How to block all API except some?
Hello everyone,
I want to allow client to call some specific Client API, but since there are many Client API, adding all blocked API one by one to the policy doesn't look right. Is there a way to do it in the opposite way like blocking all Client API, but allowing some?
I believe you can block all Client API calls, and then specifically allow the ones you want to succeed. i.e. Deny ALL pfrn:api--/Client/*, then Allow ONLY pfrn:api--/Client/LoginWithDeviceId
Denying all client API then allow only specific API wouldn't work. Please refer to this thread.
Best Answer
Yes. I believe that you want a whitelist feature for client API access. By default, there is an API policy that allows client to access all client APIs in your title:
{
"Resource": "pfrn:api--*",
"Action": "*",
"Effect": "Allow",
"Principal": "*",
"Comment": "The default allow all statement."
},
You could delete this policy and add the policies that allows client to access certain APIs to implement the whitelist feature.
Please refer to this thread: https://community.playfab.com/questions/43440/whitelist-for-client-api-access.html
