URGENT - All API calls suddenly returning Not Authorized for servers & clients

Question

question

Brent Batas (Lisk) asked Jan 8, '21

URGENT - All API calls suddenly returning Not Authorized for servers & clients

I pushed a new Client API policy using Postman
https://{ {TitleId}}.playfabapi.com/Admin/UpdatePolicy

This is something I'm familiar with and I'm sure I did it correctly.

After pushing it, all API calls such as GetEntityToken are suddenly returning Not Authorized even from server context.

I tried pushing UpdatePolicy for our last known good JSON (from earlier this morning), and the problem still persists.

Nobody can play our game while this is going on.

Help ASAP is requested!

apis

1

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brent Batas (Lisk) commented · Jan 08, 2021 at 06:13 PM

Edit: Seems specific to our title & am working with a support engineer to figure out what is happening (seems to be a PlayFab bug)

0 ·

Answer 1 · 2021-01-19T23:14:57Z

Jordan answered Jan 19, '21

Update: It appears that in this case, the default API policy statements were being overwritten. This can easily happen if using the OverwritePolicy flag in the UpdatePolicy call. This resulted in API calls being blocked.

The best process to update the API policy is to always get the existing policy first with GetPolicy, then append your customized statements to it. I've attached the default API statements to this post for reference.

This is important, because as we add new API (like Experiments), we need a way to update a title’s API policy to allow for the new ones, by appending. Consider this example-

Titles policy is currently V1: 'allow all'
- PlayFab adds v2 policy that adds /Experimentation/ control
- Title’s actual policy is now allow all (V1) + new /Experimentation/ statements(V2)
Now, the studio updates their title policy with OverwritePolicy = true to allow specific calls, such as allow /client/loginwithapple only
- If the studio uploads their policy again with overwrite to true, we cannot tell that they didn't mean to do that, so we move them to a new version of the Policy, and stop appending the default PlayFab policy

api-policydefaults-jan1921.txt (4.7 KiB)

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 2 · 2021-01-08T18:17:28Z

brendan answered Jan 8, '21

Since I see all the calls except GetEntityToken (which isn't allowed in your current Policy, so that's expected) working, I'm assuming re-uploading the old Policy you had worked? At this point, it looks like all you need to do is add the GetEntityToken call to the current Policy. If that's what failed before, can you post the specific Policy you uploaded that caused the issue, so that we can review that?

4

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brent Batas (Lisk) commented · Jan 08, 2021 at 06:21 PM

Re-uploading the old policy did not fix the issue. The issue is that all of our Entity calls are failing and the Dashboard isn't allowing us to update a new policy. I'm confident the new policy JSON is syntactically correct, because when testing on a test title, it works just fine.

0 ·

brendan Brent Batas (Lisk) commented · Jan 08, 2021 at 08:29 PM

I had a call with the support engineer looking into this just now. Since the title is working at the moment, he's going to keep digging on the items you two have discussed. Once the actual cause is clear, either you or we can post an update to describe the specifics of what caused the issue.

1 ·

Brian Jordan brendan commented · Jan 10, 2021 at 10:11 PM

We're considering using UpdatePolicy shortly. Is the cause of this issue known / it safe to use on our live title, or should we hold off?

0 ·

Show more comments

question