Important Concepts
To integrate k-ID into a game, the following steps need to be taken:
- Determine how the game will get the player location and date of birth
- Define the under-age experience before consent has been granted
- Match k-ID Permissions to features in the game
Getting Player Location and Date of Birth
In order to implement k-ID age verification and consent workflows, the game must acquire two pieces of information about the player: the player’s location (or jurisdiction), and the player's date of birth.
Location
While location can be self-declared by the player, the preferred way of getting location information is to invoke a service from the game that responds with information about the player’s IP address. The location string can be either an ISO 3166-1 alpha-2 country code (e.g. US) or an ISO 3166-2 subdivision code (e.g. US-CA). It is recommended to always provide the subdivision code whenever possible. This is because even if a region currently does not have localized regulations, it may have them in the future. By providing the subdivision code, we can ensure that the player's permissions can be adjusted as regulations change.
Notes:
-
Some games may have their own protections in place to detect and prevent location spoofing (e.g., through players using VPNs). Make sure that the location that is sent to the k-ID API has been validated by these tools as applicable before it is sent in order to avoid an incorrect configuration.
-
As a best practice, a player’s jurisdiction is considered static when the player first launches the game, and cannot be changed except if the customer files a support request - this is to discourage players from “forum shopping” to enable features that should otherwise be disabled in their jurisdiction.
One example to get the location for the player’s IP address is to call a service like https://ipapi.co/json, which produces results similar to the json shown below.
{
"ip": "76.22.71.171",
"network": "76.22.68.0/22",
"version": "IPv4",
"city": "Issaquah",
"region": "Washington",
"region_code": "WA",
"country": "US",
"country_name": "United States",
"country_code": "US",
"country_code_iso3": "USA",
"country_capital": "Washington",
"country_tld": ".us",
"continent_code": "NA",
"in_eu": false,
"postal": "98027",
"latitude": 47.4998,
"longitude": -122.0086,
"timezone": "America/Los_Angeles",
"utc_offset": "-0800",
"country_calling_code": "+1",
"currency": "USD",
"currency_name": "Dollar",
"languages": "en-US,es-US,haw,fr",
"country_area": 9629091.0,
"country_population": 327167434,
"asn": "AS7922",
"org": "COMCAST-7922"
}
Date of Birth
The date of birth is a string that can be provided to the API in any of the following formats: YYYY, YYYY-MM, or YYYY-MM-DD. The jurisdiction determines whether a game must ask the player their age when first starting to play the game. If the jurisdiction requires that the player give an age, then a user interface element to collect the date of birth should be shown. This is called an age gate.
When showing an age gate, a best practice is to show a “neutral age gate”, one which does not have an age already set so the user has to take action to set an age. Additionally, if the age gate uses a slider for the age value, it is recommended by the ESRB that the maximum age in a slider age gate should be 35.
If the age gate does not need to be shown in the current jurisdiction, then the player can proceed without further checks and their date of birth will be unassigned.
Assuring Player Age
In jurisdictions where it is allowed, the k-ID Facial Age Estimation feature can be used to estimate a player's age to determine if it matches the date of birth given by the player in an age gate. Use of Facial Age Estimation will significantly increase the chances that a player is truthful about their age. When using this approach, there two several scenarios that need to be addressed.
- The age range given by Facial Age Estimation contains or is higher than the date of birth given by the player. In this case the date of birth can be used.
- The age range is lower than the self-declared age. In this case, it is recommended to assume the lowest age in the range. The user should be informed that the age doesn't match, and then the player can be asked to restate a lower age that is in the range, or appeal the age estimation.
Handling Under-Age Users Without Parental Consent
If a player gives an age that requires parental consent, the game must determine what to do before consent is granted by a parent. There are several possible approaches, including blocking access entirely and waiting on the parental consent challenge screen, or granting limited access to a “data-lite” experience of the game.
In the example below, the player is blocked from continuing while a Consent Challenge window is displayed.
Matching k-ID Permissions to Game Features
Permissions in the k-ID Global Compliance Database represent classifications of game features that are addressed in regulations in one or more jurisdisctions worldwide. Permissions are configured in the Publisher Portal for the game. Each k-ID Permission that matches a game feature should be enabled in the k-ID Publisher Portal (shown below). The k-ID Permissions chosen will be presented to parents to enable or disable when they give consent for a child to play a game.
Below is an example of what a parent sees when granting consent in the k-ID Family Portal.
When displaying features in the game that are mapped to k-ID Permissions, the Session should be checked to see whether the feature is enabled, and whether the player is allowed to turn it on. More details about how to handle k-ID permissions are covered in the Permissions section of the documentation.
The table below lists the available permissions that can be managed in the Publisher Portal:
| Category | Identifier | Feature | Current Text to Parents |
|---|---|---|---|
| ai-customization | ai-generated-avatars | AI-generated Avatars | Your child can use generative AI technology to create their in-game avatar, which represents them in the game to others. |
| ai-chatbot | AI Chatbot | Your child can interact with a chatbot that uses generative AI, such as for gameplay or support functions. | |
| communication | text-chat-private | Text Chat (Private) | Your child can communicate freely with others through direct messages. |
| chat-rooms-public | Text Chat (Public) | Your child can engage in 1-to-many free-form communications with other players. | |
| voice-chat | Voice Chat | Your child can talk to others using their voice. | |
| video-chat | Video Chat | Your child can have video conversations with others. | |
| link-to-third-party-chat | Link to Third-Party Chat | Your child can access and use an external chat app to communicate outside of the game. | |
| community | join-groups | Join Groups | Your child can join and interact with persistent player groups, such as guilds or clans, within the game. |
| virtual-events | Virtual Events | Your child can join special limited-time online activities hosted within the game. | |
| forums | Forums | Your child can join forums where posts will be visible outside of the game. | |
| content-moderation | user-generated-content | User-Generated Content | Your child can create and share custom content, and see custom content shared by others. |
| mature-language | Mature Language | Your child may encounter mature content in the game. (This does not cover interactions with other players.) | |
| content-sharing | share-game-clips-screenshots | Share Game Clips/Screenshots | Your child can share their recorded game clips and screenshots with others. |
| gameplay-streaming | Gameplay Streaming | Your child's gameplay can be broadcast live for others to watch. | |
| gameplay-recording | Gameplay Recording | Your child can record their gameplay sessions and upload them online. | |
| link-to-third-party-streaming-app | Link to Third-Party Streaming App | Your child can connect their game account to an external streaming platform. | |
| game-controls | augmented-reality | Augmented Reality | Your child can use features that blend the virtual world with their real environment using the device's camera. |
| gameplay | multiplayer | Online Multiplayer | Your child can play with one or more other players online. |
| leaderboard-and-rankings | Leaderboard and Rankings | Your child can participate in competitive leaderboards, where their username and profile picture may be visible to others. | |
| marketing | contextual-ads | Contextual Ads | Your child will see ads within the game that are related to the game's content or activities. |
| targeted-ads | Targeted Ads | Your child will see ads within the game and on other platforms that are tailored to their interests. | |
| direct-marketing | Direct Marketing | Your child may receive marketing emails, text messages or phone calls from the game publisher or their partners. | |
| notification | push-notifications | Push Notifications | Your child will receive notifications on their device from the game, even when the app is not actively in use. |
| privacy | profiling | Profiling | Your child's activity will be analyzed to predict their behavior and preferences. |
| camera-access | Camera Access | Your child can allow access to their device's camera. | |
| photo-video-sharing | Photo/Video Sharing | Your child can upload and share photos or videos with others. | |
| real-time-location-sharing | Precise Location Sharing | Your child can share their precise location, such as street level or even specific coordinates, with others. | |
| motion-data | Motion Data | Your child's device can upload motion data, such as movement and physical activity, to the game. | |
| profile-customization | custom-avatar | Custom Avatar | Your child can create an avatar in the game to represent themselves to others. |
| custom-username | Custom Username | Your child can create a unique username visible to others. | |
| profile-visibility | public-profile | Public Profile | Your child can create a public profile that is visible to others, which may include personal information. |
| online-status | Online Status | Others will be able to see when your child is online. | |
| recommendations | personalized-recommendations | Personalized Recommendations | Your child can receive personalized in-game content and recommendations based on their profile. |
| social | public-friend-list | Public Friend List | Your child's list of friends will be visible to others. |
| send-accept-friend-requests | Send/Accept Friend Requests | Your child can send and accept friend requests from others. | |
| virtual-economy | in-game-purchases | In-Game Purchases | Your child can use real money to buy items or content within the game. |
| loot-boxes-cosmetic-only | Loot Boxes Cosmetic Only | Your child can purchase items that provide randomized cosmetic rewards such as outfits or skins. | |
| loot-boxes-gameplay-impacting | Paid Loot Boxes Gameplay Impacting | Your child can spend money to buy randomized items that can affect how the game is played, such as better equipment or abilities. | |
| loot-boxes-open-loop | Loot Boxes Open Loop | Your child can spend real money on items that yield randomized in-game rewards; rewards can be exchanged for real money. | |
| loot-boxes-kompu-gacha | Loot Boxes Kompu Gacha | Your child can participate in Kompu Gacha. | |
| send-gifts | Send Gifts | Your child can send and receive in-game items to and from others as gifts. | |
| simulated-gambling | Simulated Gambling | Your child can encounter mechanics that simulate the experience of gambling, such as chips, dice, or slot machines. | |
| virtual-property-ownership | Virtual Property Ownership | Your child can sell or trade virtual items to others for real-world money or other valuable digital assets. |