On sandbox, verifications are auto-approved immediately — no email is sent. See Identity Verifications overview.
Request Body
Email address for the user. Lowercased on input. Must match the email they will use when registering on DHMAD.
Your internal user or seller ID. Returned in webhooks so you can update your database.
URL to redirect the user after they complete Didit. Must match one of your allowed redirect URLs in developer settings. Must use HTTPS in production (
http://localhost allowed for development).Optional key-value pairs (string values, max 500 characters each). Not returned in webhooks; stored on the verification record.
Response Fields
There is no
verification_url field. The Didit link is only delivered by email to the end user.Duplicate pending sessions
If youPOST again with the same developer account and email while a pending session exists, the API returns 200 with the existing record and may resend the invite email (5-minute cooldown between resends).
Error Responses
User already has approved KYC on DHMAD:After creation, subscribe to
identity.verification.updated and identity.verification.linked webhooks. See the Webhooks guide.