Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by rhaegeman · Apr 14, 2021 at 08:41 AM · Player Datadata

Securing player data updates

Hi all,

I'm new to PlayFab and I'm trying to set up a fairly lightweight POC.

Imagine that in my game, there are 10 levels. A player can unlock levels buy spending 10 virtual currency, and you have to unlock level 2 first before you can unlock level 3, and so on.

Let's say I store the amount of `unlocked_levels` in Player Data.

With a valid SessionTicket for my logged in user, I can now call `https://xxxx.playfabapi.com/Client/UpdateUserData` with body:

`{ "Data": {"unlocked_levels":4} }` and update the data.

Nothing stops malicious users from calling that endpoint though, so you can basically easily change the unlocked_levels data if you grab the SessionTicket for that user, without paying for it with Virtual Currency.

So this is probably not the way to go. What's the best practice to create this basic unlocking mechanic, based and purchases with Virtual Currency?

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Sarah Zhang · Apr 14, 2021 at 09:58 AM

You can consider using Read-Only Player Data, then use the CloudScript to set it for players.

To set read-only KVPs, you must call the Server API UpdateUserReadOnlyData method from a server process. This is data that the server can modify, but the client can only read.

For the examples of how to set and get the Read-Only Player Data, please check the following documents.

How to set read-only player data - PlayFab | Microsoft Docs

How to get read-only player data - PlayFab | Microsoft Docs

For more details about CloudScript, please refer to the documents of CloudScript -- CloudScript quickstart - PlayFab | Microsoft Docs.

Comment

People who like this

0 Show 0 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    1 Person is following this question.

    avatar image

    Related Questions

    Items can be consumed by count and/or time. Usage period must be more than 2 seconds. What does this mean? 2 Answers

    Read and write frequently updated data 1 Answer

    Trouble uploading a text file as an entity file onto playfab. 1 Answer

    GetServerAuthCode() from google login is always empty 1 Answer

    Inconsistency in data returned from login 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges