question

Kim Strasser avatar image
Kim Strasser asked

I only want to allow my avatars in my game

I don't want that a player can use other avatars than the ones that I have created. The player can choose one of my avatars when he starts the game the very first time. After that, it's still possible to change the avatar in my game if you want. But I don't want that someone can use another avatar than the ones that I provide in my game, because I want that everyone can play my game, even children. I don't want that a player uses sexual or other forbidden avatars in my game.

How can I only use and allow my avatars in my game? Can I use UpdateAvatarUrl in my game to update a player's avatar or is there another/better way to do this?

var resultupdateavatar = await PlayFabClientAPI.UpdateAvatarUrlAsync(new UpdateAvatarUrlRequest()
{
    ImageUrl = "https://....jpg"
});

EDIT:

private async Task FetchApiPolicy()
{
    var result = await PlayFabAdminAPI.GetPolicyAsync(new PlayFab.AdminModels.GetPolicyRequest()
    {
        PolicyName = "ApiPolicy"
    });

if (result.Error != null) //... else { foreach (var statement in result.Result.Statements) { if (statement.ApiConditions != null) Console.WriteLine("ApiCondition.HashSignatureOrEncryption: " + statement.ApiConditions.HasSignatureOrEncryption); } } }

private async Task UpdateApiPolicy() { var result = await PlayFabAdminAPI.UpdatePolicyAsync(new PlayFab.AdminModels.UpdatePolicyRequest() { PolicyName = "ApiPolicy", OverwritePolicy = false, Statements = new List<PermissionStatement>() { new PermissionStatement() { Action = "*", ApiConditions = new ApiCondition() { HasSignatureOrEncryption = Conditionals.False }, Comment = "disable UpdateAvatarUrl API calls", Resource = "pfrn:api--/Client/UpdateAvatarUrl", Effect = PlayFab.AdminModels.EffectType.Deny, Principal = "*" } } });

if (result.Error != null) //... else //... }

This code works because I get a "NotAuthorizedByTitle error" if I use UpdateAvatarUrl after I called UpdateApiPolicy(). But I have not understand if I need to implement FetchApiPolicy() and UpdateApiPolicy() in my client application or not when I publish my game to the App Store.

Is it necessary to implement this code in the client application or is it only necessary to run this code once from my device in order to deny "pfrn:api--/Client/UpdateAvatarUrl" for all players who play my game?

Player Data
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Seth Du avatar image
Seth Du answered

If I understand correctly, your requirement is to disable players from updating their avatars. There are few quick solution:

  • Simply not providing UpdateAvatarUrl API in the game client and in fact it will prevent most of the cases.
  • Developers are also able to disallow any client API via updating API policy. GetPolicy Admin API can be used to retrieved current API policy and you may use UpdatePolicy API to deny the access for UpdateAvatarUrl API. Here is the policy you need to add:
{ 
 "Resource": "pfrn:api--/Client/UpdateAvatarUrl", 
"Action": "*", 
"Effect": "Deny", 
"Principal": "*", 
"Comment": "disable UpdateAvatarUrl  API calls" 
}
4 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kim Strasser avatar image Kim Strasser commented · 
If I understand correctly, your requirement is to disable players from updating their avatars.

I want that players can update their avatars(whenever they want), but only with certain avatars that I created. For example, I have list with 12 avatars in my game. The player can choose an avatar in this list. After that, I call UpdateAvatarUrl in my game to update his avatar with the one that he has chosen in the list.

Is UpdateAvatarUrl a save way to update player avatars? I don't want that someone can use another avatar than the 12 avatars that are in my list in my game.

I want to use player avatars in leaderboards and friends lists.

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Kim Strasser commented ·

To make sure players cannot update avatars other than pre-defined 12 options, I believe you need to implement this function on the cloud script so that players can only pass through 1-12 number to the cloud script function, where you can call server API UpdateAvatarUrl to update.

Besides, disable client API UpdateAvatarUrl in the API policy will still help.

0 Likes 0 ·
Kim Strasser avatar image Kim Strasser Seth Du ♦ commented ·

I edited my question and added some code. But I don't know if I need to implement this code in the client application or not.

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.