I like to implement a custom password policy that is enforced when new users are registering. Since this is not natively support, then I assume I need my own custom cloud service that is called by the game.
The server calls RegisterPlayfavUser instead of the game.
To keep this secure I need to disable to the RegisterPlayfabUser so the client could never call that using Postman thus bypassing my password policy. I see the access policy feature but I am unable to figure out the details on how to disable it for the client but not for my custom REST API to call. Can you give any guidance on that? Is this possible?
Thank you.