Existing account (Digital ID Match)

AI Tools

Digital ID Match is a service that allows your business to check whether one of its users (new or existing) has a Yoti account by sending the user’s email address or mobile number to our API.

Yoti will respond with the result as to whether the user has a Yoti Digital ID app account with a verified ID, and if so, will enable the relying party to request that information securely via a Yoti QR share.

Users will receive a push notification on their phone that a search has been carried out. We will also send a POST notification to an endpoint that you specify in your request.

Important

You must inform the user that you are carrying out this search. Users are able to opt out of the search from within their Digital ID account.

To perform the search you must have an active Yoti service generated through the Hub.

Request Access

To use Digital ID Match, the service needs to be enabled for your organisation by the Yoti team. Please contact your account manager or our support team to request access.

POST https://api.yoti.com/did/v1/matches

SDK integration

You will need to ensure the latest version of the Yoti backend SDK is installed.

// Get the Yoti Node SDK library via the NPM registry npm install yoti
// If you are using Maven, add the following dependency: <dependency> <groupId>com.yoti</groupId> <artifactId>yoti-sdk-api</artifactId> <version>3.11.0</version> </dependency> // If you are using Gradle, add the following dependency: compile group: 'com.yoti', name: 'yoti-sdk-api', version: '3.11.0'
// Get the Yoti PHP SDK library via a Composer package composer require yoti/yoti-php-sdk
# Get the Yoti Python SDK library pip install yoti
// To install the Yoti NuGet package, you need to install NuGet Package Manager. After that, enter the following command in the console: Install-Package Yoti // For other installation methods, see https://www.nuget.org/packages/Yoti
// Simply add this as an import: import "github.com/getyoti/yoti-go-sdk/v3" // Or add the following line to your go.mod file require github.com/getyoti/yoti-go-sdk/v3 v3.14.0

Once you have added the Yoti SDK to your project, the check can be performed as shown in the code snippet below:

const yoti = require("yoti"); const fs = require("fs"); const sdkId = "YOUR_SDK_ID"; const pem = fs.readFileSync("path-to-pem-file"); const body = {JSON_BODY}; //see below const request = new yoti.RequestBuilder() .withBaseUrl("https://api.yoti.com/did") .withPemString(pem) .withEndpoint("/v1/matches") .withPayload(new yoti.Payload(body)) .withMethod("POST") .withHeader("X-Yoti-Auth-Id", sdkId) .build();
byte[] JSON_BODY = ... //see below try { SignedRequest signedRequest = SignedRequestBuilder.newInstance() .withKeyPair("<YOTI_KEY_FILE_PATH>") .withBaseUrl("https://api.yoti.com/did") .withEndpoint("/v1/matches") .withPayload(JSON_BODY) .withHttpMethod("POST") .withHeader("X-Yoti-Auth-Id", "<YOTI_CLIENT_SDK_ID>") .build(); YourPojo yourPojo = signedRequest.execute(YourPojo.class); } catch (GeneralSecurityException | URISyntaxException | IOException | ResourceException ex) { ex.printStackTrace(); }
<?php use Yoti\Http\RequestBuilder; use Yoti\Http\Payload; $JSON_BODY = [ ... //see below ]; $request = (new RequestBuilder()) ->withBaseUrl('https://api.yoti.com/did') ->withPemFilePath('<YOTI_KEY_FILE_PATH>') ->withEndpoint('/v1/matches') ->withPayload(Payload::fromJsonData(JSON_BODY)) ->withHeader('X-Yoti-Auth-Id', '<YOTI_CLIENT_SDK_ID>') ->build() //get Yoti Response ->execute(); // * For JSON data in Version >3 please use Payload::fromJsonData(JSON_BODY)
from yoti_python_sdk.http import SignedRequest, RequestHandler import json import requests def execute(request): response = requests.request( url=request.url, data=request.data, headers=request.headers, method=request.method) return response.content def generate_session(): payload = {} # see below payload_string = json.dumps(payload).encode() signed_request = ( SignedRequest .builder() .with_pem_file("<YOTI_KEY_FILE_PATH>") .with_base_url("https://api.yoti.com/did") .with_endpoint("/v1/matches") .with_http_method("POST") .with_header("X-Yoti-Auth-Id", "<YOTI_CLIENT_SDK_ID>") .with_payload(payload_string) .build() ) # get Yoti response response = signed_request.execute() response_payload = json.loads(response.text)
using System; using System.IO; using System.Net.Http; using System.Text; using Microsoft.AspNetCore.Mvc; using Yoti.Auth.Web; HttpClient httpClient = new HttpClient(); StreamReader privateKeyStream = System.IO.File.OpenText(_pemFilePath); string serializedRequest = Newtonsoft.Json.JsonConvert.SerializeObject(new { JSON_BODY // See below }); byte[] byteContent = Encoding.UTF8.GetBytes(serializedRequest); Uri _baseUrl = new UriBuilder("https", "api.yoti.com", 443, "did").Uri; Yoti.Auth.Web.Request DIDMatchRequest = new RequestBuilder() .WithStreamReader(privateKeyStream) .WithBaseUri(_baseUrl) .WithEndpoint("/v1/matches") .WithHttpMethod(HttpMethod.Post) .WithContent(byteContent) .WithHeader("X-Yoti-Auth-Id", "<YOTI_CLIENT_SDK_ID>") .WithQueryParam("secure", true") .Build(); // Send Request HttpResponseMessage response = DIDMatchRequest.Execute(httpClient).Result;
import ( "io/ioutil" "net/http" "github.com/getyoti/yoti-go-sdk/v2/requests" ) key, _ := ioutil.ReadFile("<YOTI_KEY_FILE_PATH>") // Create request request, _ := requests.SignedRequest{ HTTPMethod: http.MethodPost, BaseURL: "https://api.yoti.com/did", Endpoint: "/v1/matches", Headers: map[string][]string{ "Content-Type": {"application/json"}, "Accept": {"application/json"} "X-Yoti-Auth-Key": {"<YOTI_CLIENT_SDK_ID>"}, }, Body: func(data []byte, _ error) []byte { return data }(json.Marshal(jsonobj{ data }, // see below })), }.WithPemFile(key).Request() //get Yoti response response, _ := http.DefaultClient.Do(request)

Request body

{ value: "someone@mail.com", // +447444 444 444 - Must be an email address or phone number notification: { // required url: "https:/example.com/notification?example=query-param", method: "POST", verifyTls: true, headers: { "ANY-HTTP-HEADER": "the-header-value", "ANOTHER-HTTP-HEADER": "another-header-value", }, }, };

Key

Required

Description

Example Value

value

Yes

This can either be the user's email address or phone number. Phone numbers must include the country code.

melissa.peterson@yoti.com +447444444444

notification

Yes

Yoti will send a notification with the results to an endpoint. You can specify any headers needed.


url

Yes

The URL of your notification endpoint. Include any query parameters here.

https://yoti.com

method


The API method for the notification. Default value is POST

POST

verifyTls

No

Confirms that your notification endpoint needs TLS verification.

true

headers

No

Any HTTP headers for your notification endpoint.


Response

A successful search will return a transaction ID and the result:

{ "id": "a-unique-transaction-id", "result": "NO_ACCOUNT_FOUND" }
{ "id": "Yzt0sbVOSauDWPwMQvumjQ", "status": 400, "error": "INVALID_PAYLOAD", "message": "An error message from the server" }
{ "id": "Yzt0sbVOSauDWPwMQvumjQ", "status": 401, "error": "INVALID_REQUEST_SIGNATURE", "message": "Invalid request signature" }
{ "id": "Yzt0sbVOSauDWPwMQvumjQ", "status": 403, "error": "DISABLED_APP", "message": "An error message from the server" }
{ "id": "Yzt0sbVOSauDWPwMQvumjQ", "status": 500, "error": "INTERNAL_SERVER_ERROR", "message": "An error message from the server" }
Transaction ID

You should record this ID and securely store it together with the searched email address or phone number. If a user reports on their Digital ID app that the search was not triggered by them, you can cross-reference this information with the webhook notification (detailed below).

Result

Description

NO_ACCOUNT_FOUND

An account could not be found matching the provided email or phone number.

UNVERIFIED_ACCOUNT_FOUND

An account was found linked to the email or phone number, however the account does not have a verified ID added.

VERIFIED_ACCOUNT_FOUND

An account was found linked to the email or phone number, and the account has a verified ID added.

Status

Response

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

500

Server Error

Notifications

Push Notification

When performing the search, if the user has a Yoti Digital ID account, they will receive a push notification informing them that the search has taken place. This will also appear in their Activity tab. They will then have the option to confirm whether or not they agree to this.

Example:



The Company name will be the external name of your Yoti application used for performing the match. The Company URL will be the URL in the application settings. See here for information on the application set up.

Webhook Notification

Within the body you must specify an endpoint for a POST notification. This notification is sent to your backend when a user receives the push notification to their app account and actions that it is not them.

{ "specversion": "1.0", "id": "Y2el8YXnCTN6d2xa8ENADdKkE21EdNK-_CuSZrkmdHA4UdqsSD2mAXuCwLlZmZDw", "type": "com.yoti.connect.event.did.not-me", "source": "urn:yoti:connect:did", "time": "2025-05-27T12:55:04.199Z" }

Any webhook notification sent via our Digital ID service will have the same payload as defined by Cloud Events specification.

Value

Details

specversion

Version number of the Events Spec

id

The unique transaction ID from the initial response

type

Yoti notification type

source

Yoti service sending the notification

time

The time the user confirmed it wasn't them in UTC.