SDKs

Xident is a backend-first integration. Server SDKs create sessions and read verification results with your secret key. Any language works directly against the REST API with two HTTP calls. Building a native app? See the Mobile apps guide.

The secret key

The secret key (sk_live_ / sk_test_) authenticates the whole flow — creating sessions (POST /verify/v1/init) and reading results (GET /verify/v1/result/{token}) — via the X-API-Key header. Find it in your dashboard.

Security: Never put your secret key (sk_live_) in client-side code, mobile apps, or anywhere users can inspect it. It grants full API access to your account. A publishable key (pk_live_) exists for optional client-side widget embedding — see Core Concepts — but the standard integration does not need it.

Which SDK Should I Use?

Node.js / Deno / Bun backend?

Use the Node.js SDK with your secret key. TypeScript-first, works everywhere.

Go backend?

Use the Go SDK with your secret key. Zero dependencies, context-aware, functional options.

Python backend?

Use the Python SDK with your secret key. Async-ready, Python 3.9+.

PHP backend?

Use the PHP SDK with your secret key. PHP 8.1+, zero dependencies.

Native mobile app (Android / iOS)?

Do init and result on your backend with a server SDK (secret key). The app just opens verify_url and handles the callback — see the Mobile apps guide.

SDK Comparison

SDK Package Install Command Key Type Minimum Version
Node.js @xident/node npm i @xident/node Secret (sk_) Node 18+
Go github.com/xident-io/go-sdk go get github.com/xident-io/go-sdk Secret (sk_) Go 1.21+
Python xident pip install xident Secret (sk_) Python 3.9+
PHP xident-io/php-sdk composer require xident-io/php-sdk Secret (sk_) PHP 8.1+

Which Key Does Each SDK Use?

SDK Key Type Auth Header Environment
Node.js sk_live_ (secret) X-API-Key: sk_live_... Server
Go sk_live_ (secret) X-API-Key: sk_live_... Server
Python sk_live_ (secret) X-API-Key: sk_live_... Server
PHP sk_live_ (secret) X-API-Key: sk_live_... Server
REST API sk_live_ (secret) X-API-Key: sk_live_... Any

Verification Flow

  1. 1. Backend: Create session -- Your server uses a server SDK (secret key) to call Verification.Init(). You receive an init token and a verifyURL.
  2. 2. Redirect user -- Send the user's browser to verifyURL. The verification widget handles liveness, age check, and/or document capture.
  3. 3. Callback redirect -- When verification finishes, Xident redirects the user back to your callback_url with ?status=…&token=xtk_…&user_id=….
  4. 4. Backend: Read result -- Your server calls Verification.GetResult(token) with the xtk_ token to read the result server-side. Never trust URL parameters alone. (Signed webhooks are also available as an optional server-to-server notification — see the server SDKs.)

Server SDKs

Server SDKs wrap the Xident REST API for creating sessions, verifying results, and validating webhook signatures. Use these on your backend.

SDK Package Status Description
Node.js @xident/node Available TypeScript-first SDK for Node.js, Deno, and Bun.
Go github.com/xident-io/go-sdk Available Zero-dependency Go client. Context-aware, functional options.
Python xident Available Async-ready SDK for Python 3.9+.
PHP xident-io/php-sdk Available PHP 8.1+ SDK. Zero dependencies, native cURL.

Mobile apps

For native Android and iOS apps, your backend creates the session and reads the result (secret key); the app opens verify_url and handles the callback. See the Mobile apps guide.

Don't See Your Language?

All Xident functionality is available through the REST API. Create a session and verify results with two HTTP calls from any language using the X-API-Key header with your secret key:

Create a Verification Session

curl -X POST https://api.xident.io/verify/v1/init \
  -H "X-API-Key: sk_live_your_secret_key" \
  -H "Content-Type: application/json" \
  -d '{"callback_url": "https://yoursite.com/webhook", "min_age": 18}'

Check Verification Result

curl https://api.xident.io/verify/v1/result/xtk_abc123 \
  -H "X-API-Key: sk_live_your_secret_key"

Next Steps