I don't want that a player can use other avatars than the ones that I have created. The player can choose one of my avatars when he starts the game the very first time. After that, it's still possible to change the avatar in my game if you want. But I don't want that someone can use another avatar than the ones that I provide in my game, because I want that everyone can play my game, even children. I don't want that a player uses sexual or other forbidden avatars in my game.
How can I only use and allow my avatars in my game? Can I use UpdateAvatarUrl in my game to update a player's avatar or is there another/better way to do this?
var resultupdateavatar = await PlayFabClientAPI.UpdateAvatarUrlAsync(new UpdateAvatarUrlRequest() { ImageUrl = "https://....jpg" });
EDIT:
private async Task FetchApiPolicy() { var result = await PlayFabAdminAPI.GetPolicyAsync(new PlayFab.AdminModels.GetPolicyRequest() { PolicyName = "ApiPolicy" });
if (result.Error != null) //... else { foreach (var statement in result.Result.Statements) { if (statement.ApiConditions != null) Console.WriteLine("ApiCondition.HashSignatureOrEncryption: " + statement.ApiConditions.HasSignatureOrEncryption); } } }
private async Task UpdateApiPolicy() { var result = await PlayFabAdminAPI.UpdatePolicyAsync(new PlayFab.AdminModels.UpdatePolicyRequest() { PolicyName = "ApiPolicy", OverwritePolicy = false, Statements = new List<PermissionStatement>() { new PermissionStatement() { Action = "*", ApiConditions = new ApiCondition() { HasSignatureOrEncryption = Conditionals.False }, Comment = "disable UpdateAvatarUrl API calls", Resource = "pfrn:api--/Client/UpdateAvatarUrl", Effect = PlayFab.AdminModels.EffectType.Deny, Principal = "*" } } });
if (result.Error != null) //... else //... }
This code works because I get a "NotAuthorizedByTitle error" if I use UpdateAvatarUrl after I called UpdateApiPolicy(). But I have not understand if I need to implement FetchApiPolicy() and UpdateApiPolicy() in my client application or not when I publish my game to the App Store.
Is it necessary to implement this code in the client application or is it only necessary to run this code once from my device in order to deny "pfrn:api--/Client/UpdateAvatarUrl" for all players who play my game?