In our game we have a couple of Azure Functions registered in Automation->Cloud Script that we only want to call from the server (scheduled tasks, rules, etc). How can we make sure that they can't be executed through the PlayFabCloudScriptAPI.ExecuteFunction or an api platform like postman?
Since you only want to make calls from the server (scheduled tasks, rules, etc.), there will be no way for others to know about your Azure Functions and how they are used internally. Therefore, as long as you do not leak information about your Azure functions, you don't have to worry about your Azure Function being called by the Execute Function API.
Thanks, is there a way to add an additional layer of security just in case the Azure function url is compromised? Someway to check that the function is being called through Playfab (St, rules, etc)
Since the ExecuteFuction API use a different context model than ScheduledTask and Rules, you may verify the caller of the Azure Function by determining whether the context contains certain data. You may refer to PlayFab CloudScript using Azure Functions Context Models - PlayFab | Microsoft Learn to have more information about the context model.
52 People are following this question.
