Skip to main content

Step 1: Install

Install the App
  1. Open the install link: https://login.salesforce.com/packaging/installPackage.apexp?p0=04tg50000003q0TAAQ
  2. Select “Install for all users”
Install Didit app in salesforce
  1. Click Install

Step 2: Get Your Didit Credentials

Get Your API Key (for api mode)

  1. Log in to the Didit Business Console
  2. Copy your API key
How to get the API key from the Didit Business Console

Get Your Workflow ID

  1. In the Didit Business Console, go to Workflows
  2. Select the workflow you want to use (or create a new one)
  3. Copy the Workflow ID (a UUID like xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
How to get the Workflow ID from the Didit Business Console

Step 3: Configure Didit Settings

  1. Click the App Launcher (grid icon, top-left) and search for “Didit”
how to enter in didit app
  1. Open the Didit app — you’ll land on the Didit Settings tab
  2. Fill in your credentials and preferences:
FieldDescriptionDefault
Modeapi (recommended) or unilinkapi
Didit API KeyYour Didit API key (API mode only)
Workflow IDYour Didit workflow ID (API mode only)
Webhook SecretHMAC secret from Didit Console → API & Webhooks. Required to receive real-time verification updates. If left empty, all incoming webhooks are rejected.
UniLink URLFixed verification URL (UniLink mode only)
Display Modemodal (popup) or embedded (inline)embedded
Vendor Datarecord_id, record_email, custom prefix + record id, or nonerecord_id
LanguageLanguage code (e.g., en, es, fr)Auto detect by browser
Auto Send Contact DataPrefill verification with record datatrue
Show Close ButtonShow X button on modaltrue
Exit ConfirmationConfirm before closing modaltrue
Auto-close on CompleteAuto-close modal after completionfalse
Debug LoggingEnable browser console loggingfalse
Button TextVerify button labelVerify Identity
Button Success TextLabel after verificationIdentity Verified
Button ColorButton background hex color#2667ff
  1. Click Save Settings

Step 4: Add the Component to Record Pages

  1. Navigate to a Contact or Lead record
contact page view
  1. Click the gear icon → Edit Page (or Setup → Object Manager → Contact/Lead → Lightning Record Pages)
contact detals view
  1. In Lightning App Builder, drag Didit Identity Verification from the Components panel
Drag didit component
  1. Click Save and Activate the page, select “Assign as Org Default” when activating, check the video:
Save and activate page with the didit component
  1. In the example I did it with the contact, you can do the same on lead.

How It Works

  1. User clicks Verify Identity on a Contact/Lead record
  2. Apex creates a session via the Didit API (API key stays server-side)
  3. The Didit SDK opens the verification flow — as a modal overlay or inline embedded view depending on your Display Mode setting
  4. On completion, the record is updated automatically:
    • Verification Status → the session result (Approved, Declined, In Review, etc.)
    • Identity Verifiedtrue on Approved; false on Declined
    • Verified At timestamp and Didit Session ID
    • Verified Document Type, Document Expiry Date, AML Check Status (populated via webhook — see below)
  5. The component shows the verified status, document type, expiry date, and AML result inline — no page layout configuration needed
  1. User clicks Verify Identity
  2. A fixed UniLink URL opens in modal or iframe (no API call needed)
  3. On completion, result is saved to the record

Automatic Verification Updates (Webhooks)

When a verification session completes (whether the agent is watching the page or not), Didit sends a webhook to your Salesforce org to automatically update the Contact/Lead record. This requires a one-time Salesforce Site setup.

Why is this needed?

Salesforce does not accept incoming HTTP requests from external services without a public endpoint. A Salesforce Site creates this endpoint so Didit can push verification results directly to your org in real-time.

Step 1: Go to Setup > Sites

In Salesforce, click the gear icon > Setup. In the Quick Find box, type Sites and click on it under Sites and Domains. Step 1 - Sites search If this is your first time, check “I have read and accepted the Salesforce Site Terms of Use” and click Register My Salesforce Site Domain. Step 1 - Sites page with domain registered

Step 2: Create a new Site

Click the New button in the Sites list. Fill in:
  • Site Label: DiditWebhook
  • Site Name: auto-fills as DiditWebhook
  • Default Web Address: didit
  • Active: checked
  • Active Site Home Page: InMaintenance
Leave all other fields as defaults and click Save. Step 2 - New Site form

Step 3: Verify the Site was created

After saving, you’ll see the Site detail page. Note the Site URL — it will look like https://your-org.develop.my.salesforce-sites.com/didit. You’ll need this later. Step 3 - Site created

Step 4: Grant Guest User access to the webhook class

On the Site detail page, click Public Access Settings. This opens the Guest User profile. Scroll down to Enabled Apex Class Access and click Edit. Select DiditWebhookReceiver from the Available list and click Add to move it to the Enabled list. Click Save. Step 4 - Apex Class Access

Step 5: Configure the webhook in Didit Console

  1. Go to business.didit.me > API & Webhooks
  2. Set your Webhook URL to: https://your-org.develop.my.salesforce-sites.com/didit/services/apexrest/didit/webhook/
Note: The exact domain format depends on your org type. Developer Edition orgs include .develop in the URL. Production orgs use https://your-org.my.salesforce-sites.com/didit/services/apexrest/didit/webhook/. Always copy the URL from your Site detail page (Step 3) to be sure.
  1. Copy the Webhook Secret Key
  2. In Salesforce, go to Didit Settings and paste the secret into the Webhook Secret field
  3. Click Save Settings
That’s it. From now on, every verification result will automatically update the Contact/Lead record — even if nobody has the Salesforce page open.

What the webhook saves

When Didit sends a webhook, the Contact or Lead is updated automatically. Always updated — regardless of workflow type:
FieldWhat it stores
Verification StatusApproved, Declined, In Review, In Progress, Abandoned
Identity Verifiedtrue on Approved; false on Declined or Abandoned
Verified AtTimestamp of the Approved result
Didit Session IDThe session UUID
Only updated when the feature is part of your workflow:
FieldRequires
Verified Document TypeID Verification in your workflow
Document Expiry DateID Verification in your workflow
AML Check StatusAML screening in your workflow
Verification Decline ReasonsID Verification in your workflow
If a feature is not enabled in your Didit workflow, the corresponding fields are simply left blank — nothing breaks. A Didit Verification child record (Didit_Verification__c) is also created for every session, giving you a full audit trail with additional detail (document number, issuing country, name on document, date of birth, face match score, liveness score, AML hit count) — again, only for the features included in the workflow. You can add the Didit Verifications related list to your Contact/Lead page layout to view history.

Flow Automation (Invocable Action)

The plugin includes an Invocable Apex action that Salesforce Flows can call to trigger verification automatically:
  1. In Flow Builder, add an Action element
  2. Search for “Create Didit Verification Session”
  3. Pass a Contact or Lead record ID
  4. The action returns url, sessionId, success, and error
  5. Use the URL in a Send Email or Send Notification action to deliver it to the customer
Example use cases:
  • On Lead creation — automatically send a verification link to every new lead
  • Document expiry monitoring — build a Scheduled Flow that runs daily, finds all Contacts where Document Expiry Date ≤ TODAY + 90 days, and sends a re-verification link. — it’s available out of the box using the Document Expiry Date field populated by the webhook

Troubleshooting

Button does nothing when clicked

  • Make sure you’ve saved your API Key and Workflow ID in Didit Settings
  • Check that the Workflow ID belongs to the same application as your API Key
  • Enable Debug Logging in Didit Settings and check the browser console for errors

”Received a non-JSON response from the Didit API”

  • Verify the Remote Site Setting for https://verification.didit.me is active: Setup → Remote Site Settings
  • Check that your API Key is valid and has not expired in the Didit Business Console

Webhook returns 401 — “Webhook secret not configured”

  • Go to Didit Settings and paste your Webhook Secret Key (copied from Didit Console → API & Webhooks) into the Webhook Secret field, then click Save Settings

Webhook returns 401 — “Invalid signature” or “Request timestamp is stale”

  • Invalid signature: make sure the Webhook Secret in Didit Settings exactly matches the one in the Didit Console — no extra spaces or characters
  • Stale timestamp: webhooks must arrive within 5 minutes of being sent. If your Salesforce org’s clock is out of sync this can trigger false positives, but this is very rare

Verification window does not open (CSP error in browser console)

  • The CSP Trusted Site for https://verify.didit.me is included in the managed package and is deployed automatically. If you are deploying from source, make sure cspTrustedSites/Didit_Verify_Frontend.cspTrustedSite-meta.xml is included in your deployment

Support (24/7)

Our team is available to help you get up and running.

WhatsApp Support

Fastest response — reach us directly on WhatsApp.

Email

Send us an email at hello@didit.me.