Skip to main content

Overview

Didit is the most agent-friendly identity verification platform. AI coding agents (Cursor, Claude Code, GitHub Copilot, Devin, OpenHands, Codex) can register, configure workflows, and start verifying identities — all programmatically, without ever opening a browser. Why agents love Didit:
  • 2 API calls from zero to credentials (register + verify email code)
  • No browser required — fully headless, perfect for CI/CD and agent workflows
  • No 2FA friction for API accounts — tokens returned immediately after email verification
  • Auto-provisioned organization and application with API key in the verify response
  • Full management API — configure verification settings, questionnaires, blocklists, billing, all via API
  • MCP Server available — agents can discover and use Didit tools natively

Quick Start

Step 1: Register

curl -X POST https://apx.didit.me/auth/v2/programmatic/register/ \
  -H "Content-Type: application/json" \
  -d '{"email": "developer@gmail.com", "password": "StrongP@ss1"}'
Response: 
{
  "message": "Registration successful. Check your email for the verification code.",
  "email": "developer@gmail.com"
}
A 6-character alphanumeric verification code (e.g., A3K9F2) is sent to your email.

Step 2: Verify and Get Credentials

curl -X POST https://apx.didit.me/auth/v2/programmatic/verify-email/ \
  -H "Content-Type: application/json" \
  -d '{"email": "developer@gmail.com", "code": "A3K9F2"}'
Response: 
{
  "access_token": "eyJ...",
  "refresh_token": "eyJ...",
  "organization": {
    "uuid": "org-uuid",
    "name": "developer"
  },
  "application": {
    "uuid": "app-uuid",
    "name": "developer",
    "client_id": "abc123def456",
    "api_key": "xyz789secret..."
  }
}
You now have everything you need. Use the api_key as your x-api-key header for all API calls.

Step 3: Use the API

curl https://apx.didit.me/v3/sessions/ \
  -H "x-api-key: xyz789secret..."

Subsequent Logins

curl -X POST https://apx.didit.me/auth/v2/programmatic/login/ \
  -H "Content-Type: application/json" \
  -d '{"email": "developer@gmail.com", "password": "StrongP@ss1"}'
Returns access_token directly — no 2FA required for API accounts.

Rate Limits

  • Registration: 5 attempts per IP per hour
  • Login: 20 attempts per IP per minute, progressive account lockout after 5 failed attempts

Password Requirements

  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one digit
  • At least one special character

Managing Your Application

Once authenticated, retrieve or create additional applications: 
# List your organizations
curl https://apx.didit.me/auth/v2/organizations/me/ \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

# Get application credentials (client_id + api_key)
curl https://apx.didit.me/auth/v2/organizations/me/{org_id}/applications/{app_id}/ \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

What Can Agents Do After Registration?

With the api_key, agents have full access to:
APIWhat it does
POST /v3/session/Create verification sessions
GET /v3/sessions/List all sessions
GET /v3/session/{id}/decision/Get verification results
GET /v3/workflows/List/manage verification workflows
POST /v3/questionnaires/Create custom questionnaires
GET /v3/users/List verified users
GET /v3/billing/balance/Check credit balance
POST /v3/billing/top-up/Top up credits
GET /v3/blocklist/Manage blocklist
See the Management API Reference for full details.

MCP Server Integration

For the best agent experience, use the Didit MCP Server: 
{
  "mcpServers": {
    "didit": {
      "command": "npx",
      "args": ["@didit-protocol/mcp-server"],
      "env": { "DIDIT_API_KEY": "your_api_key" }
    }
  }
}
See the AI Agent Integration Guide for details.