Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by mdiminsky · Jun 06, 2017 at 07:38 AM · apisdataCharacter DataCharacters

UpdateCharacterReadOnlyData Vs UpdateCharacterData

Hi,

So I would appreciate some clarification on something.

Your endpoint `UpdateCharacterData` makes sense because it allows for a client to update some information about their character. An example would be the player changing the name of their character right?

What I don't understand is when `UpdateCharacterReadOnlyData` will be used:

Does this mean that if a player tried to change the name of their character and called this endpoint there would be an error since it's 'read-only',even though I am using the Server API? If so, what would be the error?

Would it reject the client because the call is coming from the client? So it only accepts endpoints coming from the server? How does the endpoint know that?

If not, then what is the difference/the point between the two endpoints.

Doesn't updating 'read-only' data defeat the purpose(since we are writing to the data)?

Sorry for all the questions, I would just really appreciate some clarification.

Thanks!

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Brendan · Jun 06, 2017 at 08:28 AM

There's also an UpdateUserReadOnlyData. The point to them is that they cannot be written to from the Client API, but can from the Server API. Which makes them the perfect place to store data which needs to be protected by server-side authority, to prevent cheating.

Comment

People who like this

0 Show 12 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image mdiminsky · Jun 07, 2017 at 02:16 AM 0
Share

Ok so that's what I thought but let me clarify something with you:

So does that mean if I send a request from the Client to the Server api endpoint: `UpdateCharacterReadOnlyData` that it would only work if a secret key was provided? That is how you are preventing cheating right?

If this is true then again, is there a difference between: `UpdateCharacterReadOnlyData` and `UpdateCharacterData` since they both need a key and are not writable by the client(although your docs say that `UpdateCharacterData` IS writable by the client in server api docs: https://api.playfab.com/documentation/server/method/UpdateCharacterData

Please clarify. Thank you.

avatar image Brendan ♦♦ mdiminsky · Jun 07, 2017 at 02:36 AM 0
Share

There's no effective way for us to know that a device is or isn't a client - the way the APIs are designed is so that the Client API requires a Session Ticket, which is obtained by a login, while the Server and Admin APIs require a Secret Key, which is only available to the developer via the Game Manager. The client code should never have access to the Secret Key (and so, the Server/Admin API calls), as that would allow a hacker to do anything he wanted to, up to and including deleting players and altering title configuration data.

The calls to update data are the same for both player and character - read only data can be written to by Server API calls, while normal (read/write) data can be written to by either. The Client API version of UpdateCharacterData uses the Session Ticket, the same way that Client API version of UpdateUserData does: https://api.playfab.com/documentation/client/method/UpdateCharacterData

avatar image mdiminsky · Jun 07, 2017 at 02:36 AM 0
Share

And I know about `UpdateUserReadOnlyData` etc. I was just using this as an example.

avatar image mdiminsky · Jun 07, 2017 at 03:34 AM 0
Share

Hi @Brendan thank you for answering the questions from my initial question. What about my second reply?

1. Is there a difference between: `UpdateCharacterReadOnlyData` and `UpdateCharacterData` since they both need a key and are not writable by the client (if I am using the Server API only)

2. Why does `UpdateCharacterData` say that it is writable by the client in the server api docs. How is this possible if it requires a secret key that can only be obtained by the server?): https://api.playfab.com/documentation/server/method/UpdateCharacterData

avatar image Brendan ♦♦ mdiminsky · Jun 07, 2017 at 03:39 AM 0
Share

Sorry, I thought that was clear from the above. Character Data and Character Read Only Data works the same way that User Data and User Read Only Data works. The Client API has an Update call for both Character and User Data, while the Server API has Update calls for both types of each. Specific to UpdateCharacterData, there is a version of that call in the Client API, which I linked above. That's specifically what the Server API documentation refers to - that the client can call the Client API version.

avatar image mdiminsky · Jun 07, 2017 at 06:39 AM 0
Share

@Brendan Ok, I think there may be some confusion, my question has always been been about the difference between "somethingData" and "somethingReadOnlyData" --both endpoints of which are in Server API. My question was never about the difference between "somethingUserData" and "somethingCharacterData".

My original question directly referred to why one was referred as ReadOnly while the other was not even though they are BOTH in the Server API, BOTH need a SecretKey to be updated, and thus BOTH are ReadOnly no?

My second question was if "somethingData" works just like "somethingReadOnlyData" --- I am again referring to the ones in the server api not client api--and thus they both cannot be written by the client why does "somethingData" here: https://api.playfab.com/documentation/server/method/UpdateCharacterData say that it can be updated by the client?

Hope that made sense now...Because I am still confused which one to use since they seem the same to me.

avatar image Brendan ♦♦ mdiminsky · Jun 07, 2017 at 06:55 AM 0
Share

So, to be clear:

> My question was never about the difference between "somethingUserData" and "somethingCharacterData".

They write to distinct data sets. There's User data and Character data, which are separate. And within those, there are normal and Read Only data, which are also separate. Read Only data can be written to by a Server API call, and read from the Client or Server API. Normal data can be written to from either the Client or Server API and read from either.

To summarize:

User Data - a data space containing key/value pairs, associated with a specific player account, and which can be written to by the Client or Server API, and read from either. A key, "foo", whether written to or read from the Client or Server API resolves to the same key/value pair.

Character Data - a data space associated with a character belonging to a specific player account, but otherwise the same as above (though a separate data space from User Data).

Read Only Data (both) - a data space, separate from the regular User or Character Data space, which can be written to or read from a Server API call, but only read from a Client API call. Otherwise, as above.

Does that help?

avatar image mdiminsky · Jun 07, 2017 at 03:59 PM 0
Share

Hi Brendan, thank you for taking the time to respond so well. Again though lol, I don't know why you are telling me the difference between the character and user endpoints, like I said I understand them that was not my question.

I realized when I asked that question I didn't make it clear that I set up my server to call, for example, 'UpdateCharacterReadOnlyData` and/or 'UpdateCharacterData'--they would never be called from the client. Yet the client would call an endpoint that would then call the server...So if I set it up this way I guess there wouldn't be a difference between updating it via 'UpdateCharacterData' or 'UpdateCharacterReadOnlyData'...Since it is still...updating...from the server either way.

Thanks!

avatar image Brendan ♦♦ mdiminsky · Jun 07, 2017 at 10:23 PM 0
Share

Simply making sure to spell out everything, since it sounds like we're not quite on the same page. For example, where you say "there wouldn't be a difference between updating it via 'UpdateCharacterData' or 'UpdateCharacterReadOnlyData'", I worry that I'm not being clear that those are two completely different data spaces. So if you call UpdateCharacterData to update the key "foo" from the server, and then update it from the client, those two calls would write to the same key. But if you call UpdateCharacterReadOnlyData from the server and write to the key "foo", that's a completely different key from the one you wrote to with UpdateCharacterData.

Show more comments

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    2 People are following this question.

    avatar image avatar image

    Related Questions

    How to call SetObjects to create an object with the correct entity type 1 Answer

    Get Single Character/User Inventory Item 1 Answer

    GetCharacterData is not working properly ? 1 Answer

    UpdateCharacterData problem and characterID . 2 Answers

    Custom Login with many Users on a Single PC,Custom Login Page having Many users on a Single PC. 2 Answers

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges