Getting Started
Everything you need to start using Arcadia Age API (A3) — the unified age compliance API for web, iOS, and Android.
Why low-friction age assurance?
Laws like California AB 1043 require age assurance, but the old playbook — ID uploads, selfie checks, verification walls — costs you conversions and saddles you with sensitive data. A3 flips that. You send lightweight signals (an app store age bracket, behavioral metrics from our drop-in browser SDK, account age), we return a verdict and a signed, audit-ready token. No IDs, no PII stored, no friction.
The web gap is where this matters most. Browsers have no OS-level age signal — there’s no free Apple or Google API to call. A3’s browser SDK passively collects behavioral and contextual signals to fill that gap, giving your web users the same compliance coverage as native apps. For companies on iOS, Android, and web: one API, one audit trail, all three surfaces.
Overview
Arcadia Age API (A3) is the unified age compliance API for web, iOS, and Android. AB 1043 mandates age assurance, but browsers have no OS signal and native platforms each have their own API. A3 normalizes everything into a single call — no verification walls, no ID friction, no stored PII:
- Zero-Retention — no user data is stored, logged, or persisted. Every response includes a cryptographically signed
verification_tokenthat you store in your own logs for audit purposes. - Pass-Through — A3 is a processor, not a controller. You provide the signals, we return the verdict. This simplifies enterprise Data Processing Addendums (DPAs).
- Sub-Second — responses are computed in-memory and returned immediately (cold starts under 200 ms, warm invocations in milliseconds).
- Auto-Scaling — deployed on AWS Lambda with no provisioning required.
Getting Your API Key
- Sign up at portal.a3api.io.
- A Sandbox API key is provisioned automatically on first login.
- Manage your keys, view usage, and upgrade your plan from the developer portal.
Install an SDK
Server-side SDKs handle request construction, typed responses, retries, and error handling out of the box.
npm install @a3api/nodeClient-side SDKs passively collect behavioral and contextual signals on the user's device. They make zero network calls — your backend forwards the signals to A3.
| Platform | Package | Install |
|---|---|---|
| Web | @a3api/signals | npm install @a3api/signals |
| iOS | A3Signals | Add https://github.com/a3api/a3api-ios via Swift Package Manager, or pod 'A3Signals' |
| Android | io.a3api:signals | implementation("io.a3api:signals:0.1.0") in your build.gradle.kts |
All three client SDKs produce the same SignalPayload JSON structure — your backend code is identical regardless of platform.
Authentication
All production endpoints require an API key. The SDKs accept it as a constructor argument; for raw HTTP, pass it via the Authorization header:
curl -X POST https://api.a3api.io/v1/assurance/assess-age \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"os_signal": "18-plus", "user_country_code": "US"}'Try it live in the Playground — no API key required.
US only. The A3 API is currently available in the United States only. Requests with EU/EEA/UK country codes will receive a 403 Forbidden response.
Base URL
| Environment | Base URL |
|---|---|
| Production | https://api.a3api.io/v1 |
Error Format
All errors follow a consistent shape:
{
"statusCode": 400,
"message": ["os_signal must be a string"],
"error": "Bad Request"
}
| Status | Meaning |
|---|---|
400 Bad Request | Request body failed validation (missing or invalid fields). |
401 Unauthorized | Missing or invalid API key. |
429 Too Many Requests | Rate limit or monthly quota exceeded. |
Plans & Rate Limits
| Plan | Requests / Minute | Monthly Quota | Response Fields |
|---|---|---|---|
| Sandbox | 600 | 100 | Basic |
| Pro | 60,000 | Unlimited | Full |
| Scale | 300,000 | Unlimited | Full |
When rate-limited, the API returns 429 Too Many Requests. When your monthly
quota is exceeded, the API returns 429 until the next billing cycle.
Unlimited quota does not mean unlimited free requests. Pro and Scale plans allow unlimited monthly requests — your API access is never cut off. However, requests beyond your plan's included allotment are billed as overages: $0.005 per request on Pro (beyond 10,000/mo) and $0.003 per request on Scale (beyond 50,000/mo). See Pricing for full details.
Sandbox plan responses omit premium fields. The evidence_tags and
confidence_score fields are only included on Pro and Scale plans. Sandbox
responses still include the verdict, assessed bracket, and verification token.
Upgrade from the Developer Portal to unlock
full responses.
Next Steps
- Clone and run — the
a3-quickstartrepo is a complete working example (React + Express) you can run in under a minute. - Backend developers — use the
@a3api/node(TypeScript) ora3api(Python) server-side SDK for typed requests, automatic retries, and structured error handling. - Web developers — read the Web Integration Guide for a full walkthrough, or install the
@a3api/signalsbrowser SDK to start collecting signals in minutes. - iOS developers — add the
A3SignalsSwift package via SPM or CocoaPods for native signal collection with SwiftUI support. - Android developers — add the
io.a3api:signalsKotlin library via Gradle for native signal collection with Jetpack Compose support. - Explore the API — browse the available services in the sidebar, or jump straight to the interactive Playground to send live requests.
- Testing & CI/CD — use the
@a3api/mock-serverpackage to run automated tests without burning sandbox quota. - Compliance — read the AB 1043 guide for integration best practices.