As alluded to elsewhere in the documentation, XIVAuth is not intended for everyone, and it does not cover every use case. It is, by design, an opinionated and purpose-built authentication platform that does a specific set of things, and hopefully does them well. The below guide will help determine if XIVAuth is (or isn’t) a good fit for your project.

Eventually, the goal of XIVAuth is to become large enough that it’s assumed that most users will have an XIVAuth account and already use it to access some services. At this point, XIVAuth becomes a general SSO platform and identity provider for the community as a whole and allows players to access a far wider audience of services without having unique passwords/MFA/etc. and having to go through character verification for each site.

What XIVAuth Is For

• XIVAuth is great for services that provide (or want to provide) SSO using Sign in with Discord or similar buttons.
• XIVAuth is great for services that want character verification for authenticated users.
• XIVAuth is an easy way to add high-trust authentication (Webauthn, MFA, etc.) to sites that want to provide that without engineering investment.
• XIVAuth is great for plugins that want easy in-game authentication at the character or user level, especially for client-server models.

Sample Use Cases

• A forum for roleplayers that wants to have a character directory, or allow users to post as a (verified) character.
• A plugin to crowdsource information about loot drop tables that wishes to minimize or block data from known bad sources
• A website that allows players to track character progression or to-dos
• A plugin that wishes to allow users to edit a character profile from in-game with assurance that a ContentID is legitimately owned by a specific user
• A plugin that offers synchronization of hotbars or UI configurations to supplement Square Enix’s own features.
• A website that targets FFXIV players and wishes to persist history of viewed items for individual users.
• A blog targeting FFXIV players that wishes to allow comments from users

What XIVAuth Is Not For

• XIVAuth will not provide Lodestone scraping services, save for those necessary for authentication flows.
  • As a result, information about character levels, ranks, PVP state, etc. will not be available, and there are no plans to include that.
  • XIVAuth, however, may be used in conjunction with XIVAPI or internal scrapers to achieve this goal.
• XIVAuth may not be a great fit for services that need to consume the Lodestone otherwise. While it may still provide benefits in terms of allowing easier sign-up flows, it is relatively trivial to self-manage character verification in addition to scraping other Lodestone data.
• XIVAuth will have relatively little value if advanced character verification is required. Platforms that require advanced validation or complex flows are better suited to self-implementation.
  • Services that allow characters to be linked to multiple accounts are not a good fit for the platform.
• XIVAuth is not for services that wish to offload authorization.
  • While the platform will provide the concept of “private apps” and similar systems, these are not meant for authorization purposes.
  • Similarly, services that wish to only allow certain users (e.g. only Lalafell players can see a page) will not be able to use XIVAuth alone.