Developer Agreement

The ground rules for using XIVAuth in your project.

This document serves as the agreement between XIVAuth and developers who wish to use XIVAuth for their applications. It contains important information about which apps may or may not be used with XIVAuth, and the conditions under which the XIVAuth API may be used.

XIVAuth does not wish to apply undue burdens to developers. However, these standards are here to ensure that XIVAuth is used in a way that is consistent with the spirit of the project, reduces potential harm to FINAL FANTASY XIV and other projects, and ensures that XIVAuth remains a useful service to everyone. To avoid legal boilerplate, all we really ask is that developers refrain from activities that include the following:

  • Don't use XIVAuth to track users

    XIVAuth takes user privacy seriously and expects applications using it to do the same. Information received by and for a specific app is intended for that app, and that app only. Developers may not use information provided by XIVAuth to create lists, advertising profiles, or other systems designed specifically to track or invade the privacy of users.

  • Don't violate other projects' IP rights

    This may seem ironic coming from a project that is the result of reverse engineering, but it is nevertheless something that we hold closely. XIVAuth may not be used with services or projects that intentionally ignore or violate the rights of others in the FINAL FANTASY XIV modding space. Examples include closed-source or paywalled plugins or components therein.

  • Don't abuse the service

    XIVAuth is a shared service run by a single developer. Where possible, design your application to be a good netizen. Avoid excessive polling, cache data where possible, and be mindful of rate limits and similar concerns.

  • Don't use XIVAuth to ruin others' fun

    XIVAuth exists to make it easier for FINAL FANTASY XIV players and community developers alike to do cool things. Please don't use XIVAuth to create projects or services that are intended to allow users to cheat, bot, harass, stalk, scam, defraud, deceive, or otherwise harm players.

  • Don't build high-risk applications

    Applications that are considered high-risk are not permitted. High-risk applications are anything that can reasonably require XIVAuth's involvement for mediation or conflict resolution purposes. Examples include services that require the user to provide their location, facilitate financial transactions (e.g., a storefront or gambling site), are targeted at minors, or make consequential real-world decisions.

As a service provider, we reserve the right to disable Applications (or in extreme cases, developer accounts) that blatantly violate these standards. If you wish to submit a report, please refer to our Moderation Policy for the reporting process and required information. When reporting an application, please ensure you specify exactly which guidelines you believe are being violated.