Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer

    • For Any Stage

      • Build
      • Improve
      • Grow

    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • Feature Requests /
avatar image

cool-daniel suggested an idea · Jan 27, 2018 at 02:41 AM · apisAccount Management

Secret key permission management

It would be usefull if you could set permissions for each secret key to limit its usage on specific categories like Player Data Management or Account management within the admin or server api while denying access to other categories of the api. This would enable admins to give out secret keys without exposing all functionality (like for example only letting a secret key call the GetPlayerProfile while not working for BanUsers)

thub.nodes.view.add-new-comment
cool-daniel
Brent Batas (Lisk)
larissa
david-marcelis
David Rochin

People who like this

5 Show 2
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Brent Batas (Lisk) · Jan 27, 2018 at 05:16 PM 0
Share

Agreed, this is a good idea.

avatar image larissa · Feb 12, 2018 at 06:46 PM 1
Share

Agreed! :)

One addition to this: It would also be useful, to be able to limit it to executing certain cloudscript handlers

1 comment

· Add your reply
avatar image

david-marcelis commented · Feb 19, 2018 at 02:40 PM

Want to upvote this issue. The idea of having the Server Key have access to the Admin API is scary. This means if a server or matchmaker was compromised, it gives permissions to change builds or worse.

Just a separation between Server Key, Matchmaker Key, and Admin Key would already greatly reduce the potential impact.

thub.nodes.view.add-new-comment
David Rochin

People who like this

1 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps

    • Your Opinion Counts

    We would love to know what you need. Submit your ideas and upvote others to help us prioritize.

    Sign in to post a new idea

    Follow

    Follow This Idea

    5 People are following this .

    avatar image avatar image avatar image avatar image avatar image

    Related Ideas

    Add Phone Number Verification/Linking API

    Client API call for Logout

    Numeric Object Ids

    Allow setting contact email in server api and/or admin api, or allow custom password recovery email from master email.

    Adding admin API Get User Account Info with Custom ID

    Get PlayFab IDs from Nintendo Service Accounts

    GetPlayFabIDsFromTwitchIDs

    Multiple JSON formatting options (get/set) from API

    Authentication management for Azure AD B2C tenant

    Extra API call that both purchases an item AND runs a cloudscript

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer

    • For Any Stage

      • Build
      • Improve
      • Grow

    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges