Greetings!
I am looking into a choice of a backend platform for our upcoming F2P mobile game. PlayFab looks promising, but there are several questions and concerns I'd like to express before we make the final decision. I'm not sure if forums is the right place for this, but I think others could find this discussion helpful.
One of the main fears with regards to using PlayFab is associated with the lack of control of what clients are allowed to do. According to Terms Of Service point 2.4, my account (meaning the game and its success) can be terminated for repeated exceeding of the hard or soft usage limit. However, PlayFab Client API is exposed to everyone and anyone can make all kinds of requests to the servers serving my title. I have no control over many Client APIs that write data to the server. Any person can create a script that infinitely registers new users for a PlayFab title and uploads various data for those users, disrupting the service for others and/or spoiling the title's analytics reports. This could potentially be resolved by allowing Admins to restrict several things about Client API usage for their titles:
1. Restrict allowed registration methods. For most mobile games it would work if only Admins are allowed to create new user/password accounts (for team members). Others should only be able to register via Google, Apple or Facebook services. To my knowledge, you cannot automate account creation on those services (due to captcha and other protection mechanisms), so it would resolve the concern with allowing people to spam new PlayFab accounts.
2. Restrict what write APIs can be used. Our game (at least for now) most likely is not going to use Shared Groups, Characters, Trading functionality. It would be nice to be able to disable those APIs completely so that clients cannot post something unexpected to the service.
3. For data/events/statistics APIs, restrict the set of keys that can be uploaded. The set of events or statistics a title wants to gather is usually fixed at each point of time. Admins could provide this set so that disruptive users could not post data that doesn't make sense.
Another concern is associated with development process. It seems PlayFab only allows changing things live, which is awesome for some use cases, but usually you have a dev/QA cycle before releasing the next version of the game to the public. How should this be handled with PlayFab? Dev/QA at least may require testing user accounts, content and data that should not yet be present on live servers.
Title's Secret Key is a very sensitive data. What action can I perform if I think it got compromised? It looks like there is no way to generate a new key.
There is no clear pricing for Orbital Fun Ray option for PlayStream. Can we expect the pricing to go up at a rate no higher than $99/50,000 MAU, $99/10 rules at that point? What are the other hidden costs a successful game can expect with PlayFab? Are there approximate costs of raising title's soft/hard limits? Will those costs be based on the title's revenue?
Lastly, there is a couple of missing features that our game requires and they are common for many other games out there, too:
1. Achievements. This is common for both mobile and PC games. It would be nice to get an achievement system integrated with Game Center, Google Play and Steam. The minimal functionality here is to be able to define list of achievements, rewards for obtaining them (virtual currency and/or items), and APIs to award achievements or their partial progress.
2. Inbox. This is common for the most of long-living F2P mobile games. Inbox is the place where you get notified about game events or get messages from dev team. These cases are usually handled differently. Game event messages have retention policy and are unique for each user. They can be simple text messages, but usually it's more convenient to store them as a structured data that can be rendered in a unique way depending on the message type. Dev announcements are global, are usually kept indefinitely, and sometimes contain items/currency inside, allowing each existing player to collect them once (e.g. "Sorry we had a maintenance, take few gems" or "Merry Christmas from devs, we've got some gifts for you").