Third Party Authentication

From King Arthur's Gold Wiki
Revision as of 17:24, 4 March 2012 by FliesLikeABrick (Talk | contribs)

Jump to: navigation, search

The API has a number of security features which are used internally by the game client and other KAG systems. While document partially or in full, these are not intended for public use.

In theory these API features can be used to allow 3rd party sites and applications to emulate a "single sign-on" type of usage, however the problem is that this can train users/players to think that it is okay to plug their KAG account information into any site that asks for it. This is not unique to KAG's authentication, but rather any single sign-on type of implementation.

If you are thinking about using the security mechanisms as a single sign-on, please contact FliesLikeABrick at (or forum PM/Conversation) for the following:

  • Additional API usage details
  • A brief discussion about your plans
  • Some requirements that may be placed on your use of it, such as the inclusion of a warning to users that they are trusting you with their username and password

Failure to contact him before using the API for username/password authentication in a 3rd party site may result in a full block of your site in the API - meaning you can no longer query for basic information such as player profiles, user statistics or any future features.