Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Proof of Address

Verified residency from any supporting document.

Utility bills, bank statements, government letters — read, parsed, cross-checked against the ID, validated against the country's address registry. $0.20 per check. 500 verifications free every month.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

A cinematic dark abstract Proof of Address illustration — four floating translucent glass panels on pure black threaded by a luminous Didit Blue line. Each panel carries a small abstract motif (envelope, utility bill, map pin, house silhouette).

What a regulated platform owes

Don't trust a typed address. Read the bill, validate the registry.

A self-typed address fails audit. A scanned utility bill that isn't cross-checked against the ID fails audit. Didit ships the full Proof of Address recipe — capture, OCR, name + address match against the ID, plus country-registry validation in 18+ jurisdictions — as one signed evidence pack for $0.20 per check.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Create the workflow

    Pick the checks you want — ID, liveness, face match, sanctions, address, age, phone, email, custom questions. Drag them into a flow in the dashboard, or post the same flow to our API. Branch on conditions, run A/B tests, no code required.

  2. Step 02

    Integrate

    Embed natively with our Web, iOS, Android, React Native, or Flutter SDK. Redirect to a hosted page. Or just send your user a link — by email, SMS, WhatsApp, anywhere. Pick what fits your stack.

  3. Step 03

    User goes through the flow

    Didit hosts the camera, the lighting cues, the mobile hand-off, and accessibility. While the user is in the flow, we score 200+ fraud signals in real time and verify every field against authoritative data sources. Result in under two seconds.

  4. Step 04

    You receive the results

    Real-time signed webhooks keep your database in sync the moment a user is approved, declined, or sent to review. Poll the API on demand. Or open the console to inspect every session, every signal, and manage cases your way.

Built for compliance · Priced like infrastructure

Six checks. $0.20 per Proof of Address.

A regulator-grade Proof of Address isn't just an OCR — it's a recipe of capture, parse, cross-check, registry validation, and an audit envelope. Toggle each module per workflow.
Read the docsGet an API key
01 · Document capture

Accept any supporting document.

Utility bill, bank statement, government letter, lease, mortgage, mobile / internet contract — all within 90 days. The hosted flow guides the user through capture; the SDK exposes the same flow inside your native app.
Proof of Address module
02 · Parse + fraud check

Parse the fields. Verify the document.

OCR pulls the address into canonical fields — line 1, line 2, city, postal code, country, issued_at — and normalises it across an English utility bill, a Spanish bank statement, a German Anmeldung. At the same time we check authenticity: pixel-level manipulation, copy-paste artefacts, font / template tampering, low-resolution re-prints, and EXIF inconsistencies. A forged or doctored document fails the check before it ever reaches your audit log.
Proof of Address module
03 · ID cross-check

Match against the underlying ID.

The parsed address is cross-checked against the address on the underlying ID, and the name on the proof is cross-checked against the name on the ID. Catches forged bills, mismatched names, expired uploads, and bills belonging to someone else at the same address.
ID Verification module
04 · Registry validation

Validate against the country's authoritative source.

Where the country supports it — UK Royal Mail PAF, Spain Catastro / Padrón, France BAN, Germany municipal Anmeldung, US USPS, and more — the parsed address is looked up against the authoritative registry directly.
Database Validation module
05 · Global coverage

220+ countries, 48+ languages.

Per-region acceptable documents — Europe leans utility / bank / council letter, Latin America leans tax registry, US leans bank / utility / lease, APAC leans government letter. The Workflow Builder lets you constrain acceptable documents per country segment.
Database Validation module
06 · Audit pack

Regulator-grade audit envelope.

Every Proof of Address verdict is signed and timestamped — the original document image, the parsed address payload, the cross-check verdicts, and the registry validation result. Exportable on demand via the Business Console or API. EU data centres by default.
Compliant by design
Integrate

One session. Canonical address. Signed pack.

Open the session. Read the parsed address. File the regulator-grade audit envelope.
POST /v3/session/POA
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_proof_of_address",
    "vendor_data": "user-42",
    "expected_country": "ES"
  }'
201Createdhosted URL · user uploads ID + selfie + POA.
90-day-window enforced on the document date.docs →
GET /v3/session/{id}/decision/Decision
$ curl https://verification.didit.me/v3/session/$SESSION/decision/ \
  -H "x-api-key: $DIDIT_API_KEY"

# Decision payload (excerpted):
{ "proof_of_address": { "status": "Approved", "address": { ... } },
  "database_validation": { "service": "es_catastro_address", "result": { "registry_match": true } } }
200OKregistry_match true → high-confidence residency proof.
Persist the canonical address envelope.docs →
Agent-ready integration

Ship Proof of Address in one prompt.

Paste into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. Fill in your stack. The agent builds the workflow, fires the session, parses the address into canonical fields, runs the registry validation, and wires the webhook.
didit-integration-prompt.md
You are integrating Didit's Proof of Address into a regulated onboarding flow (bank, fintech, lender, crypto exchange, EU payment institution). Regulators want a current address on every customer file; the legacy "ask the user to type it" approach fails audit because the typed address is unverified.

Four obligations on every Proof of Address:

  1. Capture an acceptable document — utility bill, bank statement, government letter, lease, mortgage, mobile / internet contract — dated within the last 90 days.
  2. Read the address fields with Optical Character Recognition (OCR) and parse them into the canonical address envelope (line 1, line 2, city, postal code, country).
  3. Cross-check the address against the address on the underlying ID document AND against the name on both — a mismatched address or a mismatched name fails the check.
  4. Where the country supports it, validate the parsed address against the authoritative address registry (UK Royal Mail PAF, Spain Catastro / Padrón, France BAN, Germany DATEV, US USPS).

Pricing (verified live):
  - Proof of Address: $0.20 per check
  - ID Verification (required as the cross-check anchor): $0.15 per check
  - Database Validation (per-country registry validation, optional): variable per service
  - Combined bundle (ID + Liveness + Face Match + Proof of Address): $0.55 per user
  - First 500 verifications free every month, forever

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60s, no card).
  - Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header and your webhook secret.
  - A workflow_id from the Workflow Builder bundling ID Verification + Passive Liveness + Face Match 1:1 + Proof of Address. Add a Database Validation node for the country-specific address registry where available.

STEP 1 — Create the session

  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<your proof-of-address workflow id>",
      "vendor_data": "<your user id, max 256 chars>",
      "callback_url": "https://<your-app>/onboarding/poa/callback",
      "expected_country": "ES",
      "metadata": {
        "purpose": "regulatory_address_capture",
        "user_id": "<your internal id>"
      }
    }

  Response: 201 Created with the hosted session URL. SMS or email the URL to the user; they complete ID capture + selfie + Proof of Address upload on their phone in under five minutes.

STEP 2 — Read the signed webhook on completion

  Didit POSTs to your callback. Session statuses are Title Case With Spaces:

  Body (excerpted):
    {
      "session_id": "<uuid>",
      "vendor_data": "<your user id>",
      "status": "Approved",
      "id_verification": { "status": "Approved", "document_type": "passport", "country_code": "ES" },
      "liveness": { "status": "Approved" },
      "face": { "status": "Approved", "similarity_score": 0.94 },
      "proof_of_address": {
        "status": "Approved",
        "document_type": "utility_bill",
        "issuer": "Iberdrola",
        "issued_at": "2026-04-12",
        "address": {
          "line1": "C. Diagonal 612",
          "line2": "3a",
          "city": "Barcelona",
          "postal_code": "08021",
          "country": "ES"
        },
        "cross_check": {
          "name_match": true,
          "address_match_with_id": true,
          "within_90_day_window": true
        }
      },
      "database_validation": {
        "status": "Approved",
        "service": "es_catastro_address",
        "result": { "registry_match": true }
      }
    }

  Session status enum (exact case):
    Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned

  Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.

STEP 3 — Decide

  Branch logic:
    Approved    → file the canonical address payload on the customer record.
    In Review   → hold the onboarding, wait for analyst webhook update.
    Declined    → refuse onboarding, log the decline reason (typically: document over 90 days old, name mismatch, address mismatch with the ID).
    Resubmitted → user updated the upload; re-read the decision.

  The Proof of Address sub-result is independent of the parent session — even if the parent session is Approved, the proof_of_address.status might be In Review if the cross-check flagged a different city. Switch on proof_of_address.status when you persist the address.

STEP 4 — Persist the canonical address envelope

  When proof_of_address.status === "Approved", save the entire address object to your customer record as the regulatory current address. Use the canonical fields (line1, line2, city, postal_code, country) — Didit normalises across document layouts so the same shape works for an English utility bill, a Spanish bank statement, and a German Anmeldung.

  Keep the issuer + issued_at fields for your audit log — they prove the document type and the recency window the regulator audited.

STEP 5 — Registry validation result

  When the workflow includes a Database Validation node, the database_validation block returns the per-country registry-validation outcome:
    - es_catastro_address — Spanish Catastro property registry
    - uk_royal_mail_paf — UK Postcode Address File
    - fr_ban — France Base Adresse Nationale
    - de_anmeldung — German municipal registration check
    - us_usps — US Postal Service address validation

  A registry-match-false result on a country that supports validation is a signal worth manual review even if the OCR pass succeeded — most fake addresses fail registry validation immediately.

STEP 6 — Refresh on a cadence (optional)

  Most regulators ask for the address on file to be re-confirmed every 1-3 years (longer for low-risk customers, shorter for high-risk). Add a periodic Proof of Address session to your account-refresh cadence — same workflow, same hosted URL flow.

WEBHOOK EVENT NAMES
  - status.updated — session status changed.
  - data.updated — session data changed (resubmission, document re-upload).

  Verify X-Signature-V2 on every payload. The webhook secret is per-environment — sandbox key is separate from production.

CONSTRAINTS
  - Session statuses use Title Case With Spaces (Approved, In Review).
  - Acceptable documents must be dated within the last 90 days by default; some workflows extend to 180 days for low-risk customer segments.
  - The address on the Proof of Address document MUST cross-check against the address on the underlying ID OR against a previously-Approved address on file. If neither match, the proof flips to In Review automatically.
  - Default record retention is 5 years post-relationship per the EU AML package.

Read the docs:
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/sessions-api/retrieve-session
  - https://docs.didit.me/core-technology/proof-of-address/overview
  - https://docs.didit.me/core-technology/database-validation/overview
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

Proof numbers

Proof numbers
  • $0.00
    Per Proof of Address — OCR + cross-check + registry validation.
  • 0+
    Countries with authoritative address-registry validation built-in.
  • 0+
    Countries supported overall, with per-region acceptable docs.
  • 0
    Free verifications every month, on every account.
Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related modules + workflows

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page