Using a third-party League of Legends app in 2026 raises a question almost every player asks at some point: is this actually allowed? With tools like Blitz, Porofessor, op.gg, and buildzcrank tracking live game data, it’s easy to wonder where Riot draws the line — and whether crossing it risks your account.
The short answer: yes, third-party apps are legal, provided they use Riot’s official API and comply with Riot’s policies. But the rules have evolved. A major policy update in March 2025 banned a previously common feature, and more restrictions could follow as Riot continues to refine its stance on competitive fairness.
This guide breaks down exactly what the Riot API is, what apps can and can’t do, what was banned and why, and how to know whether a specific tool puts your account at risk.
What Is the Riot Games API?
The Riot Games API is an official, publicly accessible programming interface that Riot maintains so third-party developers can build tools around League of Legends — and other Riot titles like VALORANT and TFT. Think of it as Riot deliberately opening a window into certain parts of the game’s data: summoner profiles, match histories, ranked stats, champion mastery scores. Apps pull that information through the API without ever touching the game client directly.
This is a deliberate design decision. Riot wants the ecosystem of companion tools to exist. Stat trackers, coaching overlays, pick advisors, and build recommendations all add value for players that Riot itself doesn’t prioritize building. The API is how they enable this ecosystem while maintaining control over what data can be accessed and how.
Most companion apps actually use two separate official data sources:
- Riot Games API: Account-level and post-game data. Match history, ranked records, champion stats, mastery. Requires registration and approval on the Riot Developer Portal. Rate-limited to prevent abuse.
- Live Client Data API: A local API running on your own machine during an active match. Reads the current game state — your champion’s health, active items, game timer, ability cooldowns — in real time. Crucially, this API only surfaces your own data, not hidden enemy information.
Apps that rely exclusively on these two channels are operating entirely within Riot’s official framework. No memory reading, no client manipulation — just accessing what Riot intentionally exposes.
Personal vs Production API Keys
Not all API access is equal. Riot distinguishes between two key tiers, and mixing them up is one of the most common mistakes new developers make.
Personal API keys are for individual developers or small private communities. They expire every 24 hours, carry tight rate limits, and exist purely for testing and prototyping. You cannot use a personal key to power a public-facing product — not even an open alpha or beta. Doing so violates Riot’s terms and can result in key revocation.
Production API keys are required for any app intended for the general public. Getting one means:
- Submitting a formal application through the Riot Developer Portal
- Demonstrating a working prototype (Riot reviews applications weekly)
- Waiting for approval — typically one to three weeks, though high application volumes have pushed timelines to a month or more in recent periods
Once approved, your app receives an Approved or Acknowledged status. Both allow monetization, but with an important condition: every monetized app must maintain a free tier accessible to all players. You can charge for premium features, but the core experience cannot be paywalled. If you charge for access to Game Information specifically, you must notify Riot and obtain written approval in advance.
Riot periodically reviews active apps for ongoing compliance. A change in features, business model, or data handling practices that violates the terms can result in key suspension — so approval is an ongoing relationship, not a one-time gate.
What Features Are Allowed in Third-Party Apps?
The general principle Riot applies is straightforward: features that help you review and improve your own play are allowed. Features that provide hidden information about opponents — information the base game doesn’t surface — are increasingly restricted.
Currently allowed:
- Match history tracking, win rate analysis, and champion performance stats
- Aggregated champion statistics (win rate, pick rate, ban rate) sourced from Riot’s match data
- Pre-game pick advisor showing optimal champions against a visible enemy draft
- Real-time build recommendations based on your own in-game state via the Live Client Data API
- Summoner spell timers and jungle camp timers for your own team
- Post-game detailed performance breakdowns (vision score, damage share, CS timeline)
- Build path suggestions derived from aggregated high-ELO game data
Restricted or prohibited:
- Enemy ultimate ability timers — banned as of March 13, 2025 (see next section)
- Summoner name display in ranked Solo/Duo champion select — names must be obfuscated as “Ally #1”, “Ally #2”, etc. to prevent targeted pre-game research and queue dodging
- Game memory reading — any app that accesses data outside the official APIs is classified as unauthorized software
- Features designed to assist queue dodging — surfacing detailed opponent histories to inform lobby dodge decisions is a policy violation, regardless of how the data is sourced
The critical distinction is information asymmetry. If a feature gives you data your opponent cannot access through the same tool, Riot scrutinizes it. The more decisively it influences the outcome of a match without the opponent having an equal opportunity, the more likely it is to eventually be restricted.
What’s Banned: Enemy Ultimate Timers
The most significant policy update in recent memory hit on March 13, 2025, when Riot Games officially prohibited enemy ultimate ability tracking in all third-party applications.
Before this change, apps like Blitz and Porofessor could display when an enemy champion’s ultimate would come off cooldown — even if that enemy wasn’t visible on your screen. The feature worked by logging when an ultimate was used (detected via game events surfaced through the API) and counting down based on the base cooldown at the observed rank.
Riot’s stated reason for the ban: this created unfair competitive information asymmetry. In the base game, knowing when an enemy Malzahar, Zed, or Twisted Fate has their ultimate ready requires active attention, communication with teammates, or vision. Automating that awareness removes a skill element the game’s design intentionally leaves in play.
What makes this policy particularly strict is its scope. The ban covers both automatic and manual tracking. An app cannot offer a “log ult cast” button that starts a manual timer, either. Riot evaluates the intent of the feature, not just the implementation — and the intent of knowing enemy ult availability is the same regardless of who starts the clock.
Any app that fails to remove this feature risks API key deactivation, which effectively kills the app by cutting off all access to Riot data. The deadline was firm. Major apps — Blitz, Porofessor, Mobalytics — complied and removed the feature before March 13.
Future restrictions on similar features remain possible. Enemy jungle camp tracking (knowing when an enemy jungler’s camps respawn based on timing), ward vision duration derived from API data, and similar asymmetric information features are candidates Riot has not ruled out. The enemy ultimate timer decision established the framework Riot will use to evaluate these questions going forward.
Does the Platform Matter? Overwolf and Standalone Apps
A common misconception is that Overwolf apps occupy a special category under Riot’s policy. They don’t — at least not from Riot’s perspective.
Riot’s API policy applies equally to all apps, regardless of the platform they’re built on. Whether a companion app runs on Overwolf, as a native Windows application, as a web dashboard, or as an Electron app, the same feature restrictions and API approval requirements apply. Using Overwolf doesn’t unlock any additional data access, and avoiding Overwolf doesn’t grant any exemption from Riot’s rules.
What does differ is the compliance stack. Overwolf operates its own game compliance review on top of Riot’s — apps distributed through the Overwolf marketplace are reviewed by both Riot and Overwolf before they go live. This can mean slower distribution of updates when policy restrictions change, since compliance reviews must happen at two levels.
For players, the practical differences are mostly about installation experience, performance overhead, and user interface — not about what data the app is legally permitted to access. Apps built outside Overwolf still require Riot Developer Portal approval for production API access; they simply skip Overwolf’s additional layer.
If you’re curious about the performance and user experience tradeoffs between Overwolf-based and standalone apps, The Overwolf Question: Why It Matters for LoL Apps covers the practical differences in detail.
Can Third-Party Apps Get You Banned?
Using a Riot-approved app that relies exclusively on the official API carries no ban risk. Riot knows exactly which apps are accessing their API and which accounts use them. Players using policy-compliant companion apps are not flagged by Riot’s systems.
What can get you banned:
Memory-reading software — Apps that read the game’s memory directly (outside the Live Client Data API) are treated as unauthorized third-party software, on par with cheats. Riot’s Vanguard anti-cheat system, deployed across their titles, actively detects memory manipulation. If a companion app claims to offer information the Live Client Data API doesn’t surface — like precise enemy positions, hidden stats, or client-level data — that’s a red flag it may be using unauthorized access.
Scripts and automation — Anything that automates player inputs (orb-walking scripts, combo executors, vision bots) violates Riot’s Terms of Service regardless of what API it uses. This is separate from the companion app category — it’s considered cheating software.
Scraping without authorization — Crawling Riot’s endpoints without a valid API key, or using another developer’s key without permission, can result in account action and legal escalation.
Practical checklist for safe use:
- Is the app listed in the Riot Developer Portal as Approved or Acknowledged? ✓ Safe
- Does the app claim to show enemy information not visible in the game client? ⚠️ Investigate
- Does the app require disabling antivirus or injecting into the game process? ✗ Do not use
- Has the developer publicly addressed Riot’s March 2025 policy update? ✓ Sign of legitimate operation
When in doubt, check whether the app’s features align with what the official Riot API and Live Client Data API can actually provide. If a feature sounds like it would require reading information the game hides from you, it probably does.
How Apps Like Blitz, Porofessor, and buildzcrank Use the API
Most companion apps follow a common two-layer pattern. Pre-game and post-game: they pull your match history, ranked record, and champion-specific stats from the Riot API to build an informed picture of your playstyle and the current meta. In-game: they read your live game state via the Live Client Data API — your current items, health, gold, and the game clock — to power real-time overlays.
Blitz, Porofessor, and Mobalytics all work this way. Their build recommendations are essentially pre-computed: the app looks at what champions are in the game and serves a build template that statistically performs well for that champion in that role. The app isn’t reading your specific game — it’s reading your champion and role and serving the average-best answer.
Tools like buildzcrank add an AI layer on top of that base. Instead of serving the same build template every game, the AI reads your current game state — your existing items, the scoreline, the enemy team composition, how the game is trending — and adjusts the recommendation accordingly. A Zed game where you’re ahead against three squishy targets gets different itemization than a Zed game where you’re even against a frontline-heavy team. All of this reasoning happens using only data the Live Client Data API makes available — no unauthorized access required.
For a technical breakdown of exactly what data a companion app can read during a live game and how AI processes it, see How AI Recommends Builds in Real Time.
Frequently Asked Questions
Is using Blitz, Porofessor, or op.gg bannable in 2026?
No. All three apps hold production API approvals from Riot and operate within Riot's permitted feature set. Riot does not ban accounts for using policy-compliant companion apps — they know exactly which apps are accessing their API. If an app operates outside those policies (like the enemy ultimate timer feature did before March 2025), the app's API key gets revoked, not your account.
Can I use companion apps in ranked games?
Yes. Riot's policy doesn't prohibit companion apps in ranked play. Build overlays, win rate trackers, post-game analysis, and real-time build recommendations are all permitted in all game modes including Ranked Solo/Duo and Flex. The restriction on summoner name display in ranked champion select applies to the app, not the player using it.
Why exactly was the enemy ultimate timer banned?
Riot's reasoning was competitive fairness. In the base game, tracking when an enemy's ultimate is available requires skill, game sense, communication, or vision — the design intentionally leaves that information imperfect. Automating it removed a layer of the game Riot considers meaningful. The March 2025 policy extended this reasoning to manual logging as well: both automatic and manual ultimate timing are prohibited because the intent — knowing hidden enemy ability states — is identical.
Does a companion app need to be on Overwolf to be allowed by Riot?
No. Riot's policy applies equally to Overwolf-distributed and standalone apps. Both require production API approval through the Riot Developer Portal. Overwolf is simply a distribution platform with its own additional compliance review layer. Choosing to build outside Overwolf doesn't grant different permissions — you still need Riot's approval, and you still follow the same feature restrictions.
What happens to an app that violates Riot's API policy?
Riot's primary enforcement tool is API key deactivation. If an app introduces a prohibited feature and doesn't correct it by the stated deadline, Riot deactivates the API key — which cuts off access to all Riot data and effectively kills the app. For more serious violations (IP infringement, Terms of Service breaches, scraping without authorization), Riot has also pursued legal action against developers. The March 2025 ultimate timer deadline had a firm enforcement date: apps that hadn't complied had their keys deactivated immediately.
Riot’s API ecosystem is one of the most developer-friendly policies in competitive gaming. The rules are clear: use the official APIs, stay within the feature boundaries, keep your product registered, and maintain a free tier if you monetize. Do those things and you’re operating exactly as Riot intends.
The March 2025 ban on enemy ultimate timers signals that Riot will continue tightening restrictions where competitive fairness is at stake. For players, that means periodically checking whether your favorite app’s features remain policy-compliant — and choosing tools that are transparent about how they access data.
If you want a full comparison of what today’s top companion apps offer within Riot’s framework, see how Blitz, Porofessor, Mobalytics, and buildzcrank stack up.