SDKs
Xident is a backend-first integration. Server SDKs create sessions and read verification results with your secret key. Any language works directly against the REST API with two HTTP calls. Building a native app? See the Mobile apps guide.
The secret key
The secret key (sk_live_ / sk_test_) authenticates the whole flow — creating sessions (POST /verify/v1/init) and reading results (GET /verify/v1/result/{token}) — via the X-API-Key header. Find it in your dashboard.
Security: Never put your secret key (sk_live_) in client-side code, mobile apps, or anywhere users can inspect it. It grants full API access to your account. A publishable key (pk_live_) exists for optional client-side widget embedding — see Core Concepts — but the standard integration does not need it.
Which SDK Should I Use?
Node.js / Deno / Bun backend?
Use the Node.js SDK with your secret key. TypeScript-first, works everywhere.
Go backend?
Use the Go SDK with your secret key. Zero dependencies, context-aware, functional options.
Python backend?
Use the Python SDK with your secret key. Async-ready, Python 3.9+.
PHP backend?
Use the PHP SDK with your secret key. PHP 8.1+, zero dependencies.
Native mobile app (Android / iOS)?
Do init and result on your backend with a server SDK (secret key). The app just opens verify_url and handles the callback — see the Mobile apps guide.
SDK Comparison
| SDK | Package | Install Command | Key Type | Minimum Version |
|---|---|---|---|---|
| Node.js | @xident/node | npm i @xident/node | Secret (sk_) | Node 18+ |
| Go | github.com/xident-io/go-sdk | go get github.com/xident-io/go-sdk | Secret (sk_) | Go 1.21+ |
| Python | xident | pip install xident | Secret (sk_) | Python 3.9+ |
| PHP | xident-io/php-sdk | composer require xident-io/php-sdk | Secret (sk_) | PHP 8.1+ |
Which Key Does Each SDK Use?
| SDK | Key Type | Auth Header | Environment |
|---|---|---|---|
| Node.js | sk_live_ (secret) | X-API-Key: sk_live_... | Server |
| Go | sk_live_ (secret) | X-API-Key: sk_live_... | Server |
| Python | sk_live_ (secret) | X-API-Key: sk_live_... | Server |
| PHP | sk_live_ (secret) | X-API-Key: sk_live_... | Server |
| REST API | sk_live_ (secret) | X-API-Key: sk_live_... | Any |
Verification Flow
- 1. Backend: Create session -- Your server uses a server SDK (secret key) to call
Verification.Init(). You receive an init token and averifyURL. - 2. Redirect user -- Send the user's browser to
verifyURL. The verification widget handles liveness, age check, and/or document capture. - 3. Callback redirect -- When verification finishes, Xident redirects the user back to your
callback_urlwith?status=…&token=xtk_…&user_id=…. - 4. Backend: Read result -- Your server calls
Verification.GetResult(token)with thextk_token to read the result server-side. Never trust URL parameters alone. (Signed webhooks are also available as an optional server-to-server notification — see the server SDKs.)
Server SDKs
Server SDKs wrap the Xident REST API for creating sessions, verifying results, and validating webhook signatures. Use these on your backend.
| SDK | Package | Status | Description |
|---|---|---|---|
| Node.js | @xident/node | Available | TypeScript-first SDK for Node.js, Deno, and Bun. |
| Go | github.com/xident-io/go-sdk | Available | Zero-dependency Go client. Context-aware, functional options. |
| Python | xident | Available | Async-ready SDK for Python 3.9+. |
| PHP | xident-io/php-sdk | Available | PHP 8.1+ SDK. Zero dependencies, native cURL. |
Mobile apps
For native Android and iOS apps, your backend creates the session and reads the result (secret key); the app opens verify_url and handles the callback. See the Mobile apps guide.
Don't See Your Language?
All Xident functionality is available through the REST API. Create a session and verify results with two HTTP calls from any language using the X-API-Key header with your secret key:
Create a Verification Session
curl -X POST https://api.xident.io/verify/v1/init \
-H "X-API-Key: sk_live_your_secret_key" \
-H "Content-Type: application/json" \
-d '{"callback_url": "https://yoursite.com/webhook", "min_age": 18}'
Check Verification Result
curl https://api.xident.io/verify/v1/result/xtk_abc123 \
-H "X-API-Key: sk_live_your_secret_key"
Next Steps
- Go SDK -- Server-side Go integration
- Quick Start -- backend-first end-to-end setup
- API Reference -- Full REST API documentation
- Core Concepts -- Understand verification flows and Xident ID