question

Muhammad Roshaan Tariq avatar image
Muhammad Roshaan Tariq asked

Get Language List fails at Entity Authentication

Hi,

I am trying to get languages list using GetLanguageList and according to it's document I need Entity Token which I am getting using GetEntityToken request.

Now I am getting my Entity Token successfully but my request for GetLanguageList fails for not being Authorized

Please check attached screenshot to see the Log from Unity

Thanks!

screenshot-2019-11-15-at-120811-pm.png

apisAccount ManagementAuthentication
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Muhammad Roshaan Tariq avatar image
Muhammad Roshaan Tariq answered

Update:

The body should be NULL

The correct cloud code for getting Entity token using cloud code:

handlers.getEntityToken = function(args, context){
  var header = {
     "X-SecretKey": "Redacted" 
  };
  
  var body={};
  var url = "https://Redacted.playfabapi.com/Authentication/GetEntityToken";
  var httpMethod = "post";
  var contentType = "application/json";
  var content = JSON.stringify(body);
  
  var response = http.request(url, httpMethod, content ,contentType, header);
  return {responseContent: response};
};

And now I am getting the langauge lists. Thanks @Citrus Yan

15 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Roshaan avatar image Roshaan commented ·

@Citrus Yan Yes I have successfully got the token using this code

0 Likes 0 ·
Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq Roshaan commented ·

it's nice you find it useful

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Roshaan commented ·

Please notice that it will potentially expose the title entity token to anyone who calls the Client/ExecuteCloudScript API.

0 Likes 0 ·
Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq commented ·

@Citrus Yan Yeah I posted it as an answer so if others find this ticket could easily find the answer. It turns out that the body should be passed in the http.request even if it's null otherwise it will throw an error

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan commented ·

You don't need to manually make an HTTP request if you are using CloudScript to get the title entity token. GetEntityToken is a built-in function in CloudScript, therefore, the following code

also works:

handlers.getEntityToken = function (args, context){
     titleEntityKey = {
        "Id": "your title id",
        "Type": "title"
    };
    return entity.GetEntityToken({Entity: titleEntityKey});
}<br>

However, this approach has some security risks: anyone can call the Client/ExecuteCloudScript API to retrieve the title entity token, which is hazardous for your title. You should avoid exposing this function to anyone.

0 Likes 0 ·
Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq Citrus Yan commented ·

@Citrus Yan So what should I do to prevent the over-calling?

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Muhammad Roshaan Tariq commented ·

You can use Postman to make an HTTP request to retrieve the title entity token without potentially exposing it to anyone else.

0 Likes 0 ·
Show more comments
Citrus Yan avatar image
Citrus Yan answered

The language list is only accessible by title entities, having taken a look at the log, looks like you passed the player level entity token to the GetLanguageList API. As a matter of fact, the language list barely changes, you can totally save it on the client-side instead of firing an API that requires title level entity token since this will expose your title to potential risks (the players might use the title entity token to tamper your title's data).

12 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq commented ·

@Citrus YanI am using a client provided account not this one from which I am posting the question. So how did you checked the Logs?

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Muhammad Roshaan Tariq commented ·

I looked at the screenshot you attached.

0 Likes 0 ·
Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq commented ·

@Citrus Yan Also how can I get the Title Level Entity Token? And I see that you suggest that I should store on the client-side instead of asking the API to get me the list. But how can I store the list when I don't have it in the first place?

Can you please link me to the document where I can find the list? Thanks!

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Muhammad Roshaan Tariq commented ·

You can call GetEntityToken with your title's SecretKey in the X-SecretKey header to retrieve your title's entity token, and use that with the GetLanguageList API.

0 Likes 0 ·
Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq Muhammad Roshaan Tariq commented ·

@Citrus Yan I see that it's in Admin API and would you recommmend this doing at the client-side?

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Muhammad Roshaan Tariq commented ·

No, this will expose your secret key to the clients, it's recommended that you do it from the server-side.

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.