question

Branson Costin avatar image
Branson Costin asked

Confused On Cloud Scripts

Hey this is probably a beginner questions but I'm a little bit confused about cloud scripts. So for my game I connect to play fab then I add currency to my player using the AddUserVirtualCurrencyRequest and PlayFabClientAPI.AddUserVirtualCurrency. I learned that this is not very secure since any player can call these function and add infinite currency. I took a look at cloud scripts which people say is more secure but I'm confused how. I see that you need to call and API cloud request to call the function but couldn't the player just infinitely call that? Or let's say you do checks to make sure the call is legit couldn't you just do those check with the normal API calls without using the cloud scripts? Sorry if this is a beginner question I am just confused on how exactly cloud scripts are more secure. Thanks

CloudScript
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Neils Shi avatar image
Neils Shi answered

As you said, allowing players to directly call the client API AddUserVirtualCurrency may cause players to cheat by adding virtual currency to their accounts directly on the client. The main advantage of cloud scripts is that you can execute logic on the server side, rather than on the client side. For example, you can create a cloud script for adding virtual currency to the player, and you can add some check logic to the cloud script. This function could check if the conditions for adding currency are met (such as if the player completing a quest). Then, the API AddUserVirtualCurrency is actually called only if these conditions are met. This way, even if the player tries to call the API ExecuteCloudScript multiple times, they will only get the currency if the conditions are met. As for why we don't recommend you add these logic checks on the client and let players call the Client API AddUserVirtualCurrency directly, this is because the client code can be accessed and modified by players, and players may bypass the check mechanism and directly add virtual currency to their accounts.

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Branson Costin avatar image Branson Costin commented ·

Ah that makes a lot more sense, sorry for the beginner question and thanks for you help!

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.