Didit V2 uses API Keys to authenticate requests and ensure that only authorized applications can access our services. All API requests must include a secret API key sent via an HTTP header. Requests that do not include a valid key, or use an incorrect key, will be rejected with a 401 Unauthorized error status code.
Finding Your API Key
In Didit, API keys are scoped to a specific Application within your account. An Application is a workspace where you can configure workflows and manage verifications for a particular project or environment.
An API key is generated automatically for each Application you create. To find your key:
- Log in to the Didit Business Console.
- Select the Application you want to work with from the dropdown menu at the top.
- Navigate to the Verifications section in the left-hand sidebar.
- Click the Settings icon (βοΈ) in the top right corner of the Verifications page.
- Your API Key will be displayed in this section. You can copy it from here.
Your API Key is a Secret Treat your API key like a password. It provides full access to the API on behalf of your Application.
Making Authenticated Requests
To authenticate an API request, you must include your secret API key in the x-api-key HTTP header.
Here is an example of an authenticated request to our Create Session endpoint using cURL:
curl --request POST \
--url https://verification.didit.me/v2/session/ \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-api-key: YOUR_API_KEY' \
--data '
{
"workflow_id": "WORKFLOW_ID",
"vendor_data": "USER_ID",
"callback": "CALLBACK_URL"
}
'