- Product @ k-ID
- Posts
- GCE 2.17 Release Notes
GCE 2.17 Release Notes
Crystal Wong
April 22, 2025
Developer Portal
“Tier 4” Loot Boxes
We’ve expanded our product configuration options to include a new permission: “Tier 4” loot boxes. This new permission refers to loot boxes that can be purchased with real money, and the developer endorses or provides a way for players to redeem in-game items acquired from loot boxes for cash or other real-world value. This update provides you with greater flexibility in managing loot box permissions, particularly for jurisdictions with specific regulations on “paid open loop” features.
Important Note: To ensure accurate configuration of Tier 4 Loot Boxes, this setting requires the latest version of the Global Compliance Engine (GCE) released on April 24, 2025. Earlier versions of the GCE will treat Tier 4 Loot Boxes as always enabled, which may not align with the Global Compliance Database’s intended settings. Please update your GCE configuration to avoid unintended behaviour.
Product API
Session Upgrades with KUID parameter
In last week’s release (Release 2.16), we introduced the new KUID parameter — we’ve now updated the POST /session/upgrade API to make the sessionId parameter optional when a KUID is provided. If a valid KUID is included, the system now automatically retrieves and upgrades the user’s existing session (if one exists), reducing the need to pass both parameters redundantly. As an example, when an approved player requests upgraded in-game permissions, the system now uses a mapped KUID (as opposed to the multi-parameter approach requiring both sessionId and challengeId) to handle the permission request.
If no session exists for the given KUID, the API will return a NOT_FOUND error. The upgrade will only proceed if the session matches the KUID or if the user meets the age requirements associated with the session. Requests that include both sessionId and KUID will continue to behave as before, ensuring backward compatibility. This enhancement simplifies session upgrade requests while maintaining strict validation to prevent mismatches or unauthorised session associations.
Bugs & Enhancements
Family Portal
Improved the wording in the emails used to request parental approval for session upgrades, to achieve clearer and crisper user communication.
Developer Portal
Removed the legacy age appeal interface from the Developer Portal. Age Appeal functionality is still accessible via the
/age-verification/perform-age-appealAPI.
Product API
Added input validation to the
/age-assurance/generate-provider-urlendpoint to ensure that invalid verification parameters (e.g., unsupportedproviderNameorverificationType) now trigger a 400 Bad Request error instead of a 500 Internal Server Error. This provides clearer feedback for malformed requests and reduces unnecessary system alerts.