Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Proof of Address

Verify any address.
From a bill, a bank, or a letter.

Verify residency from a utility bill, bank statement, government letter, or lease. We read the document, extract the address, match the name to the verified ID, and return a structured result. $0.20 per check, 500 free/month.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Bill + bank statement

Extract the address.
Match the name.

We read the document, extract the address and name, and cross-check both against the verified identity. Utility bill, bank statement, lease, tax letter — $0.20 per check.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Create the workflow

    Pick the checks you want — ID, liveness, face match, sanctions, address, age, phone, email, custom questions. Drag them into a flow in the dashboard, or post the same flow to our API. Branch on conditions, run A/B tests, no code required.

  2. Step 02

    Integrate

    Embed natively with our Web, iOS, Android, React Native, or Flutter SDK. Redirect to a hosted page. Or just send your user a link — by email, SMS, WhatsApp, anywhere. Pick what fits your stack.

  3. Step 03

    User goes through the flow

    Didit hosts the camera, the lighting cues, the mobile hand-off, and accessibility. While the user is in the flow, we score 200+ fraud signals in real time and verify every field against authoritative data sources. Result in under two seconds.

  4. Step 04

    You receive the results

    Real-time signed webhooks keep your database in sync the moment a user is approved, declined, or sent to review. Poll the API on demand. Or open the console to inspect every session, every signal, and manage cases your way.

Built for developers · Built against fraud · Open by design

Six capabilities. One feature flag. PROOF_OF_ADDRESS.

Every capability below is a toggle on the same module. No upsell tiers, no separate SKUs, no add-on calls. Switch them on per workflow or pass them inline on the API call.
Read the docsGet an API key
01 · Accepted documents

Bills, bank statements, government letters, leases.

Four buckets — utility bill (electricity, water, gas, internet, phone), bank statement (account, credit card, mortgage, loan), government-issued (tax assessment, voter card, residency certificate), and other (lease, employer letter, insurance, notarized affidavit). JPG, PNG, TIFF, or PDF up to 15 MB. Multi-page processed in one inference.
02 · Extraction + authenticity

Read every address field. Spot every forgery.

OCR (optical character recognition) pulls the raw address and normalises it into a structured object — street, city, region, postal code, address type. Latitude and longitude included. The same pass runs document-authenticity forensics: pixel-level tamper detection, copy-paste / clone-stamp residue, font + kerning inconsistency, AI-generated synthetic image signals, and metadata mismatch. Tampered documents land in `In Review` with a typed warning, not silently approved.
03 · Recency check

Configurable validity. 90 days by default.

Set the document-validity window per application — 30, 60, 90 days, or anything you choose. Default is 90. We extract the issue date and compare it to the submission timestamp; anything older than the threshold auto-declines with `EXPIRED_DOCUMENT`. Documents with no parseable issue date — or with a future-dated stamp — fire warnings you can route to manual review.
04 · Name match to KYC

The bill matches the ID. Or it does not.

Three name-mismatch warnings fire when the document name differs from the verified identity, the value you sent via API, or another proof-of-address in the same session. A configurable match threshold (typically 90–95%) tolerates middle-name and spelling variance. Each warning maps to Decline, Review, or Approve per application.
05 · Parsed structured address

OCR returns a string. Didit returns a schema.

Every response includes a parsed-address object — street, city, region, postal code, address type — plus raw coordinates. Drop it into your customer record, fraud model, or delivery routing. No regex, no post-processing, no per-country parser. Same shape whether the document was issued in the USA, Spain, Brazil, or Singapore.
06 · Compliance ready

AMLD6 and FATF Recommendation 10 evidence. $0.20 per check.

Address verification is mandated by AMLD6 (EU's 6th Anti-Money Laundering Directive) customer-due-diligence and FATF Recommendation 10. Every verdict ships with a signed document URL, an audit-ready warnings array, and PDF overlay-manipulation forensics — your compliance officer has the evidence pack on tap. Public pay-per-call pricing, no contract.
Integrate

Two endpoints. Same JSON. Same price.

Create a session when you want our hosted UI to handle capture and multi-page upload. Call the standalone endpoint when you already have the document. Same report shape either way.
POST /v3/session/Hosted UI
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_poa_eu",
    "vendor_data": "user-42"
  }'
201Created{ "session_url": "verify.didit.me/..." }
We host the capture UI. Multi-page PDF + auto-capture handled for you.docs →
POST /v3/poa/Server to server
$ curl -X POST https://verification.didit.me/v3/poa/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -F "document=@utility-bill.pdf" \
  -F "full_name=John A. Smith"
200OK{ "status": "Approved", "document_type": "BANK_STATEMENT" }
You own the capture. We return the full report inline.docs →
Agent-ready integration

Ship Proof of Address in one prompt.

Paste the block below into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. Fill in the my_stack placeholder with your framework, language, and use case. The agent provisions Didit, creates the workflow, wires the webhook, and ships.
didit-integration-prompt.md
# Didit Proof of Address — integrate in 5 minutes

You are integrating Didit's Proof of Address (PoA) module into <my_stack>.
Follow these steps exactly. Every URL, header, and enum value below is
canonical — do not paraphrase or "improve" them.

## 1. Provision an account
- Sign up: https://business.didit.me (no credit card required).
- Or provision programmatically: POST https://apx.didit.me/auth/v2/programmatic/register/
  (returns an API key bound to the workspace + application).

## 2. Two integration paths — pick one

### Path A — Workflow Builder (hosted UI)
Best when you want Didit to handle document capture, multi-page upload,
auto-capture, mobile handoff, and accessibility for you.

1. Create a workflow that contains the PROOF_OF_ADDRESS feature:
   POST https://verification.didit.me/v3/workflows/
   Authorization header:  x-api-key: <your-api-key>
   Body: workflow_label, features array with the single entry
         { feature: "PROOF_OF_ADDRESS" }   (UPPERCASE — strict enum)
   Optional config: accepted document_type filters
   (UTILITY_BILL, BANK_STATEMENT, GOVERNMENT_ISSUED_DOCUMENT,
   OTHER_POA_DOCUMENT) and per-warning threshold overrides.

2. Create a verification session for an end user:
   POST https://verification.didit.me/v3/session/
   Body: workflow_id (from step 1), vendor_data (your own user id).
   Response: session_url — redirect the user to it.

3. Listen for webhook callbacks (see "Webhooks" below).

### Path B — Standalone server-to-server API
Best when you already have a captured document image or PDF (mobile SDK
capture, native onboarding app, reseller pipeline).

POST https://verification.didit.me/v3/poa/
Content-Type: multipart/form-data
Body fields:
  - document     (required, file — JPG, JPEG, PNG, TIFF, or PDF, <= 15 MB)
  - vendor_data  (optional string, your user id)
  - full_name    (optional string, name to cross-check against the document)
  - address      (optional string, address to cross-check against the document)

Response: JSON report with the parsed address, document_type, issuer,
issue_date, name_on_document, and a warnings array.

## 3. Webhooks (Path A only — Path B returns synchronously)
- Register a webhook destination once via
  POST https://verification.didit.me/v3/webhook/destinations/
  Body: url, subscribed_events: ["session.verified", "session.review_started",
                                  "session.declined"]
- Response includes secret_shared_key — store it.
- Every webhook delivery carries an X-Signature-V2 header you MUST verify
  before trusting the payload.  HMAC-SHA256 verification MUST run against the raw body bytes (the raw payload as Didit sent it) BEFORE any JSON parsing — re-serialising the parsed body changes whitespace and key order, which invalidates the signature.Algorithm:
    1. sortKeys(payload) recursively
    2. shortenFloats (truncate trailing zeros after the decimal point)
    3. JSON.stringify the result
    4. HMAC-SHA256 with the secret_shared_key
    5. Hex-encode, compare to the X-Signature-V2 header.

## 4. Reading the report (both paths return the same shape)
The poa object includes:
- status: "Approved" | "Declined" | "In Review" | "Not Finished"
- issuing_state: ISO 3166-1 alpha-3 country code
- document_type: "UTILITY_BILL" | "BANK_STATEMENT" |
                 "GOVERNMENT_ISSUED_DOCUMENT" | "OTHER_POA_DOCUMENT" |
                 "UNKNOWN"
- issuer: string (the issuing institution or company)
- issue_date: YYYY-MM-DD
- expiration_date: YYYY-MM-DD or null
- document_language: ISO 639-1 language code
- name_on_document: string (full name extracted from the document)
- poa_address: raw extracted address string
- poa_formatted_address: normalized human-readable address string
- poa_parsed_address: structured object with street_1, street_2, city,
  region, postal_code, address_type, and raw_results.geometry.location
  (lat / lng for geocoding)
- document_file: signed URL to the captured document (expires in 60 minutes)
- document_metadata: optional file_size, content_type, creation_date,
  modified_date, and overlay_manipulation forensic block for PDFs (detected
  flag, signals such as duplicate_font_subset or glyph_fragmentation, and
  manipulated_regions in PDF page coordinates)
- warnings: Array<{ risk, additional_data, log_type, short_description,
                    long_description }>

Auto-decline risks (always enforced by Didit, not configurable):
- POA_DOCUMENT_NOT_SUPPORTED_FOR_APPLICATION
- EXPIRED_DOCUMENT
- INVALID_DOCUMENT_TYPE
- MISSING_ADDRESS_INFORMATION

Configurable risks (action per workflow — Decline, Review, or Approve):
- NAME_MISMATCH_WITH_PROVIDED
- NAME_MISMATCH_ID_VERIFICATION
- POA_NAME_MISMATCH_BETWEEN_DOCUMENTS
- POOR_DOCUMENT_QUALITY
- DOCUMENT_METADATA_MISMATCH
- SUSPECTED_DOCUMENT_MANIPULATION
- UNSUPPORTED_DOCUMENT_LANGUAGE
- ADDRESS_MISMATCH_WITH_PROVIDED
- UNABLE_TO_EXTRACT_ISSUE_DATE
- UNPARSABLE_OR_INVALID_ADDRESS
- ISSUER_NOT_IDENTIFIED
- UNABLE_TO_VALIDATE_DOCUMENT_AGE
- FUTURE_ISSUE_DATE

## 5. Hard rules — do not change
- Base URL for /v3/* endpoints is verification.didit.me (NOT apx.didit.me).
- Feature enum is UPPERCASE: PROOF_OF_ADDRESS, ID_VERIFICATION, LIVENESS,
  FACE_MATCH, AML, IP_ANALYSIS.
- document_type enum is UPPERCASE_SNAKE: UTILITY_BILL, BANK_STATEMENT,
  GOVERNMENT_ISSUED_DOCUMENT, OTHER_POA_DOCUMENT, UNKNOWN.
- Auth header is x-api-key (lowercase, hyphenated).
- Webhook signature header is X-Signature-V2 (NOT X-Signature).
- Always verify webhook signatures before trusting payload data.
- Status casing matches exactly: "Approved", "Declined", "In Review",
  "Not Finished" (title-cased, space-separated).
- Documents must be issued within 90 days of submission — older documents
  trigger the EXPIRED_DOCUMENT auto-decline regardless of policy.
- The PoA document must be different from the document submitted for ID
  Verification — same image triggers POA_DOCUMENT_NOT_SUPPORTED.

## 6. Accepted document types (do not paraphrase to users)
- Utility Bill — Electricity, Water, Gas, Internet, Phone, Cable TV,
  Satellite TV, Trash Collection, Sewage, Heating, Combined Utilities,
  Municipal Services.
- Bank Statement — Account Statement, Credit Card Statement, Bank Letter
  Confirming Address, Mortgage Statement, Loan Statement, Savings,
  Checking, Investment, Business Account, Credit Union, Debit Card,
  Line of Credit.
- Government-Issued Document — Tax Assessment, Voter Registration Card,
  ID document, Residency Certificate, Government Letter, Census Letter,
  Property Tax Bill, Vehicle Registration, Social Security Statement,
  Unemployment Benefits Letter, Pension Statement, Court Summons,
  Municipal Permit, Immigration Document.
- Other Proof of Address — Lease Agreement, Rental Agreement, Employer
  Letter Confirming Address, Insurance Policy, School Enrollment Letter,
  Notarized Affidavit, Solicitor Letter, Payroll Stub, Employment
  Verification Letter, Retirement / Brokerage Account Statement.

Image requirements: JPG, JPEG, PNG, TIFF, or PDF. Maximum file size 15 MB.
Full-color, all corners visible, no digital editing, all pages included
for multi-page documents.

## 7. Pricing reference (public)
- Standalone /v3/poa/ call: $0.20 per check.
- Bundled inside a Didit workflow (KYC plus PoA): $0.20 per check on top
  of the bundle base.
- 500 free verifications every month, forever, on every account.

## 8. Verify your integration
- Sandbox starts on signup at https://business.didit.me — no separate flag.
- Test documents: deterministic synthetic bills returned in sandbox
  (Approved by default; trigger Declined by submitting the canonical
  "expired" test bill from the sandbox sample pack).
- Switch to live: flip the application's environment toggle in console.

When in doubt: https://docs.didit.me/core-technology/proof-of-address/overview
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

Proof numbers

Proof numbers
  • 0
    Document buckets — utility bill, bank statement, government doc, other.
  • 0d
    Maximum issue-date age before auto-decline.
  • <0s
    End-to-end inference per Proof of Address verification.
  • $0.00
    Per standalone Proof of Address check.
Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related modules

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page