question

Ozan Yilmaz avatar image
Ozan Yilmaz asked

What API do these policy resources cover?

Hello everyone,

I wonder which policy resource allows/denies which APIs? I returned the default policy of my title there are many resources there.

Here's the resources:

I guess, this one is related to the all Client APIs.

Resource: pfrn:api--/Client/*

I guess, this one is related to the all Admin APIs.

Resource: pfrn:api--/Admin/*

I'm not sure what this is, but the only thing I found is ForgetAllCredentials API. I guess, this covers only that API.

Resource: pfrn:api--/Authentication/*

Which APIs does this cover?

Resource: pfrn:api--/AutomationRule/*

I guess, this one covers the APIs related to GetCatalogItemsRequest.

Resource: pfrn:api--/Catalog/*

I guess, this one is related to writing events etc.

Resource: pfrn:api--/Event/*

Which APIs does this cover?

Resource: pfrn:api--/Experimentation/*

I guess, this one is related to the all Group API.

Resource: pfrn:api--/Group/*

I guess, this one covers the APIs related to players' inventories.

Resource: pfrn:api--/Inventory/*

I guess, this one covers the APIs related to leaderboards.

Resource: pfrn:api--/Leaderboard/*

Which APIs does this cover?

Resource: pfrn:api--/Limits/*

I guess, this one is just related to the changing language in players' profiles.

Resource: pfrn:api--/Locale/*

I guess, these ones related to the multiplayer.

Resource: pfrn:api--/Match/*

Resource: pfrn:api--/Matchmaker/*

I guess, this one covers send notification API.

Resource: pfrn:api--/Notification/*

I guess, this one is just related to the object feature (JSON)

Resource: pfrn:api--/Object/*

I guess, this one is related to players' profile

Resource: pfrn:api--/Profile/*

I guess, this one is related to the Server APIs.

Resource: pfrn:api--/Server/*

I guess, this one is covers the APIs related to statistics.

Resource: pfrn:api--/Statistic/*

Which APIs does this cover?

Resource: pfrn:api--/UserGeneratedContent/*

I also have some extra questions. It looks like some of them covers the others already. For example; Client covers Statistics, Inventory, Leaderboard, Catalog. If Client covers all of those, why do I need the others (Statistics, Inventory, Leaderboard, Catalog) in the policy?

The other questions is that is this policy only related to clients? For example; if I remove Server and Admin from the policy, does it affect the Cloudscript or my Admin Console, which uses Admin APIs?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Seth Du avatar image
Seth Du answered

API policy only covers client API, which is like “Resource: pfrn:api--/client/*”. For the rest of the statements you have mentioned, it simply won’t work even you upload it to PlayFab. If there is certain policy behavior that you don't understand, please let me know.

Besides of API policy, PlayFab also provides Entity Policy, which is completely different from the former. It is used to modify the Entity Profile (Object, file, profile…) accessibility of an Entity, which can be a player, a group, etc. If you need help with implement specific entity access policy, please also let me know.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Ozan Yilmaz avatar image Ozan Yilmaz commented ·

@SethDu

I removed everything from the policy and added some client APIs (login and executecloudscript), however, when I tried to update the player's statistic in the CloudScript, PlayFab gave me error saying "Action not authorized by title". It affects CloudScript and Admin APIs as well. I had to add Server and Admin in the policy as well.

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Ozan Yilmaz commented ·

I have confirmed with the team and it seems there is a major update for API access policy, and besides of client API, other types of APIs have been supported by access policy. Meanwhile I will highly suggest you to call "GetPolicy" on a new title becuase you have modified the default policy -- see the attached sample: policy.txt.

You may only delete the "Resource": "pfrn:api--/Client/*" entry to enable the client White List mode and keep the rest unchanged, then you may add permitted client APIs.

1 Like 1 ·
policy.txt (5.4 KiB)

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.