跳到主要内容

Implementing Age Assurance

Age Assurance is defined to be the overall process that proves the age of a user for various purposes, including access to a game, app or content within an app. Depending on the jurisdiction and how risky the feature is that you want to verify age for, different methods can apply. The Global Compliance Engine provides an overall workflow process, driven by APIs, that is configurable per jurisdiction and customizable for the unique needs of the game or app.

The following APIs are avaiable to implement the overall Age Assurance process:

  • /age-verification/perform-access-age-verification Age assurance to determine whether a new user should have access to an app or content within the app
  • /age-verification/perform-age-appeal A user suspected of being underage is attempting to get back into the application after being banned by the publisher for being under age, or failing age assurance

To implement the entire end to end Age Assurance flow in your application, follow the steps below:

Step I: Call Access Age Verification API (/age-verification/perform-access-age-verification)

  • The end user sees all 3 verification options (Face Scan, ID Scan and Parent Attestation).
  • When any verification attempt is successfully completed and an age is determined, a PASS or FAIL is sent via the k-ID wehbook to your application depending on whether the user met the age requirement.
  • When a verification attempt does not complete due to a problem with the verification itself (e.g. room too dark, face not in the camera, invalid ID card), the user will be allowed to retry.
  • Every verification method has an configured maximum number of retries i.e. max attempt defined (currently default 3 for each method).
  • If the user performs the maximum number of configured retries for all verification methods, the FAIL result is returned via the k-ID wehbook.

Therefore, a webhook result is returned only in 2 scenarios

  • When a verification attempt is succesfsully complete the result will be PASS, or FAIL with a failureReason of age-criteria-not-met
  • When the max number of retries have been exhausted for all verification methods, the result will be FAIL with a failureReason of max-attempts-exceeded

On the other hand, if you have subscribed to the k-ID javascript MessageEvent, your code will be invoked for every verification attempt whether it passes or fails. This is described in the Verification Result documentation.

Alternatively you can choose a single verification method to use as a first step. For example, you could use /age-verification/perform-facial-age-estimation to only offer facial age estimation, and fall back to other methods.

Step II: If the result of step one is FAIL, you can choose to allow the user to retry by appealing the result they obtained. To do this call the the Age Appeal API (/age-verification/perform-age-appeal)

  • The end user sees 2 verification options (ID Scan and Parent Attestation), since the burden of proof is higher when the user has already failed, or has been previously banned from the App.
  • When a verification attempt is complete the appropriate result[PASS or FAIL] is sent back via the k-ID webhook.
  • When a verification attempt does not complete due to a problem with the verification itself (e.g. invalid ID card), the user will be allowed to retry.
  • Every verification method has an configured maximum number of retries i.e. max attempt defined (currently default 3 for each method).
  • If the user performs the maximum number of configured retries for all verification methods, the FAIL result is returned via the k-ID wehbook.

Step III: You received a FAIL result again, so you can choose to give another attempt to the user to appeal or you can choose to allow the user other means to gain access, for example, by contacting customer support.

The Flow