Hi!
I am trying to change the API permissions for my app using
[POST] https://TITLE.playfabapi.com/Admin/UpdatePolicy
I wanted to do a whitelist approach, where I would deny access to all Client API endpoints, then allow some of them, only the ones I'm using in my application. Below is an example of the request's body.
My issues is that by denying access to all Client API endpoints, the request will fail, even if I'm allowing a specific endpoint from that API.
How can the API policy be used as a whitelist? (note: I've tried rearranging the order of the objects in the array, but nothing changed)
{ PolicyName: "ApiPolicy", OverwritePolicy: true, Statements: [ { "Resource": "pfrn:api--*", "Action": "*", "Effect": "Allow", "Principal": "*", "Comment": "The default allow all statement." }, { "Resource": "pfrn:api--/Client/ExecuteCloudScript", "Action": "*", "Effect": "Allow", "Principal": "*", "Comment": "Allow Client-side ExecuteCloudScript calls." }, { "Resource": "pfrn:api--/Client/GetFriendLeaderboard", "Action": "*", "Effect": "Allow", "Principal": "*", "Comment": "Allow Client-side GetFriendLeaderboard calls." }, { "Resource": "pfrn:api--/Client/GetFriendsList", "Action": "*", "Effect": "Allow", "Principal": "*", "Comment": "Allow Client-side GetFriendsList calls." }, { "Resource": "pfrn:api--/Client/*", "Action": "*", "Effect": "Deny", "Principal": "*", "Comment": "Deny all Client API endpoints." } ] }