search
Ctrlk

Reusable KYC (Didit Integration)

Tylt supports reusable KYC via Didit using a shared-session flow, allowing merchants to reuse an end user’s completed KYC and potentially skip repeating verification.

hashtag
Overview

To enable reusable KYC:

  • The merchant completes KYC on Didit

  • The merchant must provide the Didit sessionId as part of the Create Instance API request. This is done via the userDetails object using the reserved kyc key.

  • Tylt calls a merchant-provided endpoint to retrieve the reusable KYC session. The details of the endpoint that must be exposed to Tylt are provided below.

  • The merchant generates a Didit share_token

  • Tylt imports and validates the KYC session

hashtag
Passing KYC Details to Tylt

The merchant must provide the Didit sessionId as part of the Create Instance API request. This is done via the userDetails object using the reserved kyc key. 

{
  "userDetails": {
    "kyc": {
      "source": "Didit",
      "sessionId": "string"
    }
  }
}

hashtag
Merchant Setup

The merchant must expose a secure backend endpoint that Tylt can call to retrieve a reusable KYC session.

hashtag
Standard Endpoint Specification

hashtag
Endpoint

  • Must be accessible over HTTPS

  • Must be server-to-server only

hashtag
Request (Tylt → Merchant)

hashtag
Field Definitions

Field
Type
Required
Description

merchantOrderId

string

Yes

Unique identifier for the transaction

sessionId

string

Yes

Didit session ID of completed KYC

tyltDiditApplicationId

string

Yes

Tylt’s Didit application ID

hashtag
Expected Merchant Behavior

Upon receiving the request, the merchant must:

  1. Authenticate and validate the request

  2. Verify the sessionId exists and is eligible

  3. Call Didit Share Session API internally

  4. Generate a share_token

  5. Return the token to Tylt

hashtag
Internal Didit API Call

hashtag
Endpoint

hashtag
Headers

hashtag
Body

hashtag
Response (Merchant → Tylt)

hashtag
Success

hashtag
Error

hashtag
Error Codes

Code
Description

INVALID_REQUEST

Missing or invalid fields

UNAUTHORISED

Authentication failed

SESSION_NOT_FOUND

Session does not exist

SESSION_NOT_ELIGIBLE

Session cannot be reused

SHARE_SESSION_FAILED

Didit share-session call failed

INTERNAL_ERROR

Unexpected error

hashtag
End-to-End Flow

  1. Merchant completes KYC on Didit

  2. Merchant stores sessionId

  3. Merchant sends sessionId to Tylt

  4. Tylt calls merchant endpoint

  5. Merchant calls Didit /share/ API

  6. Merchant returns shareToken

  7. Tylt imports and validates session

hashtag
Outcome

  • Valid & accepted → User skips KYC

  • Invalid / expired / rejected → Standard KYC flow

hashtag
Important Notes

  • Only completed Didit sessions are eligible

  • shareToken is time-limited and single-use

  • Merchant must use their own Didit API credentials

  • tyltDiditApplicationId must be used as for_application_id

  • Reusable KYC is subject to Tylt compliance checks

  • KYC bypass is not guaranteed

  • Merchant must ensure user consent for sharing KYC data

PreviousGet Pay-Out Transaction InformationNextTylt CPG (crypto-asset gateway )

Last updated