GENERAL POLICIES

READ THESE THOROUGHLY

Our goal is to provide developers with a set of tools to create projects that will create a better player experience. We try as much as possible to not guide or hinder the creative process. While we remain as hands off as possible we do, at times, need to step in to ensure projects don’t have a negative impact to players. That being the case, we care about the developer community as well as the players they develop projects for, so if you have questions let us know as soon as possible and we’ll be happy to provide guidance. Please note, by following these guidelines and eventually getting your application approved, it means we’ve approved your application for a production API key. We don’t give individual projects a stamp of approval, but rather ensure they don’t conflict with our player-focused policies.


When working with the Riot Games API and other Developer Tools, we have several conditions set forth in our Terms of Use and Legal Jibber Jabber. We know that can be a pretty dense read, so here’s a quick synopsis of some of the key points that come up most often. (Note however this is NOT all inclusive and that you still need to read and agree to the Terms)

The goal is to enrich the League of Legends community and provide a better player experience. If your project may lead to a negative player experience please talk to us before it’s too late! There are some things that we're flexible on, but there are also some things we take a hard stance on.


PLEASE DON'T

  • Break the law
  • Publish a project that doesn't properly secure your API key
  • Utilize a Development or Interim API key to run a project accessible by the community (Development and Interim API keys are to be used to create a prototype that we can review before the project is made public)
  • Utilize a Production API key to run multiple projects (each project must submit an application and be reviewed separately)
  • Compromise the integrity of the game or create an unfair advantage for players
  • Charge money for your app or provide exclusive access, in whole or in part, to specific users
  • Shame players based on any metric including their recent performance. You may honor or glorify players, but we don't allow assumptions that could lead to negative preconceptions of a player.
  • Provide alternate channels to report or evaluate other players
  • Create alternatives for official skill ranking systems, such as Ranked Leagues (Prohibited alternatives include MMR or ELO calculators)
  • Refer to your project to be in a partnership or approved by Riot Games
  • Utilize methods to connect to other League of Legends systems, such as League chat, that haven't been included in the third party tools. (Except where otherwise noted in any official exceptions, if any.)
  • Scrape data from undocumented endpoints or any other sources outside of the provided Riot API Endpoints and other documented Third Party Developer Tools. (Except where otherwise noted in any official exceptions, if any.)
  • Build or design any tools or components designed to look like the native League of Legends or Riot Games branding and designs, both in-game and out.

If you have an idea that you think might fall within a gray area feel free ask us in your project's application. Make sure to include a description and the goal behind your project, and then post your question as an App Note within the application. We’ll be happy to provide you with feedback and work with you to achieve your goal without conflicting with policies we have in place to protect the player experience.


PLEASE DO

  • Think outside the box
  • Think of ways for players to evaluate and improve their own gameplay
  • Think of ways to connect players with their friends
  • Blow our minds (it’s encouraged)
  • Feel free to use any of our art assets from the game (but NOT any official Logos)

As mentioned, this is not an all-inclusive list, so please be sure to read through all of the Terms of Use and Legal Jibber Jabber as well!


TOURNAMENT POLICIES

  1. You are responsible to ensure a fair and balanced system for matchmaking teams.
  2. All features of your project must be freely available to every tournament participant.
  3. A tournament must have a minimum of 20 active participants, regardless of team size (1v1, 3v3, 5v5 etc).
  4. Teams must progress through the tournament by playing directly against their opponents. It must be a traditional style tournament (elimination, round robin, etc) and not direct challenges or ladder systems.
  5. Anything related to wagering, betting, gambling, or any other use of real money outside of a nominal entry fee is not permitted. No exceptions.
  6. Custom currencies with a monetary value are strictly forbidden. Entry fees or buy-ins must be displayed in a fiat currency, to provide clarity to the participants, and then distributed amongst the winning teams at the end of the tournament based on placements.

    fiat currency is a currency backed by a government regulation or law.

Any time money gets involved we take things very seriously. We've seen a considerable amount of shady behavior with regard to the Tournaments API and as such this is not an area we're likely to be understanding. We understand the overwhelming benefit that community tournaments have created for players, but any deviation from these policies is likely to be handled strictly. If you have any questions ask before implementing a feature that may conflict with these policies.


CREDENTIAL SECURITY

Remember, don't share your account information with anyone, including your API key!

For your login credentials, take the same precautions as you would with your League of Legends account.

Regarding your API key, this key is tied to your League of Legends account and will be used for your application. If someone has access to your key, they can potentially use it for their own purposes, leaving you without one or with a severely diminished rate limit – even entering your key into another application can be dangerous! You should also make sure that you are using SSL/HTTPS when accessing the APIs so that your key is kept safe. You don’t want anyone else consuming your traffic and making it impossible for you to build your app. Protect your key so that everyone can see the awesome things you build!

Note that embedding a key in a distributed client application, like a desktop or mobile application, means that your key can be compromised. Even secure storage or encrypted keys on a client can be breached. The only way to ensure your API key remains safe is to have the client application access your own server, which then makes the appropriate request to the API using HTTPS. Even in the worst case scenario, if someone does manage to get your key from your server, through a man-in-the-middle or other type of attack, you can easily regenerate your key and update it in your server. If you have a key distributed across numerous client applications, you won't be able to do that without breaking all of the clients.

For similar reasons, generally you should not commit your API key to your code base, especially if you plan on building a distributed binary from that code base. Even if your code base is for a server application, we recommend reading your API key from a configuration file running on the server, rather than committing it to the code base. This practice limits your exposure to only the boxes that the server is running on, allows you to easily swap out keys without having to rebuild and redeploy, and prevents accidental sharing of your keys if you ever open source or otherwise share parts of your code.

Note that for teams working together on an application, there will be an obvious need to share an API key for your application. Our intention is not to discourage sharing along these lines, but rather sharing with people outside of your organization or who are working on other projects.

Sometimes people post their API keys on the forums when they are asking for help or giving code examples. Please note that if you do this, we will edit the post to remove the key and then regenerate your key on your account.


Monetization Policies

As you might expect, any time money gets involved we take things very seriously. In any case where you're unsure about whether or not you're breaking our monetization policy you should default to excluding the feature in question, or speak with us directly before proceeding. The Riot Games API is provided as a tool for community creators to create a project that can be freely enjoyed by all players, it is not meant as a core means to generate revenue. We will always put the player's interests first and if we feel a project is taking advantage of players we'll move swiftly to have it removed. We do however have exceptions for advertisements (outlined further below) and some exceptions for Tournament entry fees (outlined in our Tournaments Policy section).
With that said, we are always looking for ways to support content creators who work on projects that benefit the community, and we know it’s difficult to run these sometimes costly projects at scale without income. We also understand that developers want to recoup the time and energy it takes to build and maintain these projects. As such there are a few methods which allow developers to offset those costs, which we're fine with.

When in doubt, we will always be willing to have a discussion about what it is you wish to do, and how we can help you find a way to do it within our policies, or even make special exceptions for developer whom we think are driving significant player value. Simply reach out to us via the application notes to start a conversation!



Advertisements

We're fine with projects passively collecting revenue from users via advertisements. From our perspective this is the preferred method of monetization to offset the cost of developer's projects.


Paid Removal of Advertisements

We know it's sometimes difficult to create a tasteful, unobtrusive native experience with advertisements. This is part of the reason why the mobile industry has gravitated toward the paid removal of ads. As such, after contacting us first, we'll allow developers to support their projects with the paid removal of advertisements.

Developers who are granted permission to monetize their applications will be required to provide the same functionality and experience in their projects with and without advertisements. For mobile and desktop applications, the removal of advertisements is an action that needs to be executed within the application itself. We will not be allowing two separate versions of the application. The app itself must be free, with the option to remove advertisements as an in-app purchase.

In order to offer the paid removal of advertisements you must:

  1. Contact us via an App Note within your project's application
  2. Provide us with a visualization of your project with and without advertisements
  3. Accept the additional monetization terms within your project's application

Projects that offer the paid removal of advertisements without contacting us first will be in violation of our policies and risk having their API key disabled.


Donations

We don't have any policies specifically prohibiting donations at this time, but we specifically reserve the right to require any form of monetization (including donations) be removed from a project. This is usually a judgment made on a case by case basis so honor the spirit of the rules which are meant to ensure every player can freely enjoy your project. Don't create an environment where users feel pressured to spend money (refer to the Crowdfunding section for more context).


Strictly Forbidden

Exclusive Access

You may not charge money for exclusive access to features that are based, in whole or in part, on data gained from the Riot Games API.


Crowdfunding

We specifically disallow these platforms because by their very nature they grant benefits to those who have contributed. This is something we simply cannot support. If you have individuals that would like to contribute to your project out of the kindness of their heart that's fine but they can't be granted any special benefits. From our perspective, benefits for donors creates a dynamic that is too easily abused. Players can easily be pressured to donate if they want to gain access to specific features (which should never be the case). Additionally, developers can start to solely invest their time in developing donate-to-access features that provide no benefit to the rest of the community. The Riot Games API is free, publicly accessible, and was created to enrich the experience of the entire community.


Best Practices

Development API Key

The most basic key that every developer receives upon successful registration is limited to 10 requests every 10 seconds. Use this key to discover what the Riot Games API has to offer, form ideas, and test the water.

Remember to keep your API key private. This key is tied to your League of Legends account and will be used for your applications. If someone gains access to your key, they can potentially use it for their own purposes, leaving you without one or with a severely diminished rate limit – even entering your key into another application can be dangerous! We don't want anyone else consuming your traffic and making it impossible for you to build your app, so protect your key and make awesome.

We don't expect your awesome creation to survive in the wild with this key. Once your app or website is ready for players to experience, please register it for us to review. We'll provide you with a key that can handle "the friendly Reddit DDoS."

Pro tip: Architect your code to accommodate for a key with a variable limit.


Handling API Call Responses

The Response Code documentation outlines a set of best practices when handling API call responses.


Rate Limiting

Every website and app that consumes data from the Riot Games API has a rate limit. That is, each key may only make a certain number of requests each second. Unaccounted for, your website or app could reach this limit, which may negatively impact player experience.

For instance, the following pseudocode asynchronously requests the recent games for a large number of players:

foreach (summonerId in playersToFetch)
    RiotGamesAPI.recentGamesAsync(summonerId)

This loop could send out thousands of requests in milliseconds. Once the rate limit has been reached for that specific second, the API will return the HTTP response status code "429 Rate Limit Exceeded."

The updated pseudocode will sleep for 1 second after making the exact number of requests that the rate limit permits:

foreach (summonerId in playersToFetch)
    RiotGamesAPI.recentGamesAsync(summonerId)
    if (requestCount == RATE_LIMIT)
        sleep(1000)

Pro tip: Degrade gracefully. If you hit the limit during a player's request, give them a friendly error message.


Caching

Even though the Riot Games API was engineered with speed in mind, we strongly advise against relying on it as your sole data store. Instead, implement a caching layer. By caching every API request, you will decrease response times as well as the total number of requests made.

Pro tip: Cache frequently accessed data in memory (Redis, Memcached, etc.) and rarely accessed data on disk (MySQL, RDS, etc.).


Summoner Name Encoding

If your website or app takes a summoner name as input, please HTML encode it before making the initial request. Many languages have built in support for HTML encoding, and for those that don't, external libraries should be available.

Keywords to search for include "HTML encoding," "URI escaping," and "HTML entities."

Pro tip: If your website or app stores our data, double check that your database encoding supports every character set (UTF-8).


Javascript

Avoid using client-side Javascript to directly communicate with the Riot Games API. Not only do you lose control over your API key, you also run the risk of bumping against the rate limit.

Pro tip: If you want to develop with Javascript, architect an intermediate layer between the Riot Games API and the player. By doing this, your key will remain a secret and you'll retain tighter control over what happens when you hit the rate limit.


CODE OF CONDUCT

Drive Constructive Feedback

"A problem well stated is a problem half solved." - Charles Kettering

Feedback is an important force in the decision making process of Riot Games. If you want to make your voice heard, taking the time to let us know how you're feeling about the API is a good place to start. When you give feedback, make sure you take a holistic approach. If you only give negative feedback, you may find that the changes you influence detract from what you initially enjoyed. Moreover, people are simply more likely to listen if you present yourself in a calm, well thought out manner.

That being said, don't be afraid to tell us if you feel strongly, and why. Try to be straightforward, specific, and always try to make your feedback direct and concise.


Facilitate Civil Discussion

"To disagree, one doesn't have to be disagreeable." - Barry Goldwater

As we mentioned earlier, we want you to give feedback, but being part of the community doesn't stop there. Whether you're in Discord, AnswerHub, Twitter, or elsewhere, there are plenty of people to talk to, and plenty of topics to discuss. Whether you're discussing API changes, rate limiting, or just talking about esports, we encourage you to share your thoughts with other community members.

When you choose to participate in a discussion with the rest of the community always try to be receptive to another player's point of view. If you keep an open mind, you'll be surprised what valuable information you can glean from your fellow players. Also, be mindful of how you present your point of view. If a player feels strongly on a subject, don't get caught up trying to have the last word. Just state your side and exit the conversation gracefully rather than give them the opportunity to pick a fight.


Leave No Newbie Behind!

"Be an opener of doors for such as come after thee." - Ralph Waldo Emerson

We all started somewhere, and if we're going to do justice to the people who helped us move up the ladder, we have to start by paying homage to our roots. If you see a developer struggling, or who clearly doesn't grasp the fundamentals of the API, try offering some constructive advice. If you do so in a civil and friendly manner it's likely that they will be receptive. Oftentimes they'll be downright grateful that somebody took the time to let them know how to improve.

Never get frustrated by an inexperienced developers questions. At some point you were just as green as they were. Have a little patience, and try and help the person. At the same time don't be discouraged if they aren't receptive. Some small percentage of the community will get hung up on the notion that they don't need anybody's help, and, no matter how politely you try to lend a hand, they won't want to hear it. That's no reason to give up on the rest of them!


Lead by Example

"Leadership is practiced not so much in words as in attitude and in actions." - Harold S. Geneen

If you share our vision of a game where players exercise good sportsmanship, help each other improve and form lasting friendships, then you've got to start living the dream before anybody else is willing to do so. It's all well and good to say you're on board for the revolution, but if you don't first make yourself a paragon of model behavior no one is going to be fooled. Nobody's asking you to be perfect, but we do want you to, whenever possible, strive to uphold the same standards of behavior that you expect everyone else to maintain.


Rules

These actions may result in removal from Riot Games Developer Community channels, and are explicitly forbidden in the Riot Games Developer Community:

  • Offensive comments related to gender, gender identity and expression, sexual orientation, disability, mental illness, physical appearance, body size, race, or religion
  • Unwelcome comments regarding a person’s lifestyle choices and practices
  • NSFW content
  • Threats of violence
  • Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm
  • Deliberate intimidation
  • Sustained disruption of discussion
  • Unwelcome sexual attention
  • Continued one-on-one communication after requests to cease
  • Publication of private communication without consent
  • Pretending to be another user, using their name as your own
  • No offensive usernames/nicknames/icons

Reporting

If you are being harassed, notice that someone else is being harassed, or have any other concerns, please contact the appropriate channel administrators. They will review your concern and take appropriate action.

We will respect confidentiality requests for the purpose of protecting victims of abuse. At our discretion, we may publicly name a person about whom we’ve received harassment complaints, or privately warn third parties about them. We will not name harassment victims without their affirmative consent.


General Data Protection Regulation

The General Data Protection Regulation (GDPR) gives European residents greater control over their personal data, including allowing them to exercise their rights by sending “data subject requests” to data controllers. While GDPR is a European Union regulation Riot Games has committed to following the standards put forth in the regulation globally. As a developer using the Riot Games API, you may have access to personal data subject to the GDPR. When Riot Games receives a request from an end user to delete their personal data, we will be passing the request to all active developers by sharing a list of identifiers (e.g. accountId) for the end users through Riot Channels.

If you sign up for the Developer Portal, you will receive occasional emails, none of which are current optional. You can exempt yourself from these emails by exercising your Right to be Forgotten, by Riot Games as a whole, by contacting Player Support. You may receive emails for the following reasons:

  • GDPR obligations
  • Critical updates
  • Developer Portal account changes
  • Riot Games API application changes
  • Community events
  • Marketing emails