Skip to main content
Every document a user uploads during verification is permanently linked to their User entity. This page explains what’s collected, how to retrieve it, and how to upload additional documents manually.

What Didit collects

Document typeWhen collectedFields extracted
Government ID (passport, national ID, driver’s license, residence permit)ID verification stepName, DOB, document number, issuing country, expiry, MRZ where present
Selfie / liveness framesLiveness stepLargest face crop, passive liveness score
Proof of address (POA)POA stepName, address, issuer, document date
NFC chip readNFC verification stepChip data, ICAO certificate chain, match against OCR
Additional documentsAnalyst request or custom workflow stepsOCR when applicable, otherwise stored as-is
Supported document types covers the full country × document matrix (14,000+ documents across 220+ countries).

Retrieving documents

Documents are associated with the session that collected them, not directly with the user. To list all documents for a user:
1

List the user's sessions

curl -G https://verification.didit.me/v3/sessions \
  -H "x-api-key: YOUR_API_KEY" \
  --data-urlencode "vendor_data=user-42"
2

Fetch each session's decision

Each session decision includes URLs to the collected documents.
curl https://verification.didit.me/v3/session/{session_id}/decision/ \
  -H "x-api-key: YOUR_API_KEY"
Inspect the id_verification.document_images, proof_of_address.document_images, and liveness.images fields in the response.
3

Use signed URLs

Image URLs in the response are short-lived signed URLs. Cache them client-side for the duration of use, or re-fetch the decision when they expire.

Generating a PDF report

For a human-readable export of everything collected for a session, including all documents, use: GET /v3/session/{session_id}/generate-pdf Returns a PDF with session details, feature results, and embedded document images. Useful for compliance audits, SAR attachments, and regulatory filings.

Uploading documents from the console

Compliance operators can upload additional documents against a user or an active session:
  1. Navigate to Users → [user] → Documents → Upload document.
  2. Choose a document type (ID, POA, custom).
  3. Upload a file; OCR runs automatically for supported types.
  4. The document attaches to the most recent session (or you can create a remediation session).
The document upload UI is console-only — there is no public API endpoint for directly attaching documents to a user. Use sessions as the entry point for all document capture.

Document cross-referencing

When a session collects multiple document types, Didit cross-references them:
  • ID ↔ Liveness — face on the ID matches the liveness selfie.
  • ID ↔ POA — name on the POA matches the name extracted from the ID.
  • ID ↔ NFC — MRZ / visual data matches the NFC chip data.
Inconsistencies are surfaced as warnings on the session decision and can be configured to trigger manual review.

Document monitoring and re-verification

For use-cases requiring ongoing document validity (e.g. expired IDs):
  • Document expiry is tracked on every verified ID. Query the session decision for the expiry_date field.
  • Re-verification — trigger a new session against the same vendor_data to refresh documents.
  • Document monitoring — opt into document monitoring to be notified when a document is about to expire.

Document geolocation

The ID document geolocation check compares the IP location of the submitter against the issuing country of the ID. Results are attached to the session decision.

Privacy and retention

  • All documents are encrypted at rest.
  • Image access is via short-lived signed URLs.
  • Retention follows the application’s data retention policy.
  • Users have the right to request deletion; deletion removes images, OCR extracts, and NFC data.

Next steps

ID verification

How ID capture and OCR works.

Proof of address

POA document collection.

Session decision

GET /v3/session//decision/ reference.