Skip to main content

One prompt. End-to-end Didit integration.

The fastest way to integrate Didit into any application is to hand this prompt to an AI coding agent. It walks the agent through programmatic account creation, SDK install, workflow setup, session creation, webhooks with HMAC-SHA256 signature verification, and decision handling — every endpoint, header, package name, and price has been cross-checked against the canonical docs on this site. How to use:
  1. Open Claude Code, Codex, Cursor, GitHub Copilot, Devin, or any AI coding agent that can run shell commands.
  2. Click Copy Prompt below.
  3. Paste into your agent’s chat.
  4. Fill in the <my_stack> block with your framework / language / use case.
  5. Hit enter.
The agent registers your Didit account, picks the right SDK for your stack, ships the session-creation route, builds the webhook receiver with signature verification + idempotent dedupe, and wires decision-handling logic into your database — usually in one session.

What the prompt covers

StepWhat the agent does
1. RegisterTwo API calls to https://apx.didit.me/auth/v2/programmatic/{register,verify-email}/ — returns the api_key (used as x-api-key for every verification API call)
2. Choose approachSessions API + SDK (recommended for any user-facing flow) or Standalone APIs (server-to-server, custom UI)
3. Create workflowPOST /v3/workflows/ with the canonical body shape: {workflow_label, features: [{feature: "OCR"}, ...]} using UPPERCASE feature enums (face_liveness_method for LIVENESS: PASSIVE / ACTIVE_3D / FLASHING)
4. Install SDKPicks the right package for your stack: @didit-protocol/sdk-web, the iOS SDK via Swift Package Manager (github.com/didit-protocol/sdk-ios), me.didit:didit-sdk (Maven Central), @didit-protocol/sdk-react-native, or didit_sdk (Flutter)
5. Create sessionPOST /v3/session/ with workflow_id, vendor_data, callback — frontend opens the returned url via SDK / iframe / redirect. Auth failures are uniformly HTTP 403 {"detail": "..."}
6. Set up webhookRegisters a webhook_version: "v3" destination, builds the receiver with the canonical X-Signature-V2 pipeline (shortenFloatssortKeysJSON.stringify → HMAC-SHA256 → constant-time compare) and 5-second response budget
7. Apply decisionDatabase-update logic for all 10 session statuses (Not Started, In Progress, Awaiting User, In Review, Approved, Declined, Resubmitted, Abandoned, Expired, Kyc Expired) + idempotent dedupe on event_id + V3 plural-array decision parsing
The prompt also bundles a module catalogue with public per-feature pricing, an operational APIs table (decision retrieval, status updates, PDF generation, billing, webhook destinations, and more), and the MCP server install JSON for .cursor/mcp.json / claude_desktop_config.json.

Why this works as a one-prompt integration

  • Self-sufficient. Every step has a runnable cURL or code snippet — the agent never has to leave the prompt to look up a body shape, header, or endpoint.
  • Canonical. Each endpoint, header, status literal, and feature-array name is verified against openapi-25.json, openapi-auth.json, and the live .mdx reference pages on this site (linked at the bottom of the prompt).
  • V3 plural-array contract. The prompt names every decision.* array explicitly (id_verifications[], nfc_verifications[], liveness_checks[], face_matches[], aml_screenings[], …) and warns agents off the legacy V2 singular fields, so the integration handles multi-instance workflows (e.g. two ID checks in a step-up flow) from day one.
  • Bounded. A few thousand tokens — fits in any modern agent context with room left for your stack description and the agent’s planning notes.
  • Idempotent. Tells the agent to dedupe on event_id — Didit reuses the same event_id across retries and fan-out destinations, which is exactly what makes it a stable idempotency key — with session_id + status + webhook_type as a fallback compound key.
  • Status-machine complete. The agent’s database-update logic handles every status the production fleet emits — including the KYB-only Awaiting User state, the Resubmitted flow with resubmit_info, and the post-onboarding Kyc Expired state most integrators miss.

See also