In June of this year (2021), Apple updated their App Store Review Guidelines to include the following language (section 5.1.1v):
"If your app supports account creation, you must also offer account deletion within the app."
What are best practices to do this securely?
PlayFab provides the Server API DeletePlayer that can be called by the CloudScript to remove a user's player account from a title and deletes all associated data. And players can invoke the CloudScript functions by calling the Client API ExecuteCloudScript. So, players can delete the accounts using the above methods in needs. You can add the necessary verification in the CloudScript function to prevent the API abuse, for example, you can verify whether this player is deleting its own account or not and check if the account has been deleted, etc.
Please note, we do not suggest enabling the Server API for any client, so that if players need to use the Server API, they should go through the CloudScript. In this case, you can do any verification that you want on the CloudScript to protect the security of the server-side logic.
1 Person is following this question.
