UpdateCharacterReadOnlyData Vs UpdateCharacterData

Question

question

mdiminsky asked Jun 6, '17

UpdateCharacterReadOnlyData Vs UpdateCharacterData

Hi,

So I would appreciate some clarification on something.

Your endpoint `UpdateCharacterData` makes sense because it allows for a client to update some information about their character. An example would be the player changing the name of their character right?

What I don't understand is when `UpdateCharacterReadOnlyData` will be used:

Does this mean that if a player tried to change the name of their character and called this endpoint there would be an error since it's 'read-only',even though I am using the Server API? If so, what would be the error?

Would it reject the client because the call is coming from the client? So it only accepts endpoints coming from the server? How does the endpoint know that?

If not, then what is the difference/the point between the two endpoints.

Doesn't updating 'read-only' data defeat the purpose(since we are writing to the data)?

Sorry for all the questions, I would just really appreciate some clarification.

Thanks!

apis data Character Data Characters

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2017-06-06T08:28:30Z

brendan answered Jun 6, '17

There's also an UpdateUserReadOnlyData. The point to them is that they cannot be written to from the Client API, but can from the Server API. Which makes them the perfect place to store data which needs to be protected by server-side authority, to prevent cheating.

12

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

mdiminsky commented · Jun 07, 2017 at 02:16 AM

Ok so that's what I thought but let me clarify something with you:

So does that mean if I send a request from the Client to the Server api endpoint: `UpdateCharacterReadOnlyData` that it would only work if a secret key was provided? That is how you are preventing cheating right?

If this is true then again, is there a difference between: `UpdateCharacterReadOnlyData` and `UpdateCharacterData` since they both need a key and are not writable by the client(although your docs say that `UpdateCharacterData` IS writable by the client in server api docs: https://api.playfab.com/documentation/server/method/UpdateCharacterData

Please clarify. Thank you.

0 ·

brendan mdiminsky commented · Jun 07, 2017 at 02:36 AM

There's no effective way for us to know that a device is or isn't a client - the way the APIs are designed is so that the Client API requires a Session Ticket, which is obtained by a login, while the Server and Admin APIs require a Secret Key, which is only available to the developer via the Game Manager. The client code should never have access to the Secret Key (and so, the Server/Admin API calls), as that would allow a hacker to do anything he wanted to, up to and including deleting players and altering title configuration data.

The calls to update data are the same for both player and character - read only data can be written to by Server API calls, while normal (read/write) data can be written to by either. The Client API version of UpdateCharacterData uses the Session Ticket, the same way that Client API version of UpdateUserData does: https://api.playfab.com/documentation/client/method/UpdateCharacterData

0 ·

mdiminsky commented · Jun 07, 2017 at 02:36 AM

And I know about `UpdateUserReadOnlyData` etc. I was just using this as an example.

0 ·

mdiminsky commented · Jun 07, 2017 at 03:34 AM

Hi @Brendan thank you for answering the questions from my initial question. What about my second reply?

1. Is there a difference between: `UpdateCharacterReadOnlyData` and `UpdateCharacterData` since they both need a key and are not writable by the client (if I am using the Server API only)

2. Why does `UpdateCharacterData` say that it is writable by the client in the server api docs. How is this possible if it requires a secret key that can only be obtained by the server?): https://api.playfab.com/documentation/server/method/UpdateCharacterData

0 ·

brendan mdiminsky commented · Jun 07, 2017 at 03:39 AM

Sorry, I thought that was clear from the above. Character Data and Character Read Only Data works the same way that User Data and User Read Only Data works. The Client API has an Update call for both Character and User Data, while the Server API has Update calls for both types of each. Specific to UpdateCharacterData, there is a version of that call in the Client API, which I linked above. That's specifically what the Server API documentation refers to - that the client can call the Client API version.

0 ·

mdiminsky commented · Jun 07, 2017 at 06:39 AM

@Brendan Ok, I think there may be some confusion, my question has always been been about the difference between "somethingData" and "somethingReadOnlyData" --both endpoints of which are in Server API. My question was never about the difference between "somethingUserData" and "somethingCharacterData".

My original question directly referred to why one was referred as ReadOnly while the other was not even though they are BOTH in the Server API, BOTH need a SecretKey to be updated, and thus BOTH are ReadOnly no?

My second question was if "somethingData" works just like "somethingReadOnlyData" --- I am again referring to the ones in the server api not client api--and thus they both cannot be written by the client why does "somethingData" here: https://api.playfab.com/documentation/server/method/UpdateCharacterData say that it can be updated by the client?

Hope that made sense now...Because I am still confused which one to use since they seem the same to me.

0 ·

brendan mdiminsky commented · Jun 07, 2017 at 06:55 AM

So, to be clear:

> My question was never about the difference between "somethingUserData" and "somethingCharacterData".

They write to distinct data sets. There's User data and Character data, which are separate. And within those, there are normal and Read Only data, which are also separate. Read Only data can be written to by a Server API call, and read from the Client or Server API. Normal data can be written to from either the Client or Server API and read from either.

To summarize:

User Data - a data space containing key/value pairs, associated with a specific player account, and which can be written to by the Client or Server API, and read from either. A key, "foo", whether written to or read from the Client or Server API resolves to the same key/value pair.

Character Data - a data space associated with a character belonging to a specific player account, but otherwise the same as above (though a separate data space from User Data).

Read Only Data (both) - a data space, separate from the regular User or Character Data space, which can be written to or read from a Server API call, but only read from a Client API call. Otherwise, as above.

Does that help?

0 ·

mdiminsky commented · Jun 07, 2017 at 03:59 PM

Hi Brendan, thank you for taking the time to respond so well. Again though lol, I don't know why you are telling me the difference between the character and user endpoints, like I said I understand them that was not my question.

I realized when I asked that question I didn't make it clear that I set up my server to call, for example, 'UpdateCharacterReadOnlyData` and/or 'UpdateCharacterData'--they would never be called from the client. Yet the client would call an endpoint that would then call the server...So if I set it up this way I guess there wouldn't be a difference between updating it via 'UpdateCharacterData' or 'UpdateCharacterReadOnlyData'...Since it is still...updating...from the server either way.

Thanks!

0 ·

brendan mdiminsky commented · Jun 07, 2017 at 10:23 PM

Simply making sure to spell out everything, since it sounds like we're not quite on the same page. For example, where you say "there wouldn't be a difference between updating it via 'UpdateCharacterData' or 'UpdateCharacterReadOnlyData'", I worry that I'm not being clear that those are two completely different data spaces. So if you call UpdateCharacterData to update the key "foo" from the server, and then update it from the client, those two calls would write to the same key. But if you call UpdateCharacterReadOnlyData from the server and write to the key "foo", that's a completely different key from the one you wrote to with UpdateCharacterData.

0 ·

Show more comments

question