CDN Download Restrictions based on Player Inventory
I was wondering if there's a feature similar to Firebase where we can add simple restriction rules to objects in the CDN? Or maybe use cloudscript to hook into the GetContentURL calls to determine if a given user should be allowed to download something.
We're already using receipt validation on purchases of currency. Users use that currency to purchase items that end up in their inventory. Client side we check the users inventory, and if they own a given asset we then download that given asset from the CDN for them to use. Originally I thought this meant we were mostly safe from pirating (we see a lot of attempts to use spoofed receipts, but validation gets around that) however one of our users recently sent us a video of a cracked version they found of our app where they've subverted the "check player inventory" check and move straight to downloading.
Ideally we'd like to be able to add validation when attempting to download from CDN, I know CDN calls already require being logged in through playfab so ideally we should be able to add a check against that users inventory to see if they should be allowed to get it (again, similar to firebase database rules) but I've been unable to find anything.
Best Answer
Yes, you can write the CloudScript to do the verification then give the URL to the users who meet the requirements. On CloudScript, you can do a judgement to confirm that the users already own the specific item. If the user passes the verification, you can call the server API GetContentDownloadUrl on CloudScript to retrieve the URL and return it to the user. If you need to improve security further, we would suggest you disable the access permission of Client API GetContentDownloadUrl. You can follow the steps of documentation -- API Access Policy to do it.
