question

Shh avatar image
Shh asked

External (non-PlayFab) API Key restriction to whitelist PlayFab cloudscript traffic

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Shh avatar image Shh commented ·

Is it possible to whitelist PlayFab in some way? We want to restrict an API key only for use in cloudscript, is there a PlayFab HTTP referrer header passed or an IP address/range we could whitelist for cloudscript traffic to our API?

0 Likes 0 ·

2 Answers

·
brendan avatar image
brendan answered

Update, as we've made a significant change to the service which will allow for whitelisting (though the secret from the original response works fine, as well).

All calls coming from PlayFab will now be seen as coming from one of three IP Addresses: 34.213.208.16, 34.216.170.167, and 52.13.201.178.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image
brendan answered

PlayFab calls can come from any AWS US-West-2 IP Address, so you really can't whitelist it that way. If you're creating a Web API endpoint which will be called from Cloud Script, just use a header value to pass a shared secret, though. You can have that defined as a static value in your Cloud Script, since no client will ever be able to see that.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.