVENESS, FACE_MATCH,
  IP_ANALYSIS. The AML feature flag is AML, not AML_SCREENING.
- Auth header is x-api-key (lowercase, hyphenated).
- Webhook signature header is X-Signature-V2 (NOT X-Signature).
- Always verify webhook signatures before trusting payload data.
- Status casing matches exactly: "Approved", "Rejected", "In Review",
  "Not Started" (title-cased, space-separated).
- entity_type is lowercase: "person" or "company".

## 6. Ongoing monitoring
- Toggle include_ongoing_monitoring=true on the workflow or the standalone
  request to enroll the screened entity in continuous AML monitoring.
- Didit rescreens every enrolled entity DAILY against the full 1,300+
  watchlist database (sanctions, PEPs, adverse media, warnings).
- A status change (new hit above review or decline threshold) fires the
  aml.new_hit webhook, flips the session status to In Review or Declined,
  and surfaces the hit in the Business Console with full audit trail.
- Billing: $0.07 per enrolled entity per year. Toggle off at any time
  from the Business Console — billing prorates to the day.

## 7. Pricing reference (public)
- AML Screening (one-time, per person OR per company): $0.20 per check
- Ongoing AML Monitoring: $0.07 per enrolled entity per year
- Bundled inside a full KYC workflow (ID + Liveness + Face Match + IP):
  $0.33 per session — AML is an add-on at the same $0.20 standalone price
- 500 free checks every month, forever, on every account.

## 8. Verify your integration
- Sandbox starts on signup at https://business.didit.me — no separate flag.
- Test names: deterministic synthetic entities returned in sandbox
  (Approved by default; canonical "PEP test name" returns an In Review
  with a Wikidata PEP hit so you can exercise the review queue).
- Switch to live: flip the application environment toggle in the console.

When in doubt: https://docs.didit.me/core-technology/aml-screening/overview
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

Proof numbers

Proof numbers
  • 0+
    Global sanctions, PEP, adverse-media, and watchlist sources.
  • Daily
    Rescreen cadence on every user enrolled in ongoing monitoring.
  • $0.00
    Per standalone AML check. Person or company.
  • $0.00
    Per enrolled user per year for continuous monitoring.
Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related modules

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page