Authorization and Consent Management

Players' consent and how players manage permissions.

3 mins to read

In Epic Account Services (EAS), third-party applications require that you authorize consent for data access permissions before they can authenticate the user or gain access to the user data.

Brand Verification

When new applications are created for EAS, they must be verified through the Brand Application Review process. Below are details about the EAS consent.

Unverified applications are only available to users within your organization.

  • Users outside your organization asking for access receive a warning their access is restricted. They will be unable to use it.

  • Users in your organization will receive a warning that the application is unverified, but will have the option to continue to use the application. This enables your organization to iterate on the product during development.

  • If you click Continue to the App, the consent dialog displays a red banner stating that the application is unverified.

  • When the application passes a Brand Application Review, the audience restriction preventing outside users from seeing your application is removed and users get access to the consent dialog.

The consent dialog box for an EAS application is an agreement asking the end user to review information about the permissions. The end user consents to or denies consent to the terms of the EAS application. The consent screen displays the following information:

Application NameThe name of your application as it appears on the user's device.
Brand LogoA 128 x 128 pixel icon representing your application.
Privacy PolicyA URL to your privacy policy.

The SDK implements verifiable parental consent. This means that when a player first attempts to sign in to their Epic Games account in your game, they must enter their date of birth if they have not already done so. Players under 13 years old or under their country's age of digital consent, whichever is the higher, cannot continue to sign in without their parent's or guardian's consent.

To get parental consent, players under 13 years old or their country's age of digital consent, whichever is the higher, must enter their parent or guardian's email address. Epic Account Services then sends an email to the parent or guardian with instructions on how to complete the parental consent.

The EOS Social Overlay, or a web browser if the overlay is not installed or disabled in the game, automatically prompts the player for verifiable parental consent and the SDK automatically handles the authorization after consent is given.

Players under 13 years old or their country's age of digital consent, whichever is the higher, and who do not have verified parental consent cannot sign in to their Epic Games account for use in the game.

Deleting User Account Data

As a developer, you're required to delete all of a user's account data upon their request. Or upon notification from Epic Games that a user has requested deletion of their data.

Account Services Data Privacy & Visibility

Here at Epic Games we take your privacy seriously. Our data privacy policy is designed to protect all users by requiring explicit consent for each application and for each type of data being accessed. We encourage all developers to request the minimum access necessary for their applications to function properly.

Account Data Access Requirements

When building new features in your application that will change your account data access requirements, you need to update your application settings. Afterwards, users will be asked for consent for any additional access levels. Users are able to revoke access at any time from outside of the application.


The EOS SDK is built in C for a stable Application Binary Interface (ABI). It works with all applications and SDK edits can be made without having to recompile the application.