I'll start with a bit of context on the "Why". I've run into a bit of a problem while developing a Guild/Clan system. I need a way for new players to search for a group/guild to join. The PlayFab Group API is solid for what it is - generic json blobs that you can associate to things. What it isn't good at is querying that data. It's not an easy thing to solve, everyone's data is different and trying to parse it on our behalf behind an API endpoint might not be worth the effort.
Anyways - the conclusion I've come to is to spin up a micro-service that will just be a front for a SQL database that has all the guild parameters I need that I can query. This also means I have a wide open API that things can hit.
What I'm looking for here: What would be the best way to authenticate incoming requests to my external API?
- Can I send the PlayFab EntityToken to my API and have some Azure/PlayFab package that I can download and import from somewhere authenticate/verify that token?
- I'm not an API expert, but is it secure enough to create a cloudscript method that authenticates the user and then sends off an http request with an external API Id and Secret. Is it secure enough for me to just have my api client secret in cloudscript?
Is there a third option I should consider? #1 would be ideal I think, but #2 is where I'm leaning in terms of feasibility and effort.
Thanks in advance for any input