Skip to main content

Finding Your API Key

In Didit, API keys are scoped to a specific Application within your account. An Application is a workspace where you can configure workflows and manage verifications for a particular project or environment. An API key is generated automatically for each Application you create. To find your key:
1

Log in to the Business Console

Go to the Didit Business Console and sign in.
2

Select your Application

Choose the Application you want to work with from the dropdown menu at the top.
3

Open API & Webhooks

Navigate to API & Webhooks in the left-hand sidebar.
4

Copy your keys

Your API Key and Webhook Secret Key will be displayed here. Copy them as needed.
Your API Key is a Secret — treat it like a password.It provides full access to the API on behalf of your Application. Never expose it in frontend code, public repositories, or client-side bundles. Always keep it server-side only.

Making Authenticated Requests

To authenticate an API request, include your secret API key in the x-api-key HTTP header. Here is an example of an authenticated request to the Create Session endpoint:
cURL
curl --request POST \
     --url https://verification.didit.me/v3/session/ \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --header 'x-api-key: YOUR_API_KEY' \
     --data '
{
  "workflow_id": "WORKFLOW_ID",
  "vendor_data": "USER_ID",
  "callback": "CALLBACK_URL"
}
'

Error Handling

If your API key is missing or invalid, the API returns a 401 Unauthorized response: 
{
  "detail": "Invalid or missing API key"
}
Status CodeMeaning
401API key is missing, invalid, or revoked
403API key does not have access to the requested resource
If you receive a 401 error, double-check that you are using the correct API key for the right Application and that it has not been regenerated.