Skip to main content

AgeKit: Universal Age API

Introduction

AgeKit is k-ID's Universal Age API that provides instant access to digital consent age requirements and regulatory information across 195+ countries and 240+ jurisdictions. With a single API integration, you can determine whether age gates should be displayed and understand local age requirements for digital consent and data processing compliance.

The API returns comprehensive age gate requirements based on a user's jurisdiction, helping you implement appropriate age verification flows, understand local regulations, and ensure global compliance while optimizing user experiences.

Key Features

  • Global Coverage: 195+ countries and 240+ jurisdictions
  • Regulatory Intelligence: Real-time access to local age requirements
  • Privacy-First: Minimal data processing with no personal data retention
  • Always Current: Monthly regulatory updates
  • Simple Integration: Single endpoint for worldwide compliance

Base URL

https://game-api.k-id.com/api/v1/

Authentication

All API requests require authentication using a Bearer token in the Authorization header. This token is provided to you in your AgeKit welcome email.

Authorization: Bearer YOUR_API_KEY

⚠️ Security Best Practice: Never include your API key in client-side code or frontend applications. This endpoint is designed for server-to-server communication only.

Endpoint: Get Age Gate Requirements

GET /age-gate/get-requirements

Fetches the requirements to display an age gate based on the player's jurisdiction. This endpoint helps you determine whether an age gate should be shown, what the local age requirements are, and which age collection methods are approved in the jurisdiction.

Parameters

ParameterTypeRequiredDescription
jurisdictionstringYesThe jurisdiction as an ISO 3166-1 alpha-2 country code (e.g., "US") or ISO 3166-2 subdivision code (e.g., "US-CA"). Subdivision codes are recommended when available.

Request Examples

curl -X GET "https://game-api.k-id.com/api/v1/age-gate/get-requirements?jurisdiction=US-CA" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"

Response Format

Success Response (200 OK)

{
"shouldDisplay": true,
"ageAssuranceRequired": true,
"digitalConsentAge": 13,
"civilAge": 18,
"minimumAge": 0,
"approvedAgeCollectionMethods": [
"date-of-birth",
"age-slider",
"platform-account"
]
}

Response Fields

FieldTypeRequiredDescription
shouldDisplaybooleanYesIndicates whether the age gate should be displayed to the player based on local regulations
ageAssuranceRequiredbooleanYesWhether age assurance (verification) is required for players in this jurisdiction
digitalConsentAgeintegerYesThe minimum age at which a player can provide digital consent for data processing
civilAgeintegerYesThe civil/contract age at which a player is considered a legal adult in the jurisdiction
minimumAgeintegerYesThe minimum age required to access the platform/game (typically 0 unless restricted)
approvedAgeCollectionMethodsarrayYesList of approved methods for collecting age signals from players in this jurisdiction

Age Collection Methods

The approvedAgeCollectionMethods array may contain:

Approved Collection MethodDescription
date-of-birthFull date of birth (YYYY-MM-DD)
age-sliderAge range or approximate age selection
platform-accountUsing existing platform account age verification

Jurisdiction Format

Jurisdictions should be provided as:

  • ISO 3166-1 alpha-2 country codes: US, GB, DE, AU
  • ISO 3166-2 subdivision codes: US-CA, GB-ENG, DE-BY, AU-NSW

Recommendation: Always use subdivision codes when available for more precise regulatory compliance.

Error Responses

HTTP 400 - Bad Request

{
"error": "INVALID_INPUT",
"errorMessage": "Invalid jurisdiction"
}

Best Practices

Security

  • Never expose your API key: Keep your API key secure and never include it in client-side code
  • Use environment variables: Store your API key in environment variables, not in source code
  • Server-side only: Make all API calls from your backend servers, not from browsers or mobile apps
  • HTTPS only: Always use HTTPS for API requests to protect your API key in transit

Performance

  • Cache responses: Cache age gate requirements for jurisdictions to reduce API calls
  • Error handling: Implement proper error handling and retry logic with exponential backoff

Implementation

  • Handle regional variations: Use subdivision codes (US-CA, GB-ENG) when available for accurate compliance
  • Graceful degradation: Have fallback logic if the API is temporarily unavailable
  • User experience: Use the shouldDisplay flag to conditionally show age gates only when required