Digital ID Match

Digital ID Match is a service that allows your business to check whether one of their users (new or existing) has a Yoti account by sending the user’s email address or mobile number to our API.

Yoti will respond with the result as to whether the user has a Yoti Digital ID app account with a verified ID and if so, will enable the relying party to request that information securely via a Yoti QR share.

Users will receive a push notification on their phone that a search has been carried out. We will also send a POST notification to an endpoint that you specify in your request.

You must inform the user that you are carrying out this search. Users are able to opt out of the search from within their Digital ID account.

Search

To perform the search you must have an active Yoti service generated through the Hub, see here for details on how to generate the keys for this.

To use Digital ID Match, the service needs to be enabled for your organisation by the Yoti team. Please contact your account manager or our support team to request access.

HTTP
    
 
POST https://api.yoti.com/did
Copy

SDK integration

You will need to ensure the latest version of the Yoti backend SDK is installed.

Node.js
Java
PHP
Python
C#
Go
    
 
// Get the Yoti Node SDK library via the NPM registrynpm install yoti
Copy

Once you have added the Yoti SDK to your project, the check can be performed as shown in the code snippet below:

Node.js
Java
PHP
Python
C#
Go
    
​x
 
const yoti = require("yoti");const fs = require("fs");​const sdkId = "YOUR_SDK_ID";const pem = fs.readFileSync("path-to-pem-file");​const body = {JSON_BODY}; //see below​const request = new yoti.RequestBuilder()  .withBaseUrl("https://api.yoti.com/did")  .withPemString(pem)  .withEndpoint("/v1/matches")  .withPayload(new yoti.Payload(body))  .withMethod("POST")  .withHeader("X-Yoti-Auth-Id", sdkId)  .build();
Copy

Request body

JSON
    
 
{  value: "someone@mail.com", // +447444 444 444 - Must be an email address or phone number  notification: {    url: "https:/example.com/notification?example=query-param",    method: "POST",    verifyTls: true,    headers: {      "ANY-HTTP-HEADER": "the-header-value",      "ANOTHER-HTTP-HEADER": "another-header-value",    },  },};
Copy

Key	Description	Example Value
value	This can either be the user's email address or phone number. Phone numbers must include the country code.	melissa.peterson@yoti.com +447444 444 444
notification	Yoti will send a notification with the results to an endpoint. You can specify any headers needed.
url	The URL of your notification endpoint. Include any query parameters here.	https://yoti.com
method	The API method for the notification.	POST
verifyTls	Confirms that your notification endpoint needs TLS verification.	true
headers	Any HTTP headers for your notification endpoint.

Response

A successful search will return a transaction ID and the result:

201
400
401
403
500
    
 
{"id": "a-unique-transaction-id","result": "NO_ACCOUNT_FOUND"}
Copy

You should record this ID and securely store it together with the searched email address or phone number. If a user reports on their Digital ID app that the search was not triggered by them, you can cross-reference this information with the webhook notification (detailed below).

Result	Description
NO_ACCOUNT_FOUND	An account could not be found matching the provided email or phone number.
UNVERIFIED_ACCOUNT_FOUND	An account was found linked to the email or phone number, however the account does not have a verified ID added.
VERIFIED_ACCOUNT_FOUND	An account was found linked to the email or phone number, and the account has a verified ID added.

Status	Response
201	Created
400	Bad Request
401	Unauthorized
403	Forbidden
500	Server Error

Notifications

Push Notification

When performing the search, if the user has a Yoti Digital ID account, they will receive a push notification informing them that the search has taken place. This will also appear in their Activity tab. They will then have the option to confirm whether or not they agree to this.

Example:

The Company name will be the external name of your Yoti application used for performing the match. The Company URL will be the URL in the application settings. See here for information on the application set up.

Webhook Notification

Within the body you must specify an endpoint for a POST notification. This notification is sent to your backend when a user receives the push notification to their app account and actions that it is not them.

Notification
    
 
{  "specversion": "1.0",  "id": "Y2el8YXnCTN6d2xa8ENADdKkE21EdNK-_CuSZrkmdHA4UdqsSD2mAXuCwLlZmZDw",  "type": "com.yoti.connect.event.did.not-me",  "source": "urn:yoti:connect:did",  "time": "2025-05-27T12:55:04.199Z"}
Copy

Any webhook notification sent via our Digital ID service will have the same payload as defined by Cloud Events specification.

Value	Details
specversion	Version number of the Events Spec
id	The unique transaction ID from the initial response
type	Yoti notification type
source	Yoti service sending the notification
time	The time the user confirmed it wasn't them in UTC.

Last updated on

Was this page helpful?