> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didit.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Upload Face to List

> Upload a base64 face image to a Didit face blocklist or allowlist. Didit extracts the biometric and uses it during future face matching.

export const AgentPromptAccordion = ({prompt, title = "AI Agent Integration Prompt"}) => {
  const [copied, setCopied] = React.useState(false);
  const handleCopy = e => {
    e.stopPropagation();
    if (!prompt) return;
    navigator.clipboard.writeText(prompt.trim()).then(() => {
      setCopied(true);
      setTimeout(() => setCopied(false), 2000);
    });
  };
  const agents = ["Claude Code", "Codex", "Cursor", "Devin", "Windsurf", "GitHub Copilot"];
  return <div className="didit-agent-card">
      {}
      <div className="didit-agent-titlebar">
        <div className="didit-agent-dots" aria-hidden="true">
          <span className="didit-agent-dot didit-agent-dot-red"></span>
          <span className="didit-agent-dot didit-agent-dot-yellow"></span>
          <span className="didit-agent-dot didit-agent-dot-green"></span>
        </div>
        <span className="didit-agent-filename">{title}</span>
        <button type="button" className={`didit-agent-copy ${copied ? "didit-agent-copy-copied" : ""}`} onClick={handleCopy} title="Copy prompt to clipboard" aria-label={copied ? "Copied!" : "Copy prompt to clipboard"}>
          {copied ? <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <path d="M3 8.5l3.5 3.5L13 4" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" />
              </svg>
              <span>Copied</span>
            </> : <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <rect x="5" y="5" width="9" height="9" rx="1.5" stroke="currentColor" strokeWidth="1.5" />
                <path d="M11 5V3.5A1.5 1.5 0 0 0 9.5 2h-6A1.5 1.5 0 0 0 2 3.5v6A1.5 1.5 0 0 0 3.5 11H5" stroke="currentColor" strokeWidth="1.5" />
              </svg>
              <span>Copy</span>
            </>}
        </button>
      </div>

      {}
      <pre className="didit-agent-body"><code>{prompt.trim()}</code></pre>

      {}
      <div className="didit-agent-footer">
        <span className="didit-agent-footer-label">Paste into</span>
        <div className="didit-agent-chips">
          {agents.map(name => <span key={name} className="didit-agent-chip">{name}</span>)}
        </div>
      </div>
    </div>;
};

<AgentPromptAccordion
  title="Upload Face to List API Prompt"
  prompt={`Upload a face image directly to a Didit face blocklist or allowlist through the Management API.

Endpoint:
POST https://verification.didit.me/v3/lists/{list_uuid}/entries/face-upload/

Authentication:
Use the x-api-key header with my Didit API key.

Goal:
- Add a face to a face-type blocklist or allowlist when I do not have a verification session to reference. Didit extracts the biometric embedding from the image, inserts it into the matching database, and creates the entry.
- A face blocklist entry auto-declines future matching sessions. A face allowlist entry suppresses duplicate-face actions for trusted matching faces but does not override blocklist hits or liveness attacks.

When NOT to use this:
- If you're blocklisting or allowlisting a face from an existing verification session, use POST /v3/lists/{list_uuid}/entries/ with reference_session_id instead — the backend links the entry back to the session automatically.

Path parameter:
- list_uuid — must reference a list with entry_type "face". Other entry_types will fail.

Request body (application/json):
{
"image": "/9j/4AAQSkZ...",   // required: base64-encoded JPG, PNG, or WebP. Do not include the "data:image/..." prefix.
"comment": "Known fraudster" // optional
}

Important constraints:
- The image must contain a clearly visible face. If no face is detected, the API returns 400.
- Only face-type blocklists and allowlists accept this endpoint.

Example call:
curl -X POST "https://verification.didit.me/v3/lists/{list_uuid}/entries/face-upload/" \\
-H "x-api-key: YOUR_API_KEY" -H "Content-Type: application/json" \\
-d '{"image": "/9j/4AAQSkZ...", "comment": "Known fraudster"}'

Example response (201):
{
"uuid": "a1b2c3d4-...",
"value": "face-uuid-here",
"comment": "Known fraudster",
"added_by": "api",
"reference_object_uuid": "face-uuid-here",
"metadata": { "reference_image_url": "https://..." },
"created_at": "..."
}

Failure modes:
- 400 — no face detected in image, multiple faces detected, list_uuid is not a face-type list, image not valid base64, or image format unsupported.
- 401 — missing or malformed x-api-key.
- 403 — canonical { "detail": "You do not have permission to perform this action." } envelope.
- 404 — list not found in this application.
- 413 — image payload too large.

Side effects:
- The face embedding is inserted into the biometric matching database. Future sessions matching a blocklisted face are automatically declined. Future sessions matching an allowlisted face skip duplicate-face actions and include an informational allowlist warning.

For the full integration shape, see /integration/integration-prompt.`}
/>

Upload a base64-encoded face image to a face-type blocklist or allowlist. Didit extracts the biometric data, validates a face is detected, inserts the embedding into the matching database, and creates a list entry.

Only available for lists with `entry_type: face` and `list_type: blocklist` or `list_type: allowlist`.

<Tip>
  If you're blocklisting or allowlisting a face **from an existing session**, use [Create entry](/management-api/lists/create-entry) with `reference_session_id` instead — the backend links the entry back to the session.
</Tip>

## Request body

| Field     | Type   | Required | Description                                   |
| --------- | ------ | -------- | --------------------------------------------- |
| `image`   | string | Yes      | Base64-encoded face image (JPG, PNG, or WebP) |
| `comment` | string | No       | Comment or reason for adding                  |

<RequestExample>
  ```bash theme={null}
  curl -X POST "https://verification.didit.me/v3/lists/{list_uuid}/entries/face-upload/" \
    -H "x-api-key: YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"image": "/9j/4AAQSkZ...", "comment": "Known fraudster"}'
  ```
</RequestExample>

<ResponseExample>
  ```json theme={null}
  {
    "uuid": "a1b2c3d4-...",
    "value": "face-uuid-here",
    "display_label": "",
    "comment": "Known fraudster",
    "added_by": "api",
    "reference_session_id": null,
    "reference_session_number": null,
    "reference_object_uuid": "face-uuid-here",
    "metadata": {
      "reference_image_url": "https://..."
    },
    "created_at": "2025-06-09T12:26:54Z"
  }
  ```
</ResponseExample>

<Warning>
  The image must contain a clearly visible face. If no face is detected, a 400 error is returned.
</Warning>
