> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didit.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Reusable KYC

> Let users verify identity once and securely reuse it across multiple apps. Cuts onboarding friction, eliminates repeat KYC. Free with Didit.

export const AgentPromptAccordion = ({prompt, title = "AI Agent Integration Prompt"}) => {
  const [copied, setCopied] = React.useState(false);
  const handleCopy = e => {
    e.stopPropagation();
    if (!prompt) return;
    navigator.clipboard.writeText(prompt.trim()).then(() => {
      setCopied(true);
      setTimeout(() => setCopied(false), 2000);
    });
  };
  const agents = ["Claude Code", "Codex", "Cursor", "Devin", "Windsurf", "GitHub Copilot"];
  return <div className="didit-agent-card">
      {}
      <div className="didit-agent-titlebar">
        <div className="didit-agent-dots" aria-hidden="true">
          <span className="didit-agent-dot didit-agent-dot-red"></span>
          <span className="didit-agent-dot didit-agent-dot-yellow"></span>
          <span className="didit-agent-dot didit-agent-dot-green"></span>
        </div>
        <span className="didit-agent-filename">{title}</span>
        <button type="button" className={`didit-agent-copy ${copied ? "didit-agent-copy-copied" : ""}`} onClick={handleCopy} title="Copy prompt to clipboard" aria-label={copied ? "Copied!" : "Copy prompt to clipboard"}>
          {copied ? <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <path d="M3 8.5l3.5 3.5L13 4" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" />
              </svg>
              <span>Copied</span>
            </> : <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <rect x="5" y="5" width="9" height="9" rx="1.5" stroke="currentColor" strokeWidth="1.5" />
                <path d="M11 5V3.5A1.5 1.5 0 0 0 9.5 2h-6A1.5 1.5 0 0 0 2 3.5v6A1.5 1.5 0 0 0 3.5 11H5" stroke="currentColor" strokeWidth="1.5" />
              </svg>
              <span>Copy</span>
            </>}
        </button>
      </div>

      {}
      <pre className="didit-agent-body"><code>{prompt.trim()}</code></pre>

      {}
      <div className="didit-agent-footer">
        <span className="didit-agent-footer-label">Paste into</span>
        <div className="didit-agent-chips">
          {agents.map(name => <span key={name} className="didit-agent-chip">{name}</span>)}
        </div>
      </div>
    </div>;
};

export const VideoEmbed = ({src, title = "Video", type = "iframe"}) => <div className={type === "iframe" ? "didit-video-embed" : "didit-video-embed didit-video-native"}>
    {type === "iframe" ? <iframe src={src} title={title} style={{
  width: "100%",
  height: "100%",
  border: 0,
  borderRadius: "12px"
}} allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowFullScreen /> : <video controls autoPlay muted loop playsInline src={src} title={title} style={{
  width: "100%",
  height: "auto",
  display: "block",
  borderRadius: "12px"
}} />}
  </div>;

Reusable KYC allows users to verify their identity once and securely share that verification across multiple Didit-integrated applications. This reduces onboarding friction while maintaining security and compliance.

<AgentPromptAccordion
  title="Reusable KYC Integration Prompt"
  prompt={`# Goal
Integrate Didit Reusable KYC — hand off a finished verification session from one Didit application to another without re-running the verification. Two endpoints: **share** on the source application, **import-shared** on the receiving application.

# Delivery mode
Cross-application share flow. Both calls authenticate with each side's own application API key (\`x-api-key\`). Source session must already be in a finished status (Approved / Declined / In Review).

# Step 1 — Mint a share token (source application)
POST https://verification.didit.me/v3/session/{sessionId}/share/
x-api-key: YOUR_API_KEY
Content-Type: application/json

\`\`\`bash
curl -X POST 'https://verification.didit.me/v3/session/11111111-2222-3333-4444-555555555555/share/' \\
-H 'x-api-key: YOUR_API_KEY' \\
-H 'Content-Type: application/json' \\
-d '{
"for_application_id": "a5f3bca2-46e2-411e-90ef-a580900a57ee",
"ttl_in_seconds": 7200
}'
\`\`\`
Response: { share_token, for_application_id, session_kind: "user" | "business" }.

\`ttl_in_seconds\` — min 60, max 86400 (24h), default 3600 (1h).

# JWT payload (token contents)
The HS256-signed JWT carries:
- \`session_id\` — UUID of the source session being shared.
- \`session_kind\` — "user" (KYC) or "business" (KYB) — drives which related rows are cloned.
- \`from_application_id\` — calling application UUID.
- \`for_application_id\` — receiving application UUID — only this app can redeem.
- \`iat\` / \`exp\` — issued-at and expiry epoch seconds.

The token is not idempotent (each call mints a fresh JWT) and cannot be revoked — it simply expires.

# Step 2 — Redeem the token (receiving application)
POST https://verification.didit.me/v3/session/import-shared/

\`\`\`bash
curl -X POST 'https://verification.didit.me/v3/session/import-shared/' \\
-H 'x-api-key: RECEIVING_APP_API_KEY' \\
-H 'Content-Type: application/json' \\
-d '{
"share_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"trust_review": false,
"workflow_id": "9f9b1234-aaaa-bbbb-cccc-1234567890ab",
"vendor_data": "user-1"
}'
\`\`\`
Required: share_token, trust_review, workflow_id (must exist on the receiving app). Optional: vendor_data (defaults to source).

\`trust_review\`:
- \`true\` — cloned session keeps the source status (Approved stays Approved).
- \`false\` — cloned session is forced to "In Review" so your reviewers re-decide.

Response (201): the V2 KYC decision payload for user sessions (or V3 KYB payload for business sessions) — the same shape as GET /v3/session/{sessionId}/decision/. The cloned session has a fresh session_id and \`shared_from_session\` pointing at the source for audit.

# Failure modes to handle
- 400 "Invalid share token." — malformed JWT / wrong signature.
- 400 "Share token has expired." — past exp.
- 400 "This token is not valid for this application." — JWT \`for_application_id\` doesn't match the receiving app.
- 400 "Original session does not exist." — source session deleted between mint and redeem.
- 403 "This session has already been shared with your application." — same token can only be redeemed once per receiving app. Mint a new token.
- 404 "Workflow does not exist for this application." — \`workflow_id\` is from a different application.
- Source status not finished — 400 "Only finished sessions (Approved, Declined, In Review) can be shared."

# What gets cloned
- session_kind="user": KYC, Face, Liveness, FaceMatch, AML, POA, Phone, Location, DatabaseValidation rows + activity log.
- session_kind="business": KYBCompany, KYBKeyPeopleCheck, KYBDocument + shared feature rows (AML, Phone, Email, Location, QuestionnaireResponse) + activity log.

# See also
- Mint share token: /sessions-api/share-session
- Redeem share token: /sessions-api/import-shared-session
- Canonical decision schema: /reference/data-models#overview
- Full integration playbook: /integration/integration-prompt`}
/>

<VideoEmbed src="https://www.youtube.com/embed/h0i9Q0-izcw?start=46&rel=0&playsinline=1" title="Reusable KYC & User Journey" />

## How it works

<Steps>
  <Step title="Initial verification">
    The user completes a standard KYC process (ID Verification + facial recognition). Verification data is encrypted and stored in the user's Didit ID, compliant with eIDAS2.
  </Step>

  <Step title="Reuse at a new application">
    When the user encounters another Didit-integrated application, they select the option to reuse their existing KYC. A quick facial recognition check confirms their identity, and they consent to share specific data.
  </Step>

  <Step title="Instant onboarding">
    The new application receives the verified KYC information instantly — no document re-upload, no waiting.
  </Step>
</Steps>

## Key Benefits

| For Users                  | For Businesses          | For Compliance                 |
| -------------------------- | ----------------------- | ------------------------------ |
| Verify once, use anywhere  | Faster user onboarding  | Maintains regulatory standards |
| Control over data sharing  | Reduced drop-off rates  | Complete audit trail           |
| Seconds instead of minutes | Higher conversion rates | Cross-jurisdiction support     |

## Security and Compliance

| Area                  | Details                                                   |
| --------------------- | --------------------------------------------------------- |
| **Encryption**        | End-to-end encryption for all stored and transferred data |
| **Biometric re-auth** | Facial recognition required for every reuse               |
| **Regulatory**        | eIDAS2 compliant, supports AML/KYC requirements           |
| **Cross-border**      | Works across jurisdictions                                |

<Frame>
  <img src="https://mintcdn.com/didit-0f962782/z6T2GHM4Zh-iSj-K/images/reusable-kyc.png?fit=max&auto=format&n=z6T2GHM4Zh-iSj-K&q=85&s=12c89122aad772b3683a629343b6dabc" alt="Didit reusable KYC flow letting verified users carry identity across services" width="814" height="774" data-path="images/reusable-kyc.png" />
</Frame>

Reusable KYC is automatically available to users who have completed an initial verification. Users can choose to reuse their KYC or perform a fresh check at any time.
