question

Philipp Gehring avatar image
Philipp Gehring asked

User community hosted servers,User hosted dedicated servers

We are planning to add persistent elements and telemetry to our game in the near future, but the fact that we support, due to the nature of the game and its community, community hosted servers, either via 3rd party hosters or on user owned machines, has left some questions open.

Is it at all possible to properly use the playfab server api on server builds that we obviously cant give public keys to?
The API policy API seems to not allow for different principals yet, is this planned in the near future?
Is there maybe something akin to steams game server tokens to authenticate accounts?
Could we maybe create "server" accounts and link them through a certain owner user?

I would greatly appreaciate your input!

,

We are currently allowing users to host their own community servers via 3rd party hosters and, in the future, their own machines.
The game is very community driven so this is essential.
In the near future we will begin the process of adding persistent elements to the game, preferably via playfab.
The question now is if its possible at all to use the api from publically accessible servers to query user data and send playstream events since giving out a public key is obviously not a solution.
Steam for example provides authentification tokens for servers, is there something like that in playfab?
The API policy API also seems to not support filtering on different prinicpals yet.

I would greatly appreaciate your input on this matter!

multiplayer
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

The Server and Admin APIs use the game's Secret Key as the authentication header. Since access to the Secret Key would allow a hacker to do severe damage to your title, you should never allow anyone access to it outside your team.

What we would have to recommend is that you use Azure Functions Cloud Script for any secure checks you need to make on player behavior, to prevent cheating (or move the logic to hosted game servers that you control).

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Philipp Gehring avatar image Philipp Gehring commented ·

That is pretty much what I expected... Probably would also add up cost wise.

Most api calls probably wont do any modifications on data from the servers themselves apart from analytics events. Reading data is most likely sufficient.(Like reading clan data or something akin to that)

What does this mean for matchmaking though? I assume there is no way to expose the servers there as well?

My idea so far would have been to use the standard server api and use a steam token or something like that for "server" accounts as a custom ID.

Are there any future plans for the Api policies to support this in some way in the future? The documentation at least hints at it.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.