Hello!
I've been evaluating and learning PlayFab for about 6 months, and the time has come to actually think about the end solution with game instances communicating towards the PlayFab backend.
PlayFab comes with a myriad of API's and I've been using most of them straight inside my game using the SDK's for Unity. It has dawned on me that far from all API's are meant to be used on the client (a running game instance) directly, and I'm struggling to find any articles that speak more about security, or architectural best practices when it comes to this subject (does those exist?), so I just want to briefly share my overall current understanding and see if I have a sound reasoning:
* On the big whole, all operations not present in the Unity PlayFabClientAPI are not designed to be used from the Game Client.
* Some functions that only mean fetching or reading data are ok to be used from the Game Client.
* For functions not designed to be used from the Game Client, they should be invoked by querying CloudScripts or Azure Functions and give meaningful data back to the Game Client.
* There are some gray areas where I'm unsure, for instance the PlayFabParty SDK. Of course Players need to be able to join a Party Network, receive data from it, but is it "safe" to actually request and join a party network from the client, or should that logic be in a CloudScript?
Best Regards,
Tobias.