We understand that these changes may create additional work for our developers, so we wanted to share this list of Frequently Asked Questions we’ve put together:
1. With the changes regarding data protection, how do I ensure I remain in compliance?
You will need to start refreshing player data no less frequently than every 30 days, as it could belong to a user who has asked for their data to be made private or erased.
In the information you provide to us about your client(s), there will be new required fields that you must complete per client:
Intent of use – What type of content will you be creating with the data you receive from us? What do you intend to do with it? For example: leaderboard website, guild spreadsheet, etc.
URL – Link to the location of the final product; Where can we find your epic content?
2. What do you mean I have 30 days to “delete” or “refresh” data?
We value our players’ privacy and their right to determine what happens with their player data. By refreshing any retained data every 30 days, it allows the data to remain current and relevant. This ensures there is never out-of-date player data and provides an option for players to ask for their data to be hidden - if they so choose.
3. What happens if I’m not in compliance?
Enforcement for data protection policies will go into effect after January 1st, 2020. After this point in time, if you retain player data that is no longer valid or accurate, you will lose access to Blizzard Game Data, Community, or Profile APIs.
4. Who does this affect? If I live in “x” region of the world, does this apply to me?
Blizzard Entertainment is a global company; players of our games live all around the world. We value the protection of all our players’ data, and as such, this applies to everyone who consumes any data from our APIs.
5. What happens if I haven’t updated my client to use a new client token?
There will be monitoring of all clients. If you are found to be non-compliant, you risk losing access to our public APIs.
6. Instead of deleting player data, can I simply anonymize it?
Because there’s no defined threshold of anonymity, we don’t want to take the chance. We want all our players and developers to be as protected as possible. In short: please adhere as closely to the data lifespan of 30 days as possible.
7. What happens if player data I’d deleted in the past suddenly shows up again?
If you’ve made a new call in the next 30 day window and the data appears again, the possibility of retaining possession of the data has been made available once more. Should it disappear again, it is safe to assume that you must delete it at that point in time.
8. How does a client remain in compliance if it does not use a URL (Example: An executable or database and not a website)?
Underneath the form field in the client information, there is a box users can check to indicate there is no service URL.
9. Is a seven-day buffer period allowed to accommodate for returned API call inconsistencies?
The window of time data can live is thirty days. If a user chooses to make a call seven days prior to the 30th day to allow for data inconsistencies, there is nothing unallowable about this action. However, anything past 30 days is non-compliant.
10. Does a unique character ID persist across servers? For example, if a player were to transfer from Proudmoore to Illidan, would the character ID remain the same for the character they transferred?
The unique ID does not persist across servers. If a character is transferred, the old character data with the previous character ID should be deleted.
11. Is there an option to hide the data within your client or database rather than truly deleting it?
In order to ensure full compliance with the new policy, developers should delete the data if you receive a 404 – Not Found error.
12. Will Blizzard be increasing the rate limits for any endpoints?
Not at this time, though we are aware that the new policy will require an increase in API calls. We will be monitoring endpoint usage to determine whether increases are warranted, but as of this time, the intent is for the rate limits to remain unchanged.
13. What exactly is the intent of the ‘/character/:realm/:characterName/status’ endpoint, and how should it be used?
This is a three-part answer. We apologize for the length but want to ensure we answer the question in the most thorough format:
Any data retrieved from any character endpoint must be validated every 30-days to ensure the user remains in compliance. The ‘/status’ endpoint allows the user to avoid checking individual character endpoints, instead only calling a single endpoint. However, the relationship doesn’t work the other way around; a valid response from ‘/status’ implies that ‘/character/:realm/:characterName’ is valid, but calling ‘/character/:realm/:characterName’ and receiving a valid response does not imply the rest of the endpoints covered by ‘/status’ is valid.
The ‘/status’ endpoint will only start returning data for players who have logged in since October 2, 2019 at 4PM Pacific Time. All player data older than that date will return a 404 – Not Found error.
Any data that exists at an endpoint is approved to store for 30 days. For older character data before October 2, 2019 at 4PM Pacific Time, the ‘/status’ endpoint will return a 404, but if the data still exists within a different endpoint for the same character, that data set may be used for 30 days.
If there are any questions not answered by the notice or the FAQ, please feel free to post additional questions here in this thread!