• Sign Up Login
  • Features
    • Game Services
    • Real-time Analytics
    • LiveOps
    • Add-ons
  • Game Services
  • Real-time Analytics
  • LiveOps
  • Add-ons
  • Games
  • Pricing
  • Blog
  • Support
    • Docs
    • Forums
    • Contact
  • Docs
  • Forums
  • Contact
  • Sign Up Login
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Ideas
    • Articles
    • Users
    • Badges
  • Home /
  • General Discussion /
avatar image
Question by Brent Batas · Apr 20, 2017 at 04:56 PM · apisPlayer Data

Prevent user from changing its Title Display Name?

I want to give users the option to set their display name once and only once. Maybe we might process name change requests in the future, or offer it as a premium service, but the point is I don't want users to be able to update their own display names at will.

I'm looking at the UpdateUserTitleDisplayName API call:

https://api.playfab.com/documentation/client/method/UpdateUserTitleDisplayName

It looks like this is in the Client API. If I use this, it seems like someone theoretically could just make an HTTP POST request and change their username.

How can I prevent this? I want to use either the Username or Title Display Name, rather than just a read-only field, so that I can search for players based on these identifiers. (via GetAccountInfo and such).

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Brendan · Apr 20, 2017 at 05:26 PM

Sure, you can turn off any Client API using the Permission Policies for your title: https://playfab.com/blog/permission-policies. That way, once you create the Title Display Name via RegisterPlayFabUser (which can't be called more than once for a single account, since it's specifically what creates the account), they wouldn't be able to change it. Alternately, the Username can't be changed once an account is created, so you could just use that if you want to allow for frictionless account creation with a Device ID first (you'd use AddUsernamePassword to add it).

Comment
Brian Jordan

People who like this

1 Show 2 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Brent Batas · Apr 20, 2017 at 06:36 PM 0
Share

Hi Brendan, thanks for the reply.

Two questions:

1) Am I understanding correctly that if I specify an ApiPolicy, anything not specified is considered to be blocked?

2) I originally thought to use Username, but AddUsernamePassword requires an email and password, which I don't want to require from the user. (Steam authentication is sufficient)

avatar image Brendan ♦♦ Brent Batas · Apr 21, 2017 at 02:27 AM 0
Share

That's correct - by default, the API calls are considered disallowed. You have to specifically enable them.

And yes, if you're not using email and password, that API call isn't really going to work for you (we do plan to add those as separate API calls later - the original one we have was as a result of a specific request).

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps

    • Follow this Question

    Answers Answers and Comments

    2 People are following this question.

    avatar image avatar image

    Related Questions

    How to print certain items from the inventory i.e items of particular class or tags using unity from server side? Can someone paste the code? 1 Answer

    GetUserData vs GetPlayerProfile ? why Different 1 Answer

    Upload a file to player account From UNITY 2 Answers

    GetInternalUserData unexpected empty Data/Keys result. 3 Answers

    GetPlayersInSegment : Specification of the needed player profile information to fetch 1 Answer

    • PlayFab

      • Features
      • Games
      • Pricing
      • Blog

    • Engineers

      • Documentation
      • Quickstarts
      • API Reference
      • SDKs
      • Usage Limits

    • Support

      • Forums
      • Videos
      • Contact
      • Service Health
      • Terms of Service

    • Social

      • Facebook
      • Twitter
      • LinkedIn
      • YouTube
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • About Microsoft
    • Jobs
    • Accessibility
    • Diversity & inclusion
    • Security
    • Company news
    • © Microsoft 2019
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Post an idea
    • Create an article
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Ideas
    • Articles
    • Users
    • Badges