k-ID now publishes an official bundle of Agent Skills — small, composable instruction packs that teach an AI coding agent how to integrate k-ID correctly across every jurisdictional regime k-ID supports: COPPA (US), GDPR-Kids (EU), UK AADC, the UK Online Safety Act, Brazil ECA Digital, Australia Online Safety / social media minimum age, and other regional requirements. They work with 35+ AI coding tools, including Claude Code, Cursor, OpenAI Codex, GitHub Copilot, and Gemini CLI.

What's new​

• Eight focused skills cover the k-ID integration surface end-to-end: age gate, parental consent, age verification and assurance (including verifiedAgeThreshold flows for high-risk permissions), sessions and permissions, webhooks, plus cross-cutting adjuncts for server trust boundary and mobile/native.
• Cross-jurisdictional by design. The same skills drive integrations for COPPA, GDPR-Kids, UK AADC, UK OSA, Brazil ECA Digital, and Australia Online Safety — jurisdictional behaviour is configured server-side in Compliance Studio, not branched in client code.
• One-command install for Claude Code via the plugin marketplace; one-line git clone for all other compatible tools.
• Open standard — the skills follow the Agent Skills specification and work with any compatible agent, not just one vendor.
• Doc-first contract — skills encode integration patterns and known pitfalls, and link back to this documentation site for API shapes, so they never drift out of sync with the API.

Try it​

• Read Integrate with AI coding agents for the per-tool install matrix and usage guide.
• Visit the repo at github.com/kidentify/skills.

Learn more​

• Integrate with AI coding agents
• Agent Skills specification
• Agent Skills client showcase
• API overview

A new quick start guide for AI-specific products is now available, alongside an AI permissions category in the Compliance Studio reference.

What's new​

• AI products quick start. Walks you through end-to-end integration for AI products: configuring AI permissions in Compliance Studio, collecting parental consent, gating AI features, and responding to permission changes.
• AI permissions category. The permissions reference now lists the AI category with its seven permissions: ai-chat, ai-media-generation, ai-voice-mode, ai-memory, ai-companion-chatbot, ai-media-upload, and ai-model-training.

Documentation​

• AI products quick start
• Permissions

Default rate limits for the k-ID API and for user-facing age verification and parental consent flows are now documented on a dedicated page.

What's new​

• API rate limits. Calls to the k-ID API are limited per product: 500 RPS in live mode and 10 RPS in test mode. Requests over the limit return HTTP 429 Too Many Requests.
• Age verification and parental consent flow rate limits. User-facing flows are limited per product: 100 RPS in live mode and 20 RPS in test mode. When the limit is hit, the user sees an in-flow error asking them to wait and try again (no 429 is surfaced to your server).
• Requesting an increase. These are defaults. Contact your k-ID representative if your product needs higher capacity.
• Prelaunch checklists updated. Both the CDK and AgeKit+ prelaunch checklists now reference rate limits explicitly and link to the new page, since live mode ceilings are significantly higher than test mode.

Documentation​

• Rate limits
• Error handling
• CDK prelaunch checklist
• AgeKit+ prelaunch checklist

Today's release adds two new Compliance Studio capabilities and a new developer guide for the COPPA 2026 Rule Amendments.

What's new​

• Mock Providers / Real Providers toggle. Verification flows running in Test Mode now show a TEST MODE toolbar with a switch between Mock Providers (the default) and Real Providers. Mock Providers presents a built-in simulator that lets you submit personas (Adult, Teen, Child, or Passes / Fails Age Check), enter a custom age range or date of birth, and simulate Inconclusive or Fraudulent failures. Submissions flow through the same server path as real providers, so webhooks, sessions, and DOM events behave identically.
• Verification method ordering. Each enabled method on the Assurance and Verification tab now has a drag handle. Drag methods to change the order shown to users in the Family Connect widget, use Reset to default order to restore the k-ID default, and apply different orders per-market via Market Specific Rules.
• New Compliance Guides section. A new top-level docs section for compliance playbooks launches today with its first entry: 2026 COPPA Rule Amendments. The guide walks COPPA-subject operators through the configuration updates needed before the April 22, 2026 enforcement date.

Documentation​

• Verification methods: mock and real providers
• Adult verification → Ordering verification methods
• Compliance Guides → 2026 COPPA Rule Amendments

You can now configure each verification method listed under the Assurance and Verification tab as Fallback only, in addition to enabled or disabled.

What's new​

• Fallback only: A method with this setting is offered only after the user has attempted another verification method and that attempt didn't produce an age signal (no conclusive age determination). It won't appear in the initial list of methods.
• Why it helps: You can keep a stronger or alternative method in reserve for cases where a lighter method couldn't reach a verification outcome, without showing every option up front.

Documentation​

• Adult verification: Assurance and Verification tab, where you enable, disable, or set Fallback only on each verification method
• Verification methods: overview of verification behavior, including a callout on Fallback only

Age verification creation responses (from endpoints such as POST /age-verification/perform-access-age-verification) now include shortUrl in addition to id and url.

What's new​

• Compact link: shortUrl is a shorter link that redirects to the same verification experience as the full url. Use it when a long query string is a poor fit, for example for QR codes or when the user completes verification on another device.
• Full URL unchanged: The session JWT remains on the full url (token query parameter). Don't try to shorten or rebuild that URL yourself.
• Opaque value: Treat shortUrl as an opaque string. Display or encode it as returned, and don't rely on a fixed path or query layout, which might change in the future.

Learn more​

• Perform access age verification
• Waterfall flow
• Age verification quick start
• Single-method flow
• Mobile apps

We've published end-to-end documentation for platform age signals: how Apple iOS, Google Play, Xbox, Meta Horizon, and k-ID age data flows into k-ID, when the age gate can be skipped, and how verified versus unverified signals interact with high-risk permissions and age assurance.

What's New​

CDK — Platform age signals​

• Platform age signals — Quick integration paths, API map, recommended request sequence, how POST /age-gate/check uses a platform signal, supported platforms and verified declaration types, and verified versus unverified signal behavior.
• Platform signal details — Per-platform field shapes, how to obtain each native signal, endpoint-by-endpoint notes (get-requirements, check, get-default-permissions, session/get, get-platform-age-range, session/upgrade), validation, age conflicts, and k-id signal rules.

Concepts and related documentation​

• Age signals — How platform age signals fit alongside other signal types and where to go for PlatformAgeSignal integration details.
• Age assurance for high-risk features and Permissions — Cross-linked behavior for verifiedAgeThreshold and verified platform signals at the age gate.

API reference (OpenAPI)​

Descriptions for session upgrade, AgeVerification, and platformAgeSignal now use verified platform signal wording consistently with the docs above.

Documentation​

• Platform age signals
• Platform signal details
• Age signals
• Age assurance for high-risk features
• Permissions

We've added a new Browser and device compatibility page to the docs so you can quickly check which browsers and devices are supported for our age verification flows.

What's New​

Browser and device compatibility​

The new page lists minimum browser versions for desktop and mobile, plus requirements for embedded browsers (ASWebAuthenticationSession on iOS, Chrome Custom Tabs on Android). This consolidates the combined compatibility requirements across our verification providers into a single reference.

New documentation​

• Browser and device compatibility

We've released Account System Product, a capability that lets your organization's central account or platform product create authentication challenges and sessions on behalf of other products in your organization using a single API key and an optional header.

What's New​

Account System Product​

When a product is enabled as an Account System Product in Compliance Studio, you can call certain k-ID APIs on behalf of other (non–account system) products in the same organization by sending the Kid-Target-Product-Id header with the target product's ID. You use your Account System Product's API key; no need to manage or rotate keys per target product.

Supported endpoints:

• /age-gate/check
• /challenge/send-email
• /challenge/generate-otp

Parents see only the target product's configuration (notices, permissions, branding). Both the account system product and the target product receive webhooks for each event, with onBehalfOfProductId and initiatedByProductId so you can attribute cross-product flows.

Account System Product works with multi-product approval: you can set the Account System Product as an essential product of a target so the parent approves both in one flow.

Documentation​

• Account System Product – implementation guide, configuration steps, webhook payloads, and security

We've documented additional legal links in Developer Details and the new options parameter on the Check age gate API so you can show platform-specific legal documents (e.g., Xbox, PlayStation, Steam) in consent flows.

What's New​

Additional legal links (Developer Details)​

In Compliance Studio, on the Developer Details tab for a product, you can now add optional Additional legal links that appear in consent flows:

• Title and Link: Localized display title and URL (same language options as your main legal documents).
• Variant ID: Identifier used when calling the Check age gate API (e.g., xbox-tos, playstation-privacy-policy). Required if Always display is off.
• Always display: When on (default), the link is always shown in consent flows. When off, the link is only shown when your game calls the age-gate API with the matching variant ID in options.

Use these when your game is distributed on multiple platforms and each platform requires different legal document URLs.

Check age gate API — options parameter​

The POST /api/v1/age-gate/check request body now supports an optional options object:

• termsOfServiceDocument: Variant ID for Terms of Service (must match a configured additional legal link).
• privacyPolicyDocument: Variant ID for Privacy Policy (must match a configured additional legal link).
• additionalLegalLinks: Array of variant IDs for extra legal documents to display with ToS and Privacy Policy (each must match a configured additional legal link).

When a challenge is created, the consent screen shows the requested legal links instead of the default product Privacy Policy and Terms of Service.

Documentation​

• Developer Details — Basic information (including Additional legal links)
• Check age gate (request body and CheckAgeGateRequestOptions)