AgeKit: Universal Age API
Introduction
AgeKit is k-ID's Universal Age API that provides instant access to digital consent age requirements and regulatory information across 195+ countries and 240+ jurisdictions. With a single API integration, you can determine whether age gates should be displayed and understand local age requirements for digital consent and data processing compliance.
The API returns comprehensive age gate requirements based on a user's jurisdiction, helping you implement appropriate age verification flows, understand local regulations, and ensure global compliance while optimizing user experiences.
Key Features
- Global Coverage: 195+ countries and 240+ jurisdictions
- Regulatory Intelligence: Real-time access to local age requirements
- Privacy-First: Minimal data processing with no personal data retention
- Always Current: Monthly regulatory updates
- Simple Integration: Single endpoint for worldwide compliance
Base URL
https://game-api.k-id.com/api/v1/
Authentication
All API requests require authentication using a Bearer token in the Authorization header. This token is provided to you in your AgeKit welcome email.
Authorization: Bearer YOUR_API_KEY
⚠️ Security Best Practice: Never include your API key in client-side code or frontend applications. This endpoint is designed for server-to-server communication only.
Endpoint: Get Age Gate Requirements
GET /age-gate/get-requirements
Fetches the requirements to display an age gate based on the player's jurisdiction. This endpoint helps you determine whether an age gate should be shown, what the local age requirements are, and which age collection methods are approved in the jurisdiction.
Parameters
Parameter | Type | Required | Description |
---|---|---|---|
jurisdiction | string | Yes | The jurisdiction as an ISO 3166-1 alpha-2 country code (e.g., "US") or ISO 3166-2 subdivision code (e.g., "US-CA"). Subdivision codes are recommended when available. |
Request Examples
- cURL
- JavaScript
- Python
- PHP
- C#
curl -X GET "https://game-api.k-id.com/api/v1/age-gate/get-requirements?jurisdiction=US-CA" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"
const axios = require('axios');
async function getAgeGateRequirements(jurisdiction) {
try {
const response = await axios.get('https://game-api.k-id.com/api/v1/age-gate/get-requirements', {
params: { jurisdiction },
headers: {
'Authorization': `Bearer ${process.env.AGEKIT_API_KEY}`,
'Accept': 'application/json'
}
});
return response.data;
} catch (error) {
console.error('Error fetching age gate requirements:', error.response?.data || error.message);
throw error;
}
}
// Usage
getAgeGateRequirements('US-CA')
.then(result => {
console.log('Should display age gate:', result.shouldDisplay);
console.log('Digital consent age:', result.digitalConsentAge);
console.log('Approved methods:', result.approvedAgeCollectionMethods);
})
.catch(error => console.error(error));
import requests
import os
def get_age_gate_requirements(jurisdiction):
url = "https://game-api.k-id.com/api/v1/age-gate/get-requirements"
headers = {
"Authorization": f"Bearer {os.getenv('AGEKIT_API_KEY')}",
"Accept": "application/json"
}
params = {
"jurisdiction": jurisdiction
}
try:
response = requests.get(url, headers=headers, params=params)
response.raise_for_status()
return response.json()
except requests.exceptions.RequestException as e:
print(f"Error fetching age gate requirements: {e}")
raise
# Usage
try:
result = get_age_gate_requirements("US-CA")
print(f"Should display age gate: {result['shouldDisplay']}")
print(f"Digital consent age: {result['digitalConsentAge']}")
print(f"Approved methods: {result['approvedAgeCollectionMethods']}")
except Exception as e:
print(f"Error: {e}")
<?php
function getAgeGateRequirements($jurisdiction) {
$url = 'https://game-api.k-id.com/api/v1/age-gate/get-requirements';
$url .= '?' . http_build_query(['jurisdiction' => $jurisdiction]);
$headers = [
'Authorization: Bearer ' . $_ENV['AGEKIT_API_KEY'],
'Accept: application/json'
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode !== 200) {
throw new Exception("API request failed with status code: $httpCode");
}
return json_decode($response, true);
}
// Usage
try {
$result = getAgeGateRequirements('US-CA');
echo "Should display age gate: " . ($result['shouldDisplay'] ? 'Yes' : 'No') . "\n";
echo "Digital consent age: " . $result['digitalConsentAge'] . "\n";
echo "Approved methods: " . implode(', ', $result['approvedAgeCollectionMethods']) . "\n";
} catch (Exception $e) {
echo "Error: " . $e->getMessage() . "\n";
}
?>
using System;
using System.Net.Http;
using System.Threading.Tasks;
using System.Text.Json;
public class AgeKitClient
{
private readonly HttpClient _httpClient;
private readonly string _apiKey;
public AgeKitClient(string apiKey)
{
_apiKey = apiKey;
_httpClient = new HttpClient();
_httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
_httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
}
public async Task<AgeGateRequirementsResponse> GetAgeGateRequirementsAsync(string jurisdiction)
{
var url = $"https://game-api.k-id.com/api/v1/age-gate/get-requirements?jurisdiction={jurisdiction}";
try
{
var response = await _httpClient.GetAsync(url);
response.EnsureSuccessStatusCode();
var json = await response.Content.ReadAsStringAsync();
return JsonSerializer.Deserialize<AgeGateRequirementsResponse>(json, new JsonSerializerOptions
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase
});
}
catch (HttpRequestException ex)
{
throw new Exception($"Error fetching age gate requirements: {ex.Message}");
}
}
}
public class AgeGateRequirementsResponse
{
public bool ShouldDisplay { get; set; }
public bool AgeAssuranceRequired { get; set; }
public int DigitalConsentAge { get; set; }
public int CivilAge { get; set; }
public int MinimumAge { get; set; }
public string[] ApprovedAgeCollectionMethods { get; set; }
}
// Usage
var client = new AgeKitClient(Environment.GetEnvironmentVariable("AGEKIT_API_KEY"));
var result = await client.GetAgeGateRequirementsAsync("US-CA");
Console.WriteLine($"Should display age gate: {result.ShouldDisplay}");
Console.WriteLine($"Digital consent age: {result.DigitalConsentAge}");
Console.WriteLine($"Approved methods: {string.Join(", ", result.ApprovedAgeCollectionMethods)}");
Response Format
Success Response (200 OK)
{
"shouldDisplay": true,
"ageAssuranceRequired": true,
"digitalConsentAge": 13,
"civilAge": 18,
"minimumAge": 0,
"approvedAgeCollectionMethods": [
"date-of-birth",
"age-slider",
"platform-account"
]
}
Response Fields
Field | Type | Required | Description |
---|---|---|---|
shouldDisplay | boolean | Yes | Indicates whether the age gate should be displayed to the player based on local regulations |
ageAssuranceRequired | boolean | Yes | Whether age assurance (verification) is required for players in this jurisdiction |
digitalConsentAge | integer | Yes | The minimum age at which a player can provide digital consent for data processing |
civilAge | integer | Yes | The civil/contract age at which a player is considered a legal adult in the jurisdiction |
minimumAge | integer | Yes | The minimum age required to access the platform/game (typically 0 unless restricted) |
approvedAgeCollectionMethods | array | Yes | List of approved methods for collecting age signals from players in this jurisdiction |
Age Collection Methods
The approvedAgeCollectionMethods
array may contain:
Approved Collection Method | Description |
---|---|
date-of-birth | Full date of birth (YYYY-MM-DD) |
age-slider | Age range or approximate age selection |
platform-account | Using existing platform account age verification |
Jurisdiction Format
Jurisdictions should be provided as:
- ISO 3166-1 alpha-2 country codes:
US
,GB
,DE
,AU
- ISO 3166-2 subdivision codes:
US-CA
,GB-ENG
,DE-BY
,AU-NSW
Recommendation: Always use subdivision codes when available for more precise regulatory compliance.
Error Responses
- 400
- 401
- 429
HTTP 400 - Bad Request
{
"error": "INVALID_INPUT",
"errorMessage": "Invalid jurisdiction"
}
HTTP 401 - Unauthorized
{
"error": "UNAUTHORIZED",
"errorMessage": "Unauthorized"
}
HTTP 429 - Too Many Requests
Best Practices
Security
- Never expose your API key: Keep your API key secure and never include it in client-side code
- Use environment variables: Store your API key in environment variables, not in source code
- Server-side only: Make all API calls from your backend servers, not from browsers or mobile apps
- HTTPS only: Always use HTTPS for API requests to protect your API key in transit
Performance
- Cache responses: Cache age gate requirements for jurisdictions to reduce API calls
- Error handling: Implement proper error handling and retry logic with exponential backoff
Implementation
- Handle regional variations: Use subdivision codes (US-CA, GB-ENG) when available for accurate compliance
- Graceful degradation: Have fallback logic if the API is temporarily unavailable
- User experience: Use the
shouldDisplay
flag to conditionally show age gates only when required