For a full integration walkthrough, see KYC for marketplaces.
What you get
Pre-account verification
Verify sellers or buyers during your onboarding, even without a DHMAD account
Email-based flow
DHMAD emails the Didit link — the session URL is never returned to your API
Automatic linking
Approved KYC attaches when the user registers with the same email
Webhooks
identity.verification.updated and identity.verification.linked eventsEndpoints
| Method | Path | Description |
|---|---|---|
POST | /api/v1/identity-verifications | Create session and send invite email |
GET | /api/v1/identity-verifications/:id | Get status |
GET | /api/v1/identity-verifications?email= | List by email |
Typical flow
- Create —
POSTwithemail, optionalexternal_user_id, optionalredirect_url - User completes Didit — from the DHMAD verification email (production only)
- Webhook —
identity.verification.updatedwhen status becomesapprovedorrejected - User registers on DHMAD — same email, email OTP verified
- Webhook —
identity.verification.linkedwithlinked_user_id
Important constraints
Response fields (common)
| Field | Description |
|---|---|
id | Verification record ID |
email | User email (lowercased) |
external_user_id | Your reference, if provided |
kyc_status | pending, approved, or rejected |
claim_status | pending until linked to a DHMAD user |
linked_user_id | DHMAD user ID after registration, or null |
verification_email_sent | Whether the invite email was sent |
verification_email_sent_at | ISO timestamp of last invite email |
expires_at | Record expiry hint (default 90 days) |
Error codes
| Status | Meaning |
|---|---|
409 | DHMAD user with this email already has approved KYC (user_exists: true) |
400 | Invalid email, invalid ID, or redirect_url not in allowed list |
403 | Blocked email domain |
404 | Verification not found (or not owned by your developer account) |
Sandbox behavior
When usinghttps://sandbox.dhmad.tn/api/v1 with a sk_sandbox_* key:
- New verifications are auto-approved immediately
- No Didit flow and no verification email
- Webhook
identity.verification.updatedfires withstatus_source: "sandbox"
Monitoring in the dashboard
View sessions started by your API keys in Developer Dashboard → Identity verifications. Document images and full Didit payloads are not shown — use webhooks or the GET endpoints from your backend.Related
- KYC for marketplaces — step-by-step integration guide
- Webhooks — event payloads
- OAuth userinfo — read
kyc_verifiedfor connected users