| Kind | What it verifies | Decision payload includes |
|---|---|---|
| User Verification (KYC) session | An individual person | ID verification, liveness, face match, POA, NFC, database validation, phone, email, AML, questionnaires, IP analysis |
| Business Verification (KYB) session | A company / legal entity | Company registry check, key people (officers/UBOs), document verifications, phone, email, AML, questionnaires, IP analysis |
Kind is determined by the workflow
When you create a session, you pass aworkflow_id. The workflow’s type determines whether the session is a User Verification or a Business Verification — callers do not choose separately. KYB workflows create Business Verification sessions; KYC workflows create User Verification sessions.
session_kind discriminator
Every session response — from create, retrieve, list, update-status, share, and import — includes a top-level field:
"user"— the session is a User Verification (KYC) session. The response contains user-specific feature arrays."business"— the session is a Business Verification (KYB) session. The response contains business-specific feature arrays.
The enum values are the short identifiers
"user" and "business" — we keep them short for API ergonomics. The full names User Verification (KYC) and Business Verification (KYB) are used throughout the documentation for clarity.Feature arrays by kind
The feature arrays present in a decision depend on the kind. Fields absent from one kind simply do not appear in that response (no nulls, no placeholders):| Feature array | User Verification (KYC) | Business Verification (KYB) |
|---|---|---|
id_verifications | ✅ | — |
liveness_checks | ✅ | — |
face_matches | ✅ | — |
nfc_verifications | ✅ | — |
poa_verifications | ✅ | — |
database_validations | ✅ | — |
registry_checks | — | ✅ |
document_verifications | — | ✅ |
key_people_checks | — | ✅ |
aml_screenings | ✅ | ✅ |
phone_verifications | ✅ | ✅ |
email_verifications | ✅ | ✅ |
questionnaire_responses | ✅ | ✅ |
ip_analyses | ✅ | ✅ |
reviews | ✅ | ✅ |
contact_details | ✅ | ✅ |
Shared top-level fields
Every session (both kinds) carries these fields:| Field | Description |
|---|---|
session_id | UUID of the session |
session_kind | "user" (User Verification / KYC) or "business" (Business Verification / KYB) |
session_number | Sequential number within the application |
session_url | Hosted verification URL |
status | Overall session status — APPROVED, DECLINED, IN_REVIEW, IN_PROGRESS, etc. |
workflow_id | UUID of the workflow used |
vendor_data | Your identifier for the entity. Learn more |
metadata | Free-form JSON you attached on creation |
callback | Optional callback URL |
features | Comma-separated feature list the workflow runs |
expected_details | Optional expected-data payload for cross-validation |
created_at, expires_at | Timestamps |
Endpoints covered
The following endpoints all accept either kind. No separate/v3/business-session/* paths.
| Endpoint | Works for |
|---|---|
POST /v3/session/ | Creates a User Verification or Business Verification session based on workflow type |
GET /v3/session/{id}/decision/ | Retrieves either kind — dispatches on session_id |
GET /v3/sessions | Lists either kind. Use session_kind query parameter to filter |
PATCH /v3/session/{id}/update-status/ | Updates either kind |
DELETE /v3/session/{id}/delete/ | Deletes either kind |
GET /v3/session/{id}/generate-pdf | Generates a PDF for either kind — routes to the User Verification or Business Verification template |
POST /v3/session/{id}/share/ | Share token includes session_kind |
POST /v3/session/import-shared/ | Imports either kind — preserves session_kind from the token |
How lookups work
User Verification and Business Verification sessions live in different database tables. IDs use UUIDs so collisions are impossible. When you call an endpoint with asession_id, Didit:
- Looks up the id in the User Verification table first (covers most traffic).
- Falls back to the Business Verification table if not found.
- Returns 404 if neither table has a match.
Statuses are identical
Status values are the same for both kinds:NOT_STARTED, IN_PROGRESS, APPROVED, DECLINED, IN_REVIEW, ABANDONED, EXPIRED, RESUBMITTED, AWAITING_USER. See verification statuses for the full reference.
Webhooks
Webhook events already carry asession_kind field so your webhook handlers can dispatch per kind:
| Event | Kind | Fires when |
|---|---|---|
status.updated | Both | A session’s status changed. Payload carries session_kind: "user" or "business". |
data.updated | Both | A session’s data changed (feature results, registry refresh, ongoing AML). Payload carries session_kind. |
business.status.updated / business.data.updated | Business entity | The linked Business entity changed. |
user.status.updated / user.data.updated | User entity | The linked User entity changed. |
Next steps
Create session
Start a verification — User Verification or Business Verification.
Retrieve session
Fetch the decision. Works for both kinds.
List sessions
Filter by
session_kind.Update status
Approve, decline, review, resubmit.
Generate PDF
Per-kind PDF reports.
Share + import
Move sessions between apps.