Retrieve Credentials

Before running the application, set up some environment variables:

• Visit Didit Business Console (opens in a new tab) to obtain your CLIENT_ID, CLIENT_SECRET, and WEBHOOK_SECRET_KEY for handling webhooks.
• Configure WEBHOOK_URL in the application's advanced settings. For development purposes, you might use:

  WEBHOOK_URL=https://yourapp.com/api/webhook
• In your .env file, fill in the environment variables obtained from the step above. Your .env file will look something like this:

  CLIENT_ID=<YourClientId>
  CLIENT_SECRET=<YourClientSecret>
  WEBHOOK_SECRET_KEY=<YourWebhookSecretKey>

Client Authentication

To call the Verification endpoints, provide the client access_token in the Authorization header as Bearer ${access_token}.

Refer to the Client Authentication section for detailed information and code examples.

Creating Verification Session

After obtaining a valid client access_token, you can call the verification service /v1/session/ endpoint.

Refer to the Create Session section for detailed information and code examples.

Webhook for Verification Status

Webhooks are used to keep you notified of any status changes for the verification sessions you have created.

The webhooks are sent to the webhook URL configured on the business dashboard. To ensure that the webhook is from Didit, you need to verify the signature sent in the x-signature field of the header using the webhook secret obtained from the business dashboard.

Refer to the Webhooks section for detailed information and code examples on how to handle webhooks and verify their signatures.

(Optional) Retrieving Verification Results through API

If you want to fetch verification results through the API, you can do so by calling the /v1/session/{sessionId}/decision/ endpoint. The recommended way of receiving verification results is through webhooks (step 4).

Refer to the Retrieve Session section for detailed information and code examples.