Get Language List fails at Entity Authentication
Hi,
I am trying to get languages list using GetLanguageList and according to it's document I need Entity Token which I am getting using GetEntityToken request.
Now I am getting my Entity Token successfully but my request for GetLanguageList fails for not being Authorized
Please check attached screenshot to see the Log from Unity
Thanks!
Best Answer
Update:
The body should be NULL
The correct cloud code for getting Entity token using cloud code:
handlers.getEntityToken = function(args, context){
var header = {
"X-SecretKey": "Redacted"
};
var body={};
var url = "https://Redacted.playfabapi.com/Authentication/GetEntityToken";
var httpMethod = "post";
var contentType = "application/json";
var content = JSON.stringify(body);
var response = http.request(url, httpMethod, content ,contentType, header);
return {responseContent: response};
};
And now I am getting the langauge lists. Thanks @Citrus Yan
@Citrus Yan Yes I have successfully got the token using this code
Please notice that it will potentially expose the title entity token to anyone who calls the Client/ExecuteCloudScript API.
@Citrus Yan Yeah I posted it as an answer so if others find this ticket could easily find the answer. It turns out that the body should be passed in the http.request even if it's null otherwise it will throw an error
You don't need to manually make an HTTP request if you are using CloudScript to get the title entity token. GetEntityToken is a built-in function in CloudScript, therefore, the following code
also works:
handlers.getEntityToken = function (args, context){
titleEntityKey = {
"Id": "your title id",
"Type": "title"
};
return entity.GetEntityToken({Entity: titleEntityKey});
}<br>
However, this approach has some security risks: anyone can call the Client/ExecuteCloudScript API to retrieve the title entity token, which is hazardous for your title. You should avoid exposing this function to anyone.
@Citrus Yan So what should I do to prevent the over-calling?
You can use Postman to make an HTTP request to retrieve the title entity token without potentially exposing it to anyone else.
The language list is only accessible by title entities, having taken a look at the log, looks like you passed the player level entity token to the GetLanguageList API. As a matter of fact, the language list barely changes, you can totally save it on the client-side instead of firing an API that requires title level entity token since this will expose your title to potential risks (the players might use the title entity token to tamper your title's data).
@Citrus YanI am using a client provided account not this one from which I am posting the question. So how did you checked the Logs?
I looked at the screenshot you attached.
@Citrus Yan Also how can I get the Title Level Entity Token? And I see that you suggest that I should store on the client-side instead of asking the API to get me the list. But how can I store the list when I don't have it in the first place?
Can you please link me to the document where I can find the list? Thanks!
You can call GetEntityToken with your title's SecretKey in the X-SecretKey header to retrieve your title's entity token, and use that with the GetLanguageList API.
@Citrus Yan I see that it's in Admin API and would you recommmend this doing at the client-side?
No, this will expose your secret key to the clients, it's recommended that you do it from the server-side.
