question

Kieran Newland avatar image
Kieran Newland asked

All Admin Write calls are returning with NotAuthorized

I'm trying to use the Admin API both through Python and i've been testing with Postman. I'm able to access all read calls to the Admin API but any write calls (such as Admin/ModifyMatchmakerGameModes) are returning with the following response.

{
    "code": 403,
    "status": "Forbidden",
    "error": "NotAuthorized",
    "errorCode": 1089,
    "errorMessage": "NotAuthorized"
}

I've set up the X-SecretKey header as expected and I assume this is working as the read only calls are working. I also haven't changed the default access policies but looking through them all doesn't show that the Admin API is getting blocked by anything as /Admin/GetPolicy returns the following as the only Admin related rule:

{
                "Resource": "pfrn:api--/Admin/*",
                "Action": "*",
                "Effect": "Allow",
                "Principal": "*",
                "Comment": "The default allow all admin APIs statement."
            },

Do you have any ideas on what I can try next? It doesn't seem like anyone else is getting this issue and the error message is not being useful either.

Thanks

apisAuthentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
Kieran Newland avatar image
Kieran Newland answered

Ah that makes sense with the matchmaking data, i'll look at the new API. Thanks!

However i've also tried using GetServerBuildUploadUrl and ran into the same NotAuthorized issue. Is this also blocked for the same reason?

4 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Sarah Zhang avatar image Sarah Zhang commented ·

[Edited] Yes, the API GetServerBuildUploadUrl indeed belongs to the legacy custom server features. Currently, if you want to upload the multiplayer server assets to Playfab, you need to use the Multiplayer API GetAssetUploadUrl whose request header needs to contain the X-EntityToken to get the upload url.

0 Likes 0 ·
Kieran Newland avatar image Kieran Newland Sarah Zhang commented ·

That's odd, we do actually have multiplayer servers enabled and have a few running...

I've had success uploading with PowerShell and New-PfAsset. Looking at the logs on there it seems to be using X-EntityToken rather than X-SecretKey. Should we be using that instead of passing through the secret key?

0 Likes 0 ·
Sarah Zhang avatar image Sarah Zhang Kieran Newland commented ·

Apologies for the confusion, the API GetServerBuildUploadUrl indeed belongs to the legacy custom server features. I have also edited the original comment.

Currently, if you want to upload the multiplayer server assets to Playfab, you need to use the Multiplayer API GetAssetUploadUrl whose request header needs to contain the X-EntityToken to get the asset upload Url.

You can find other Multiplayer Server Apis on this page - Multiplayer Server - REST API (PlayFab Multiplayer) | Microsoft Docs.

0 Likes 0 ·
Show more comments
Sarah Zhang avatar image
Sarah Zhang answered

For clarification, the matchmaker API functions belong to a deprecated feature - legacy servers. Currently, only developers who have used the legacy servers feature before can access them. For the new developers who haven’t used the legacy servers before, the calls of matchmaker APIs will return “NotAuthorized” error. It’s expected behavior. If you want to use the server hosting feature now, you can check the documentation - Multiplayer with PlayFab - PlayFab | Microsoft Docs to learn about our new server hosting service – Multiplayer Servers.

If you only want to test whether you can use the Admin APIs to modify the title configurations, could you please call the Admin APIs that don’t contain the “matchmaker” to do the test again? If this issue exists on other Admins API, please feel free to let us know.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.