Players with pirated copies of our game have begun linking new accounts with CustomIDs in order to access multiplayer. Legit players link their accounts with Steam.
Is there a way to disable the creation of CustomID linked accounts? Or to not allow matchmaking by those?
You are able to deny any client API calls via modifying the API access policy.
By calling Admin API with the following request, all the LoginWithCustomID API call will be denied:
{
"PolicyName": "ApiPolicy",
"Statements": [
{
"Resource": "pfrn:api--/Client/LoginWithCustomID",
"Action": "*",
"Effect": "Deny",
"Principal": "*",
"Comment": "This statement deny custom id login"
}
],
"OverwritePolicy": false
}
Please also double check the current policy via GetPolicy API and it should be like this:
{
"code": 200,
"status": "OK",
"data": {
"PolicyName": "ApiPolicy",
"Statements": [
{
"Resource": "pfrn:api--*",
"Action": "*",
"Effect": "Allow",
"Principal": "*",
"Comment": "The default allow all policy"
},
{
"Resource": "pfrn:api--/Client/LoginWithCustomID",
"Action": "*",
"Effect": "Deny",
"Principal": "*",
"Comment": "This statement deny custom id login"
}
]
}
}
Is it possible to set it up to whitelist only LoginWithCustomID and some others (PlayStation/Xbox/Switch)?
Yes, it is possible, but will require much work. The API policy, in fact, is using the white list, if you deleted the default the first policy of "allowing all policy", you may specify each API to grant the permission, which means you will need to specify all the APIs the client will be used.
where do i put this policy if i put it in global it just gives me errors
4 People are following this question.
