Third Party Authentication
The API has a number of security features which are used internally by the game client and other KAG systems. While documented partially or in full, these are not intended for public use.
In theory these API features can be used to allow third party sites and applications to emulate a "single sign-on" type of usage, however the problem is that this can train users/players to think that it is okay to plug their KAG account information into any site that asks for it. This is not unique to KAG's authentication, but rather any single sign-on type of implementation. If enough community devs would like this to be offered as a proper service, it may be planned for proper support in the future (with API keys distributed to those consuming it in sites). Please provide feedback as documented at API Feature Planning.
If you are thinking about using the security mechanisms as a single sign-on, please contact FliesLikeABrick at firstname.lastname@example.org (or forum PM/Conversation) for the following:
- Additional API usage details
- A brief discussion about your plans
- Some requirements that may be placed on your use of it, such as the inclusion of a warning to users that they are trusting you with their username and password
Failure to contact him before using the API for username/password authentication in a third party site may result in a full block of your site in the API - meaning you can no longer query for basic information such as player profiles, user statistics or any future features.
A proper Single Sign-On portal is being discussed, so that people can use their KAG accounts on your site/in your programs.