We've added a new Browser and device compatibility page to the docs so you can quickly check which browsers and devices are supported for our age verification flows.

What's New​

Browser and device compatibility​

The new page lists minimum browser versions for desktop and mobile, plus requirements for embedded browsers (ASWebAuthenticationSession on iOS, Chrome Custom Tabs on Android). This consolidates the combined compatibility requirements across our verification providers into a single reference.

New documentation​

• Browser and device compatibility

We've released Account System Product, a capability that lets your organization's central account or platform product create authentication challenges and sessions on behalf of other products in your organization using a single API key and an optional header.

What's New​

Account System Product​

When a product is enabled as an Account System Product in Compliance Studio, you can call certain k-ID APIs on behalf of other (non–account system) products in the same organization by sending the Kid-Target-Product-Id header with the target product's ID. You use your Account System Product's API key; no need to manage or rotate keys per target product.

Supported endpoints:

• /age-gate/check
• /challenge/send-email
• /challenge/generate-otp

Parents see only the target product's configuration (notices, permissions, branding). Both the account system product and the target product receive webhooks for each event, with onBehalfOfProductId and initiatedByProductId so you can attribute cross-product flows.

Account System Product works with multi-product approval: you can set the Account System Product as an essential product of a target so the parent approves both in one flow.

Documentation​

• Account System Product – implementation guide, configuration steps, webhook payloads, and security

We've documented additional legal links in Developer Details and the new options parameter on the Check age gate API so you can show platform-specific legal documents (e.g., Xbox, PlayStation, Steam) in consent flows.

What's New​

Additional legal links (Developer Details)​

In Compliance Studio, on the Developer Details tab for a product, you can now add optional Additional legal links that appear in consent flows:

• Title and Link: Localized display title and URL (same language options as your main legal documents).
• Variant ID: Identifier used when calling the Check age gate API (e.g., xbox-tos, playstation-privacy-policy). Required if Always display is off.
• Always display: When on (default), the link is always shown in consent flows. When off, the link is only shown when your game calls the age-gate API with the matching variant ID in options.

Use these when your game is distributed on multiple platforms and each platform requires different legal document URLs.

Check age gate API — options parameter​

The POST /api/v1/age-gate/check request body now supports an optional options object:

• termsOfServiceDocument: Variant ID for Terms of Service (must match a configured additional legal link).
• privacyPolicyDocument: Variant ID for Privacy Policy (must match a configured additional legal link).

When a challenge is created, the consent screen shows the requested legal links instead of the default product Privacy Policy and Terms of Service.

Documentation​

• Developer Details — Basic information (including Additional legal links)
• Check age gate (request body and CheckAgeGateRequestOptions)

We've updated the age verification docs to cover URL validity, expired URLs, and status checks.

What's New​

• URL validity: The verification URL is valid for 2 weeks. The expiry is in the JWT token query parameter—use the standard exp claim to check if a URL is still valid.
• Expired URLs: Call /age-verification/get-status with the saved verification ID. If not found, create a new verification.
• Status without the URL: Use get-status with the verification ID to check status anytime (e.g. after URL expiry or if the webhook was missed).
• Retention: Verifications that stay PENDING for over 2 weeks are deleted and no longer returned by get-status.

Updated documentation​

• Age verification quick start
• Waterfall flow

We've added support for redirectUrl as an optional parameter to the age gate widget endpoint.

What's New​

Age Gate Widget API Update​

The /widget/generate-age-gate-url endpoint now supports an optional redirectUrl parameter within the options object. This allows you to specify a URL to redirect to after the age gate widget completes, similar to the end-to-end widget endpoint.

The redirectUrl parameter supports HTTP/HTTPS URLs or mobile deeplinks with custom protocol schemes.

Updated API​

• /widget/generate-age-gate-url

We've updated the verification documentation to improve method field descriptions and clarify guidance.

What's New​

Verification Result Documentation​

Updated the Verification.Result webhook documentation:

• ageCategory guidance: Clarified that ageCategory is always present for PASS status and should be used for access control decisions rather than raw age values
• Method field updates:
  • Removed self-confirmation and email-confirmation from the methods field list
  • Updated age-estimation-scan description to indicate it's a facial age estimation scan that returns an age range (no DOB)

Updated Documentation​

• Verification.Result Webhook

We've clarified when to close widget UI for age verification and VPC flows, and added redirectUrl support to the MegaWidgetOptions schema.

What's New​

Widget.ExitReview Clarification​

We've updated the documentation to clarify that Widget.ExitReview is the signal that should determine when to close the UI for age verification and VPC flows.

Updated documentation:

• Age verification guide - Added guidance on listening for Widget.ExitReview to close the verification UI
• VPC guide - Added guidance on listening for Widget.ExitReview to close the VPC widget UI
• CDK embedded flow - Added guidance on listening for Widget.ExitReview to close the widget UI

All language versions (English, Japanese, Simplified Chinese, and Korean) have been updated with this clarification.

API Updates​

redirectUrl in MegaWidgetOptions​

The MegaWidgetOptions schema now includes redirectUrl support, consistent with age verification request schemas. This allows you to specify a redirect URL when using the end-to-end widget.

Updated schemas:

• MegaWidgetOptions now includes redirectUrl field with reference to #/components/schemas/RedirectUrl

This change is available in all OpenAPI specification files (English, Japanese, Simplified Chinese, and Korean).

Documentation Improvements​

Product Image Specifications​

Added recommended aspect ratios and resolutions for product images in Compliance Studio:

• Logo: 1:1 (square), 512×512px
• Banner: 3:1 (wide), 2430×810px

We've updated the Verification.Result webhook event to include the ageCategory field in FAIL status events when age data is available.

What's New​

ageCategory in FAIL Status Events​

The ageCategory field is now included in Verification.Result webhook events for FAIL status when:

• failureReason is age-criteria-not-met
• Age data is available (both age.low and age.high are present)

This provides more complete information about the user's age category even when verification fails due to age criteria not being met, enabling better analytics and logging while maintaining clear access control boundaries.

Updated Documentation​

The Verification.Result documentation has been updated to reflect this change:

• Fields table: Updated description to clarify when ageCategory is present for FAIL status
• Key differences table: Clarified when ageCategory is present for webhook events vs API endpoint
• FAIL status field presence rules: Updated to show ageCategory as "Sometimes included" with specific conditions
• Complete field matrix: Updated to show ageCategory as "sometimes²" for FAIL status in webhooks
• Example payloads: Added ageCategory to the FAIL status example to demonstrate the new behavior
• Implementation checklist: Updated guidance for handling ageCategory in FAIL status
• Implementation notes: Clarified the behavior of ageCategory for both PASS and FAIL statuses

Important Notes​

• Access control: Even when ageCategory is present in FAIL status events, it should never be used for access control decisions. Always use the status field to determine access.
• Consistency: This update applies to both webhook events and API endpoint responses
• Language support: All language versions (English, Japanese, Simplified Chinese, and Korean) have been updated

Next Steps​

• Review the updated Verification.Result documentation
• Update your integration to handle ageCategory in FAIL status events if needed
• Remember: Never use ageCategory for access control when status is FAIL, even if the field is present. Use it only for analytics, logging, or informational purposes.

We've added a comprehensive guide for managing sessions and permissions, and updated our core concepts documentation with important clarifications.

What's New​

New Guide: Managing Sessions and Permissions​

We've added a new quick start guide: Managing sessions and permissions. This guide provides step-by-step instructions for:

• Detecting permission changes using webhooks and session comparison
• Handling session deletion and revocation
• Communicating permission changes to players
• Implementing permission upgrade flows
• Understanding how challenges relate to sessions

This guide is essential for any integration that needs to respond to permission changes over time, such as when parents modify settings or players age up.

Documentation Updates​

Sessions Documentation​

The Sessions concept page has been updated with important clarifications:

• Session ID persistence: Players have exactly one session per product. The session ID persists through permission changes, but a new session ID is created if a session is revoked and the consent flow is completed again.
• Session deletion behavior: Deleted sessions return HTTP 400 with NOT_FOUND error code (not 404). This is intentional—deleted sessions should be treated as if they never existed.
• Age-up changes: Age-up events don't trigger webhook notifications. You must use session comparison to detect these changes.

Permissions Documentation​

The Permissions concept page has been enhanced with:

• managedBy field changes: Clarified that managedBy can change over time (for example, from GUARDIAN to PLAYER when a player ages up).
• Player-managed permissions: When a player requests to enable a PLAYER-managed permission via the /session/upgrade API, it's automatically enabled without creating a challenge.
• Permissions upgrade content: The permissions upgrade documentation has been merged into the Permissions page for better discoverability.

What Changed​

Merged Documentation​

• The Permissions upgrade concept page has been merged into the Permissions page. All references have been updated to point to the new location.

Next Steps​

• Review the new Managing sessions and permissions guide
• Ensure your integration handles session deletion correctly (HTTP 400 with NOT_FOUND)

If you have any questions about these updates or need assistance with your integration, please don't hesitate to reach out to our support team.

We've introduced a new Developer role in Compliance Studio with product-level access control, enabling organizations to maintain clear boundaries between different products and teams.

What's New​

Developer Role​

A new Developer role is now available in Compliance Studio. Users with the Developer role can manage products and product developer settings, but only for products they have been explicitly assigned to.

Key Features:​

• Product-level access control: Developers can be restricted to access only specific products within your organization
• Granular permissions: Each Developer role member can be assigned to their respective products, enabling product-level access control and maintaining organizational boundaries
• Product management: Developers can manage products and product developer settings for their assigned products only

Member Access Management​

A new Member Access menu has been added to the Organization settings, allowing Owners and Admins to assign product access to members with the Developer role.

How it works:​

• Access assignment: Owners and Admins can use the Member Access menu to assign specific products to Developer role members
• Multiple product assignment: You can assign multiple products to a single Developer
• Immediate effect: Product access assignments take effect immediately

Updated Documentation​

• Managing your organization