Legacy authentication allows your iRacing account credentials to be used to retrieve data from the iRacing /data API without requiring a second factor of authentication (if configured). If you have written an app or script that uses the /data API or still scrapes the old membersite endpoints, this option will need to be enabled until we onboard 3rd parties to OAuth.
This option may also be necessary for some 3rd party apps to work.
Most members will not need to able to enable this option.
After logging in to iRacing Account Management at https://oauth.iracing.com/accountmanagement/,click on the Security section.
- If the option is not enabled and you wish to enable it, click the Enable Legacy Authentication button and Confirm in the window that pops up.
- If the option is enabled and you wish to disable it, click the Disable Legacy Authentication button and Confirm in the window that pops up.
Understanding the risks of using 3rd party applications
The iRacing community has created some great applications that have been created by 3rd parties. We DO NOT have any control over what these applications do with your data, nor do we review their code, security nor operational processes. We're aware that some of these applications request your iRacing credentials. Using one of these applications puts your credentials at risk to be stolen. For these reasons, we recommend that you do not use the features of these applications that require you to enter iRacing credentials.
Should you decide to assume the risks, we recommend that you use an email address and password that is used only for iRacing. This will limit your exposure should your credentials be stolen.
We are in the process of onboarding 3rd party applications to our OAuth system which resolves the need for 3rd parties to ask for your iRacing credentials to verify your identity.
Note that we are not aware of any applications that are behaving badly. We simply do not have control of the applications. Even with the best of intentions by these developers, they may inadvertently include a library from another source that puts your credentials at risk.