question

peterkallviks avatar image
peterkallviks asked

Protect Secret Key using ResetPassword API

After a lot of research and tests I have successfully implemented a web-page that reset the PlayFab password! As this is the first time I work with php, CSS, have very limited experience with html it has been a quite interesting learning experience.

However, in the ResetPassword API the Secret-Key is a requirement: "This API requires a title secret key, available to title admins, from PlayFab Game Manager.".

As I do not want my Secret-key to leak I would like to ask for advise hot to protect the secret key?

ResetPassword - REST API

I have not yet tested Cloud Scripts but found this:

https://community.playfab.com/questions/44554/how-to-make-the-reset-password-function.html

...it looks like I can only use this function if I have an Azure subscription?

Cheers

apis
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
Made Wang avatar image
Made Wang answered

Usually, the password reset webpage should interact with your custom server, and the server will call the Admin API to send a password reset request.

Of course, you can also refer to the method described in the thread you mentioned and implement it using Cloud Script on Azure Function.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

peterkallviks avatar image peterkallviks commented ·

What would it cost to only use Azure to send these cloud scripts?

0 Likes 0 ·
Made Wang avatar image Made Wang peterkallviks commented ·

You can refer to Pricing - Functions | Microsoft Azure for the pricing of Azure Functions.

0 Likes 0 ·
peterkallviks avatar image
peterkallviks answered

Do you think a free forever virtual server from the likes of AWS, Oracle etc. could do the trick in a secure fashion?

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Made Wang avatar image Made Wang commented ·

I don't know them very well and suggest you seek their professional advice.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.