question

Ozan Yilmaz avatar image
Ozan Yilmaz asked

How to block all API except some?

Hello everyone,

I want to allow client to call some specific Client API, but since there are many Client API, adding all blocked API one by one to the policy doesn't look right. Is there a way to do it in the opposite way like blocking all Client API, but allowing some?

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brandon@uprootstudios.com avatar image brandon@uprootstudios.com commented ·

I believe you can block all Client API calls, and then specifically allow the ones you want to succeed. i.e. Deny ALL pfrn:api--/Client/*, then Allow ONLY pfrn:api--/Client/LoginWithDeviceId

0 Likes 0 ·
Rick Chen avatar image Rick Chen ♦ brandon@uprootstudios.com commented ·

Denying all client API then allow only specific API wouldn't work. Please refer to this thread.

0 Likes 0 ·

1 Answer

·
Rick Chen avatar image
Rick Chen answered

Yes. I believe that you want a whitelist feature for client API access. By default, there is an API policy that allows client to access all client APIs in your title:

{
                
"Resource": "pfrn:api--*",
"Action": "*",
"Effect": "Allow",
"Principal": "*",
"Comment": "The default allow all statement."
},

You could delete this policy and add the policies that allows client to access certain APIs to implement the whitelist feature.

Please refer to this thread: https://community.playfab.com/questions/43440/whitelist-for-client-api-access.html

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.