ResetPassword javascript API

Question

question

justindooley asked Jan 4, '19

ResetPassword javascript API

So I'm in the final stretch of implementing the account login for our site which runs on php/javascript. The whole process of resetting a users password comes down to one function call now. PlayFabAdminAPI.ResetPassword

My issue here is that it seems to require access to our secret key for authentication. I'm not too keen on putting this information on any forward facing element. Especially in Javascript where it's not too hard to find variables if you know what you are looking for.

What's the proper process here for calling the admin API for resetting a password?

Account Management Authentication

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2019-01-04T22:48:52Z

Andy answered Jan 4, '19

Any Admin API should only be called from your backend servers or other internal tooling. If you wanted to expose the functionality directly to your users, you'd want to provide them a separate web API that they can call that provides your backend with the necessary information. Some games do this; others just let customer support handle password resets.

3

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

justindooley commented · Jan 04, 2019 at 11:09 PM

Yeah I figured as much. I don't want to expose the functionality to the user. I just want them to be able to access out server and reset their own password. It just seems that php isn't an option for the web api and I'm not exactly sure what I'd use in place of this.

It just seems that php isn't an option for the web api and I'm not familiar with Node. I feel like I'm missing a trick somewhere. It looks like I can just submit my own POST request from php but I'd essentially have to spoof settings for the JavaScriptSDK version. It also could cause issues with updating in the future. The whole thing seems like not the correct way to do it but maybe I'm wrong.

0 ·

Andy ♦♦ justindooley commented · Jan 05, 2019 at 12:09 AM

You're correct. We don't have a php SDK, so you'd need to roll your own web requests. Fortunately, that should be really easy, as our REST API is quite simple and is officially supported (so you won't have to worry about breaking changes).

To get familiar with constructing your own PlayFab web requests, you can take a look at our Postman tutorial: https://api.playfab.com/docs/tutorials/execute-playfab-api-via-postman

0 ·

justindooley Andy ♦♦ commented · Jan 05, 2019 at 12:15 AM

Alright web requests it is. I'm familiar with postman. It was more an issue of if this approach was correct of if I was making things more complicated then they had to be (not that it's all that complicated to begin with).

0 ·

question