TIMA Platform v1.0

Unique, verified identity that follows players across games. Trust score built from real behavior. Multi-level verification (email, phone, Face ID).

Cross-game anti-cheat reputation. If a player cheats in Game A, Game B knows about it. Ban sync, behavior analysis, toxicity reports.

Base URL

https://api.eligibled.com/v1

Request Format

All requests use JSON. Set Content-Type: application/json for POST/PUT requests.

Response Format

Every response returns a JSON object with success (boolean) and either data or error:

// Success
{ "success": true, "data": { ... } }

// Error
{ "success": false, "error": "Human-readable message", "requestId": "uuid" }

Quickstart

Get a player's trust data in 3 steps:

1. Get your API key

Contact dev@eligibled.com for a studio API key. You'll receive a key and a studio ID.

2. Authenticate

POST /v1/auth/login
Content-Type: application/json

{
  "email": "studio@yourgame.com",
  "password": "your-password"
}

You get back a JWT token valid for 7 days:

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "user": { "id": "uuid", "role": "studio" }
  }
}

GET /v1/public-profile/ELG-8K2M
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Returns their trust score, verification level, reputation, and play history.

Authentication

All API calls (except login and register) require a JWT token in the Authorization header:

Authorization: Bearer <token>

Token Expiry Tokens expire after 7 days. If you get a 401, re-authenticate. Tokens can be revoked server-side (on logout, password change, or ban).

Token Blacklisting

TIMA uses Redis-backed token blacklisting. When a user logs out, changes password, or gets banned, their token is immediately revoked. A 401 with "Token revoked" means the token was explicitly invalidated.

2FA Flow

If a user has TOTP 2FA enabled, login returns a partial response requiring a second step:

// Step 1: Login returns 2FA required
{ "success": true, "data": { "step": "2fa", "userId": "uuid" } }

// Step 2: Verify TOTP code
POST /v1/2fa/verify
{ "userId": "uuid", "code": "123456" }

// Returns the actual token
{ "success": true, "data": { "token": "eyJ..." } }

Error Handling

HTTP Code	Meaning	Common Causes
200	Success	Request processed
201	Created	Resource created (registration, post)
400	Bad Request	Missing fields, invalid format
401	Unauthorized	Missing/expired/revoked token
403	Forbidden	Insufficient role (not admin/staff)
404	Not Found	Resource doesn't exist
409	Conflict	Duplicate (email exists, already friends)
423	Locked	Account permanently locked
429	Rate Limited	Too many requests / login attempts
500	Server Error	Internal error (report with requestId)

Error Codes

Error String	Meaning	Action
`Invalid credentials`	Wrong email or password	Check credentials
`Token expired`	JWT expired	Re-authenticate
`Token revoked`	Token blacklisted (logout/ban)	Re-authenticate
`Authentication required`	No Bearer token in header	Add Authorization header
`Account temporarily locked`	Too many failed logins	Wait 15 minutes
`Account permanently locked`	Repeated lock-outs	Contact support with LOCK code
`Email already registered`	Duplicate registration	Use different email or login
`Rate limit exceeded`	Too many API calls	Check Retry-After header
`Admin only`	Endpoint requires admin role	Use admin account

Tip Every error response includes a requestId. Include it when contacting support — it maps directly to server logs.

Rate Limits

Rate limits are per-IP (unauthenticated) or per-user (authenticated), backed by Redis.

Endpoint Group	Limit	Window
Global (all endpoints)	120 requests	1 minute
`/auth/login`	15 attempts	15 minutes
`/feed/posts` (create)	10 posts	1 minute
`/media/upload*`	5 uploads	1 minute

Response headers on every request:

X-RateLimit-Limit: 120
X-RateLimit-Remaining: 117
X-RateLimit-Reset: 2026-02-10T04:55:00.000Z
Retry-After: 42  // Only on 429 responses

Verified Identity

Multi-level verification: email (base), phone (mid), Face ID (max). Higher verification = higher trust.

Trust Score

0-100 score built from behavior: fair play, report history, verification level, account age, community engagement.

Portable

One identity across all games. A player's reputation follows them. No more anonymous griefers.

Integration Flow

How to add "Login with TIMA" to your game:

// 1. Player clicks "Login with TIMA" in your game
// 2. Redirect to or open:
https://app.eligibled.com/oauth?client_id=YOUR_STUDIO_ID&redirect=YOUR_CALLBACK_URL

// 3. Player authenticates on Eligibled
// 4. Redirect back to your game with a temporary code:
YOUR_CALLBACK_URL?code=TEMP_CODE

// 5. Exchange code for player data (server-side):
POST /v1/tima-id/exchange
Authorization: Bearer YOUR_STUDIO_TOKEN
{ "code": "TEMP_CODE" }

// 6. Response:
{
  "success": true,
  "data": {
    "timaId": "ELG-8K2M",
    "displayName": "PlayerName",
    "trustScore": 87,
    "verificationLevel": 2,
    "role": "player",
    "avatarUrl": "https://...",
    "isCreator": false,
    "shieldStatus": "clean"
  }
}

Verify a User

GET /v1/public-profile/{timaId}

Parameter	Type	Description

Response

{
  "success": true,
  "data": {
    "id": "dbc13192-eb08-47c2-96d0-1d9f6804c561",
    "displayName": "idir",
    "timaId": "ELG-8K2M",
    "role": "player",
    "trustScore": 87,
    "verificationLevel": 2,
    "bio": "Competitive player",
    "avatarUrl": "/uploads/avatars/...",
    "isCreator": false,
    "creatorTier": null,
    "createdAt": "2025-12-01T...",
    "postCount": 42,
    "friendCount": 15
  }
}

Trust Score

The trust score (0-100) is computed from multiple weighted factors:

Factor	Weight	Description
Account Age	15%	Older accounts = higher trust (max at 1 year)
Verification Level	25%	0 (email only), 1 (phone), 2 (Face ID)
Report History	20%	Reports against this player (decreases score)
Community Score	15%	Posts, likes received, friends count
Fair Play	15%	Games played without incidents
Warnings/Bans	10%	Admin warnings or temporary bans (decreases score)

Score Thresholds

90-100: Highly trusted. Clean record, fully verified.
70-89: Good standing. Normal player.
50-69: Caution. Some incidents or low verification.
0-49: Low trust. Multiple reports, warnings, or bans.

GET /v1/platform/trust-details

Get the full trust breakdown for the authenticated user.

Webhooks

Event	Trigger
`player.trust_changed`	Trust score changed by more than 5 points
`player.banned`	Player banned from platform
`player.unbanned`	Player unbanned
`player.verified`	Player completed new verification level
`player.reported`	Player received a new report

// Webhook payload example
POST YOUR_WEBHOOK_URL
Content-Type: application/json
X-TIMA-Signature: sha256=...

{
  "event": "player.banned",
  "timaId": "ELG-8K2M",
  "timestamp": "2026-02-10T04:55:00Z",
  "data": {
    "reason": "Cheating",
    "source": "manual",
    "previousTrustScore": 72,
    "newTrustScore": 0
  }
}

Setup

Step 1: Register your game

Contact dev@eligibled.com with your game name, platform(s), and expected player count. You'll receive a studioId and gameId.

Step 2: Send match data

POST /v1/tima-shield/match-report
Authorization: Bearer STUDIO_TOKEN

{
  "gameId": "your-game-id",
  "matchId": "unique-match-id",
  "players": [
    {
      "timaId": "ELG-8K2M",
      "result": "win",
      "score": 1250,
      "reports": [],
      "disconnected": false
    }
  ],
  "duration": 1800,
  "mode": "ranked"
}

Report a Player

POST /v1/tima-shield/report

Field	Type	Description
reason	string	`cheating` \| `toxicity` \| `griefing` \| `boosting` \| `other`
evidence	string?	URL to replay/screenshot (optional)
matchId	string?	Match where incident occurred (optional)

Check Player Status

GET /v1/tima-shield/status/{timaId}

Check a player's shield status before letting them into a match.

Response

{
  "timaId": "ELG-8K2M",
  "status": "clean",       // clean | flagged | banned
  "trustScore": 87,
  "recentReports": 0,
  "bans": [],
  "flags": [],
  "verificationLevel": 2,
  "recommendation": "allow"  // allow | warn | block
}

Use the recommendation field

allow — let them play normally. warn — let them play but flag to moderators. block — prevent from joining ranked/competitive matches.

Ban Sync

POST /v1/tima-shield/ban-sync

{
  "timaId": "ELG-8K2M",
  "gameId": "your-game-id",
  "action": "ban",        // ban | unban | warn
  "reason": "Aimbot detected",
  "duration": 604800,     // seconds (null = permanent)
  "evidence": "https://replay.yourgame.com/..."
}

Player reports across your game
Trust score distribution of your player base
Ban history and appeal queue
Match integrity analytics
Cross-game flagged players

Creators get a verified badge, analytics dashboard, and direct studio connections. Studios get access to a curated directory of trusted creators for partnerships, sponsorships, and early access programs.

4 Trust-Based Tiers: Rising → Verified → Partner → Elite — each unlocking more visibility, tools, and revenue sharing.

Creator Application Flow

Creators apply through the TIMA platform. Studios can also invite creators directly via the API.

// 1. Creator applies via the platform
POST /v1/creator/apply
{
  "tima_id": "TM-1A2B3C4D5E6F7890",
  "platforms": ["twitch", "youtube", "tiktok"],
  "content_type": "gaming",
  "audience_size": 15000,
  "portfolio_url": "https://example.com/portfolio"
}

// Response
{
  "success": true,
  "data": {
    "application_id": "CA-9F8E7D6C5B4A",
    "status": "pending_review",
    "estimated_review": "48h"
  }
}

Verify a Creator

Studios and platforms can verify a creator's status and tier via the API.

// Get creator profile and verification status
GET /v1/creator/{tima_id}
Authorization: Bearer {token}

// Response
{
  "success": true,
  "data": {
    "tima_id": "TM-1A2B3C4D5E6F7890",
    "display_name": "ProStreamer",
    "tier": "verified",
    "verified_at": "2026-01-15T10:00:00Z",
    "platforms": {
      "twitch": { "username": "prostreamer", "followers": 45000, "verified": true },
      "youtube": { "channel": "ProStreamer Gaming", "subscribers": 28000, "verified": true }
    },
    "trust_score": 91,
    "badges": ["verified_creator", "early_adopter"],
    "studio_partnerships": 3
  }
}

Creator Directory

Studios can search the creator directory to find creators matching specific criteria for partnerships.

// Search creators by game genre, tier, audience size
GET /v1/creator/directory?genre=fps&min_tier=verified&min_audience=10000&platform=twitch
Authorization: Bearer {token}

// Response
{
  "success": true,
  "data": {
    "creators": [
      {
        "tima_id": "TM-1A2B3C4D5E6F7890",
        "display_name": "ProStreamer",
        "tier": "partner",
        "audience": 45000,
        "engagement_rate": 8.2,
        "games": ["Valorant", "CS2", "Apex Legends"]
      }
    ],
    "total": 142,
    "page": 1
  }
}

Creator Analytics

Creators and studios with partnerships can access detailed analytics.

// Get creator performance analytics
GET /v1/creator/{tima_id}/analytics?period=30d
Authorization: Bearer {token}

// Response
{
  "success": true,
  "data": {
    "period": "30d",
    "impressions": 1250000,
    "engagement_rate": 7.8,
    "new_followers": 3200,
    "content_published": 24,
    "studio_clicks": 890,
    "revenue_earned": 1450.00,
    "top_content": [
      { "title": "Valorant Tips S4", "views": 89000, "platform": "youtube" }
    ],
    "tier_progress": {
      "current": "verified",
      "next": "partner",
      "progress": 72,
      "requirements_met": ["audience_threshold", "content_frequency"],
      "requirements_pending": ["studio_partnership"]
    }
  }
}

Creator Webhooks

Receive events when creators reach milestones or when partnership actions occur.

// Webhook: Creator tier upgraded
{
  "event": "creator.tier_upgraded",
  "timestamp": "2026-02-10T14:30:00Z",
  "data": {
    "tima_id": "TM-1A2B3C4D5E6F7890",
    "previous_tier": "verified",
    "new_tier": "partner",
    "unlocked_features": ["revenue_sharing", "priority_discovery", "studio_analytics"]
  }
}

// Webhook: New partnership request
{
  "event": "creator.partnership_request",
  "timestamp": "2026-02-10T16:00:00Z",
  "data": {
    "creator_tima_id": "TM-1A2B3C4D5E6F7890",
    "studio_id": "ST-ABC123",
    "studio_name": "Epic Games",
    "offer_type": "early_access",
    "game": "Fortnite Chapter 6"
  }
}

API Reference

/auth

POST/v1/auth/register

Create a new account. Sends email verification code.

Field	Type	Required
email	string	Yes
password	string	Yes (min 8 chars)
displayName	string	Yes
role	string	No (default: player)

POST/v1/auth/login

Authenticate and receive JWT token.

Field	Type	Required
email	string	Yes
password	string	Yes

POST/v1/auth/verify-email

Verify email with the 6-digit code sent to inbox.

email	string	Account email
code	string	6-digit code

POST/v1/auth/resend-code

Resend email verification code.

/profile

GET/v1/profile/me

PUT/v1/profile-upload/details

Update display name, bio.

POST/v1/profile-upload/avatar

Upload avatar image. Multipart form data, field: avatar. Max 5MB, jpg/png/webp.

POST/v1/profile-upload/banner

Upload profile banner. Multipart form data, field: banner. Max 5MB.

/feed

GET/v1/feed?page=1

Get paginated feed. Returns posts with author info, like counts, comment counts, reactions, pinned status.

POST/v1/feed/posts

Create a new post.

content	string	Post text content
gifUrl	string?	Attached GIF URL
imageUrl	string?	Attached image URL
commentsDisabled	bool?	Disable comments

POST/v1/feed/posts/{id}/like

Like or unlike a post (toggle).

GET/v1/feed/posts/{id}/comments

Get comments on a post.

POST/v1/feed/posts/{id}/comments

Add a comment.

GET/v1/feed/activity

Get recent platform activity (new posts, signups, milestones).

GET/v1/feed/stats

Platform statistics: total users, posts, trust average.

/messages

GET/v1/messages/conversations

List all conversations for the authenticated user.

GET/v1/messages/conversations/{id}

Get messages in a conversation.

POST/v1/messages/send

Send a message.

conversationId	string?	Existing conversation (or use recipientId)
recipientId	string?	Start new conversation with user
content	string	Message text

GET/v1/messages/unread-count

Get total unread message count.

/friends

GET/v1/friends

List all friends.

POST/v1/friends/request

Send a friend request. Body: { "userId": "..." } or { "friendId": "..." }

PUT/v1/friends/accept/{id}

Accept a friend request.

PUT/v1/friends/reject/{id}

Reject a friend request.

DELETE/v1/friends/{id}

Remove a friend.

GET/v1/friends/suggestions

Get friend suggestions based on mutual connections and activity.

/2fa (TOTP)

POST/v1/2fa/setup

Start 2FA setup. Returns a TOTP secret and otpauth:// URI for QR code generation. Compatible with Google Authenticator, Authy, 1Password.

POST/v1/2fa/enable

Confirm 2FA setup by verifying first code. Returns 10 backup codes — store them safely.

code

string

6-digit TOTP code from authenticator app

POST/v1/2fa/verify

Verify 2FA code at login. Also accepts backup codes.

userId	string	User ID from login step 1
code	string	6-digit TOTP code or 8-char backup code

POST/v1/2fa/disable

Disable 2FA (requires current code).

POST/v1/2fa/backup-codes

Regenerate backup codes (requires current code). Old codes are invalidated.

/kyc

Encrypted at Rest All KYC data is AES-256-GCM encrypted before database storage. The encryption key is stored separately from the database. Admin reviews show masked data only (last 4 digits of national ID).

POST/v1/kyc/submit

Submit identity verification data.

fullName	string	Legal name
nationalId	string	National ID number
dateOfBirth	string?	YYYY-MM-DD
address	string?	Physical address
documentType	string?	passport \| id_card \| drivers_license

GET/v1/kyc/status

Check verification status: none | pending | approved | rejected

WebSocket

Real-time events via WebSocket at wss://api.eligibled.com/ws

WSwss://api.eligibled.com/ws

Persistent connection for real-time events: typing indicators, new messages, notifications.

Connect and authenticate:

const ws = new WebSocket('wss://api.eligibled.com/ws');

ws.onopen = () => {
  ws.send(JSON.stringify({ type: 'auth', token: 'eyJ...' }));
};

ws.onmessage = (e) => {
  const msg = JSON.parse(e.data);
  switch (msg.type) {
    case 'auth_ok':       // Authenticated
    case 'auth_error':    // Bad token
    case 'typing':        // { userId, displayName }
    case 'new_message':   // { conversationId, content, ... }
    case 'notification':  // { title, body, action }
    case 'pong':          // Keepalive response
  }
};

Send typing indicator:

ws.send(JSON.stringify({
  type: 'typing',
  targetId: 'recipient-user-id',
  displayName: 'MyName'
}));

Keepalive:

// Send ping every 25 seconds
setInterval(() => ws.send(JSON.stringify({ type: 'ping' })), 25000);

SDKs

Unity (C#)

using UnityEngine;
using UnityEngine.Networking;
using System.Collections;

public class TimaClient : MonoBehaviour
{
    private const string API = "https://api.eligibled.com/v1";
    private string token;

    public IEnumerator CheckPlayer(string timaId)
    {
        var req = UnityWebRequest.Get($"{API}/tima-shield/status/{timaId}");
        req.SetRequestHeader("Authorization", $"Bearer {token}");
        yield return req.SendWebRequest();

        if (req.result == UnityWebRequest.Result.Success)
        {
            var data = JsonUtility.FromJson<ShieldResponse>(req.downloadHandler.text);
            if (data.data.recommendation == "block")
                KickPlayer(timaId, "Trust score too low");
        }
    }
}

Unreal Engine (C++)

// TimaClient.h
#include "HttpModule.h"

void UTimaClient::CheckPlayer(const FString& TimaId)
{
    auto Request = FHttpModule::Get().CreateRequest();
    Request->SetURL(FString::Printf(
        TEXT("https://api.eligibled.com/v1/tima-shield/status/%s"), *TimaId));
    Request->SetVerb(TEXT("GET"));
    Request->SetHeader(TEXT("Authorization"),
        FString::Printf(TEXT("Bearer %s"), *Token));
    Request->OnProcessRequestComplete().BindUObject(
        this, &UTimaClient::OnShieldResponse);
    Request->ProcessRequest();
}

JavaScript / Web

class TimaSDK {
  constructor(token) {
    this.token = token;
    this.base = 'https://api.eligibled.com/v1';
  }

  async request(path, opts = {}) {
    const res = await fetch(this.base + path, {
      ...opts,
      headers: {
        'Authorization': `Bearer ${this.token}`,
        'Content-Type': 'application/json',
        ...opts.headers,
      },
    });
    return res.json();
  }

  // Check player before match
  checkPlayer(timaId) {
    return this.request(`/tima-shield/status/${timaId}`);
  }

  // Report match results
  reportMatch(data) {
    return this.request('/tima-shield/match-report', {
      method: 'POST',
      body: JSON.stringify(data),
    });
  }

  // Look up player profile
  getProfile(timaId) {
    return this.request(`/public-profile/${timaId}`);
  }
}

// Usage
const tima = new TimaSDK('your-studio-token');
const player = await tima.checkPlayer('ELG-8K2M');
if (player.data.recommendation === 'block') {
  // Don't let them into ranked
}

TIMA Platform by Eligibled · dev@eligibled.com · eligibled.com