question

MoonHeonYoung avatar image
MoonHeonYoung asked

server api and client api

Hi I have a question on the server api and the client api.

First of all, as I understand it,

Client api is used in Unity, (c # file of project)

The server api is in a cloud script or a dedicated game server

(I don't understand this too. If there is a good solution like cloud script, Why create a dedicated server from the ground up?)

The difference between these two apis is the cheating prevention,

and whether or not to check the validity,

After all, server api also calls server api of cloud script through executecloudscript in Unity Client.

For example, i understand like this, someone maliciously invokes clientapi.addtovertualcurrency on the client multiple times and versus exploit unjustly multiple calls to the executecloudscript function.

How is cheat prevention possible in this case?

ps.

I've been studying with this link https://api.playfab.com/docs/tutorials

The tutorial seems to have been renewed.

Do I have to study new? Some code seems to have changed ...

Do you have to study again with this site?

https://docs.microsoft.com/en-us/gaming/playfab/?#pivot=documentation&panel=playfab

I studied things other than the new entity object (playerstatistic..etc)

Should I change my project to the entity concept?

The documentation says that we recommend using the entity feature.

thanks all

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Citrus Yan avatar image
Citrus Yan answered

@MoonHeonYoung, I am answering all your questions in here:

>>If so, is there a guide document for creating my own dedicated server?

Sorry, there is no public documentation on dedicated servers, you’ll need to design your own server logic for the game you’re developing and implement it with the Server APIs PlayFab provides.

>>If I create and operate a dedicated server, is it the same as the existing pricing plan of Play Fab?

Yes, they are, your dedicated server utilizes PlayFab server APIs, that’s all, I don’t see why there is another pricing plan for this.

>>What is the purpose of PlayFabServerAPI.ExecuteCloudScript?... Why is that?

Actually, there are not identical, if you compare these two APIs carefully, you will find there are few differences:

  • Server/ExecuteCloudScript requires PlayFabId while Client/ExecuteCloudScript does not, this design is for the purpose of enabling the Server/ExecuteCloudScript API to run CloudScript on any players you specify.
  • Server/ExecuteCloudScript uses SecretKey for authentication while Client/ExecuteCloudScript uses Session ticket retrieved from any Client Login functions, which means that Client/ExecuteCloudScript can only execute CloudScript for the players corresponding to the Session ticket passed into it.

Therefore, the purpose of all the server APIs, including PlayFabServerAPI.ExecuteCloudScript, is to enable you to perform any operations on players you specify directly, sort of acting like a administrator.

>> Is there a permission on / off function that prevents the user from calling a function like PlayFabClientAPI.ExecuteCloudScript?

Yes, you can utilize the API Access Policy feature to deny certain APIs from the game client, which is PlayFabClientAPI.ExecuteCloudScript in your case, please navigate to the link for more details.

>> should serverapi is only used in CloudScript, can't clientapi be used?

To be more precise, server API should only be used in server-side, including CloudScript, and, it makes no sense that you use client API in server-side since server APIs can do whatever functions client APIs have.

>> It is supposed to enter the secret key in this, but if it is included in the game build, all users will have the secret key in the file? Can a user run server api using this secret key? (Maliciously)

To be clear, if you disable server and admin APIs in the Unity Editor Extensions, uses won’t be able to access the secret key, maybe showing the code will makes it more clear, here is the part of the source code from PlayFabSharedSettings ScriptableObject file:

#if ENABLE_PLAYFABSERVER_API || ENABLE_PLAYFABADMIN_API ||UNITY_EDITOR  

public string DeveloperSecretKey;

#endif

And yes, if users somehow obtained the secret key, he/she can do terrible things to your game, so please don’t expose it to the users.

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

MoonHeonYoung avatar image MoonHeonYoung commented ·

Thank you again! if i have any further questions, i will post it!

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan MoonHeonYoung commented ·

Glad it helped:)

0 Likes 0 ·
Citrus Yan avatar image
Citrus Yan answered

>>I don't understand this too. If there is a good solution like cloud script, Why create a dedicated server from the ground up?

Yes, indeed, CloudScript is a good alternative to dedicated servers, however, since it lives and executes directly on PlayFab machines, it has few limitations:

  • Cloud Script execution time (API call):Processing time for a Cloud Script function called by the ExecuteCloudScript API.
  • Cloud Script execution API requests issued: Number of PlayFab API requests made from a Cloud Script function called by the ExecuteCloudScript API.
  • Cloud Script script size: Total size of all files in a Cloud Script revision, measured in UTF-8 encoded bytes.
  • Cloud Script arguments size: Total size of the arguments to a Cloud Script function, measured in UTF-8 encoded bytes.

Of course, you can customize these limits by contacting the sales team, however, utilizing a dedicated server sometimes can be more flexible and economical.

>> The difference between these two APIs is the cheating prevention, and whether or not to check the validity, After all, server API also calls the server API of cloud script through executecloudscript in Unity Client.

To be clear, server API requires Secret Key, which should not be exposed to players, and, they do not check the validity themself, it’s up to you to add some validation before calling them. Moreover, in Unity Clients, you should use the client API: Client/ExecuteCloudScript to execute a CloudScript function.

>> How is cheat prevention possible in this case?

In the CloudScript function you defined, you’ll need to add some validation logic before calling the AddUserVirtualCurrency server API to prevent cheating.

>> Do I have to study new? Some code seems to have changed ...Do you have to study again with this site?

It’s recommended that you refer to the new portal: Azure PlayFab documentation from now on, however, there is no need to study again with the new site.

>> Should I change my project to the entity concept?

For now, we would recommend using the Entity data services, which is the entity concept on managing data, as they have significant improvements over the older system. For other features, we recommend sticking with the Classic API set (Client, Server, Admin), we're working on expanding the Entity API set to be a super-set of what's available in our legacy systems. Once we've gotten to that point, we'll be pushing for new titles to adopt the Entity model.

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

MoonHeonYoung avatar image MoonHeonYoung commented ·

Thank you for the really clear and kind answer!

For the first answer,

If so, is there a guide document for creating my own dedicated server?

If I create and operate a dedicated server,

is it the same as the existing pricing plan of Play Fab?

For the second answer,

I understood I need to do some extra coding to validate.

In other words, after running PlayFabClientAPI.ExecuteCloudScript in Unity

Then i need to validate it in the cloud script.

there are additional questions.

If you look at the api documentation,

PlayFabClientAPI.ExecuteCloudScript and PlayFabServerAPI.ExecuteCloudScript

There are two identical functions.

The ExecuteCloudScript function is for calling CloudScript functions in Unity.

What is the purpose of PlayFabServerAPI.ExecuteCloudScript?

Almost all Playfab functions divide the same function into two, server / client.

Why is that?

0 Likes 0 ·
MoonHeonYoung avatar image MoonHeonYoung commented ·

ps.

Is there a permission on / off function that prevents the user from calling a function like PlayFabClientAPI.ExecuteCloudScript?

should serverapi is only used in CloudScript, can't clientapi be used?

(generally, You don't have to, but)

you says serverAPI need a secret key.

When you install Unity Editor Extensions, it will create a playfabsharedsettings file.

It is supposed to enter the secret key in this, but if it is included in the game build,

all users will have the secret key in the file?

Can a user run server api using this secret key? (Maliciously)

Sorry for the many questions.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.