How do I read Entity Title Data Objects from my Backend server?
Hi,
I've been trying to figure out entity access permissions all day to no avail. I'm storing level and other static data via entities on the title. It successfully uploads data to TitleID with "title" as the EntityType in my Unity Editor tool.
However, when I run the same code in playmode it fails saying
There was an error with your playfab call! /Authentication/GetEntityToken error:The claim was not allowed to perform the requested action based on the entity's access policy. Policy comment: By default, all requests are denied. If you expected this request to succeed, you may be missing a policy. See the permissions APIs in PlayFab's Admin Api to add a permission. UnityEngine.Debug:Log(Object) PlayfabUtils:OnPlayFabError(PlayFabError) (at Assets/Scripts/Utils/PlayfabUtils.cs:11) PlayFab.Internal.PlayFabUnityHttp:OnResponse(String, CallRequestContainer) (at Assets/PlayFabSdk/Shared/Internal/PlayFabHttp/PlayFabUnityHttp.cs:259) PlayFab.Internal.<Post>d__12:MoveNext() (at Assets/PlayFabSdk/Shared/Internal/PlayFabHttp/PlayFabUnityHttp.cs:189) UnityEngine.SetupCoroutine:InvokeMoveNext(IEnumerator, IntPtr)
The code that will query playfab lives on our own server, and so is not public to the client.
Here is the code it's failing on
PlayFabAuthenticationAPI.GetEntityToken(new GetEntityTokenRequest() {
Entity = new PlayFab.AuthenticationModels.EntityKey() {
Id= "D889",
Type = "title"
},
}, (entityResult) => {
entityId = "D889";
entityType = "title";
//rest of callback code here
{
"Action": "Read",
"Effect": "Allow",
"Resource": "pfrn:data--*!*/Authentication/*",
"Principal": "*",
"Comment": "test to allow all authentication calls to be successful",
"Condition": null
} //here is the permissions I tried to make but I have no idea what I'm doing.
And here is the API call it's making https://D4889.playfabapi.com/Authentication/GetEntityToken?sdk=UnitySDK-2.76.191015
Best Answer
It looks like your TitleId is D4889 but the Entity.Id you write in your GetEntityTokenRequest is D889. PlayFab will return this error message when the Entity.Id of the request body is wrong. The typo is one of possible reasons why you get this error. Besides, if you have logged in a player account before calling GetEntityToken with a title entity, it would return this error too. If so, it is related to API policy. You can check API access policy for more about API policy.
However, generally, it isn’t recommended to “ENABLE ADMIN API” on clients or set the API Policy for clients to give them title level permissions. In this case, it’s safer to use CloudScript than changing API policy. Clients can call ExecuteEntityCloudScript to access CloudScript entity functions. CloudScript has permission to access the title’s entity object. And clients can get the title object info through CloudScript. So, using CloudScript can prevent the possible security risk caused by permission escalation. You can refer to the following CloudScript code.
handlers.getTitleObjects = function (args, context) {
var getObjectsResult = entity.GetObjects({
Entity: {
Id: "[YourTitleID]",
Type: "title",
TypeString: "title"
}
});
return {
getObjectsResult: getObjectsResult
};
};
There has been an update to the location of the API access policy documentation that Sarah mentioned above.
Please see the following for more information on configuring API Access Policies: https://docs.microsoft.com/en-us/gaming/playfab/api-references/api-access-policy
