Hey,
We're currently implementing a Guild system for our game and doing this through the Group API, which the documentation specifically mentions this is for. However there seems to be quite a few issues making it unsuitable for Guilds and some specifically for our uses. I was wondering if you had any solutions or if any of the issues might be addressed in future updates, or perhaps I've missed some functionality.
The first issue is that we have no way to limit the amount of members in a group. During our invite/application functionality we can grab a list of members in the group for instance. Which gives us the number of people in the group and then automatically throw the application away or stop a player receiving an invite. But those with a malicious client or just sending raw API requests themselves do not have to abide by these rules since it's a client side API and can basically send and accept as many invitations as they like to fill a group with more members than is allowed as well as become member of multiple groups(which we do not want in our game, since it's a Guild-like system). This is problematic when you have mechanics based around guild activity.
The second issue is that there's no builtin way or even a good way to make sure there is unique names for Groups. We can't fetch lists of all the groups(nor would we want to query that) to iterate and check names. It would be great if there was functionality to check if a name is in use on the API end.
Thirdly, there's not really a way that I can find to store persistent data on a Group or interact with it on the server side. For example, an admin setting a description of a Guild, which can be seen by other players. This would require both storing that data attached to the group so other members can query it when the player wants to read it. It would also require having a server-side end such as Cloudscript making sure that only the admin can write to that data and to validate it(for example censoring it). Not having Server-side interaction with Groups is particularly a problem for us as we'd like to implement some group based mechanics which cannot be trusted or reliably timed to be executed on the client side at all. Cloudscript and scheduled tasks seem perfect for this but they do not have access to the Group API other than post requests to the existing API that player clients can also access, making those interactions pretty untrustworthy.
A smaller issue is that grabbing a list of members of a guild or a list of waiting invites does not return the player names or group names respectively, which means we have to request them from the servers individually with more API calls. Which doesn't seem to make a lot of sense, if we're grabbing a list of Group members we definitely want to know the member's names or if we're grabbing a list of invites. We definitely want to know the Groups name who is inviting the current player, without potentially many more API calls to grab data about them.
Hopefully there's some solutions that I've missed for these issues.
Thanks,
Ben