Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by Muhammad Roshaan Tariq · Nov 15, 2019 at 07:25 AM · apisAccount ManagementAuthentication

Get Language List fails at Entity Authentication

Hi,

I am trying to get languages list using GetLanguageList and according to it's document I need Entity Token which I am getting using GetEntityToken request.

Now I am getting my Entity Token successfully but my request for GetLanguageList fails for not being Authorized

Please check attached screenshot to see the Log from Unity

Thanks!

screenshot-2019-11-15-at-120811-pm.png

screenshot-2019-11-15-at-120811-pm.png (66.9 kB)
Comment
Roshaan

People who like this

1 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

2 Replies

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Muhammad Roshaan Tariq · Nov 18, 2019 at 07:00 AM

Update:

The body should be NULL

The correct cloud code for getting Entity token using cloud code:

handlers.getEntityToken = function(args, context){
  var header = {
     "X-SecretKey": "Redacted" 
  };
  
  var body={};
  var url = "https://Redacted.playfabapi.com/Authentication/GetEntityToken";
  var httpMethod = "post";
  var contentType = "application/json";
  var content = JSON.stringify(body);
  
  var response = http.request(url, httpMethod, content ,contentType, header);
  return {responseContent: response};
};

And now I am getting the langauge lists. Thanks @Citrus Yan

Comment

People who like this

0 Show 15 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Roshaan · Nov 18, 2019 at 07:27 AM 0
Share

@Citrus Yan Yes I have successfully got the token using this code

avatar image Muhammad Roshaan Tariq Roshaan · Nov 18, 2019 at 07:30 AM 0
Share

it's nice you find it useful

avatar image Citrus Yan ♦ Roshaan · Nov 18, 2019 at 07:46 AM 0
Share

Please notice that it will potentially expose the title entity token to anyone who calls the Client/ExecuteCloudScript API.

avatar image Muhammad Roshaan Tariq · Nov 18, 2019 at 07:29 AM 0
Share

@Citrus Yan Yeah I posted it as an answer so if others find this ticket could easily find the answer. It turns out that the body should be passed in the http.request even if it's null otherwise it will throw an error

avatar image Citrus Yan ♦ · Nov 18, 2019 at 07:35 AM 0
Share

You don't need to manually make an HTTP request if you are using CloudScript to get the title entity token. GetEntityToken is a built-in function in CloudScript, therefore, the following code

also works:

handlers.getEntityToken = function (args, context){
     titleEntityKey = {
        "Id": "your title id",
        "Type": "title"
    };
    return entity.GetEntityToken({Entity: titleEntityKey});
}<br>

However, this approach has some security risks: anyone can call the Client/ExecuteCloudScript API to retrieve the title entity token, which is hazardous for your title. You should avoid exposing this function to anyone.

avatar image Muhammad Roshaan Tariq Citrus Yan ♦ · Nov 18, 2019 at 07:37 AM 0
Share

@Citrus Yan So what should I do to prevent the over-calling?

avatar image Citrus Yan ♦ Muhammad Roshaan Tariq · Nov 18, 2019 at 07:44 AM 0
Share

You can use Postman to make an HTTP request to retrieve the title entity token without potentially exposing it to anyone else.

Show more comments
avatar image

Answer by Citrus Yan · Nov 15, 2019 at 09:06 AM

The language list is only accessible by title entities, having taken a look at the log, looks like you passed the player level entity token to the GetLanguageList API. As a matter of fact, the language list barely changes, you can totally save it on the client-side instead of firing an API that requires title level entity token since this will expose your title to potential risks (the players might use the title entity token to tamper your title's data).

Comment

People who like this

0 Show 12 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Muhammad Roshaan Tariq · Nov 15, 2019 at 10:05 AM 0
Share

@Citrus YanI am using a client provided account not this one from which I am posting the question. So how did you checked the Logs?

avatar image Citrus Yan ♦ Muhammad Roshaan Tariq · Nov 15, 2019 at 10:12 AM 0
Share

I looked at the screenshot you attached.

avatar image Muhammad Roshaan Tariq · Nov 15, 2019 at 11:00 AM 0
Share

@Citrus Yan Also how can I get the Title Level Entity Token? And I see that you suggest that I should store on the client-side instead of asking the API to get me the list. But how can I store the list when I don't have it in the first place?

Can you please link me to the document where I can find the list? Thanks!

avatar image Citrus Yan ♦ Muhammad Roshaan Tariq · Nov 15, 2019 at 11:33 AM 0
Share

You can call GetEntityToken with your title's SecretKey in the X-SecretKey header to retrieve your title's entity token, and use that with the GetLanguageList API.

avatar image Muhammad Roshaan Tariq Muhammad Roshaan Tariq · Nov 15, 2019 at 12:49 PM 0
Share

@Citrus Yan I see that it's in Admin API and would you recommmend this doing at the client-side?

avatar image Citrus Yan ♦ Muhammad Roshaan Tariq · Nov 18, 2019 at 05:34 AM 0
Share

No, this will expose your secret key to the clients, it's recommended that you do it from the server-side.

Show more comments

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    4 People are following this question.

    avatar image avatar image avatar image avatar image

    Related Questions

    Email registration across different titles 1 Answer

    Best practice for caching a previously authenticated user? 2 Answers

    Server API for AddGenericId and GetPlayFabIDsFromGenericIDs 1 Answer

    Is it possible to Send/Accept Friend Requests (XBOX, Steam, PS4) all within an IOS App? 1 Answer

    AddUsernamePassword requires both email and username while Other APIs do not? 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges