Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • General Discussion /
avatar image
Question by CodeHunter · May 17 at 09:36 AM · CloudScriptPlayer DatadataTitle Data

Data Encryption for Player Data and CloudScript responses

Is there a way to encrypt data sent and received from Client API? Most particularly user data, because can see the data structure of the player data in JSON format using an app. The header is clearly visible if the player wants to send an API request separately, especially the data structure is revealed clearly to them. The same case happens when executing cloudscript from the game client (Unity) because I can see the JSON format of the result sent from the function.

This is NOT okay, because players can easily hack the backend service and modify their player data to their liking (infinite money, etc). I need the kind of encryption implemented on title data because when I tried getting the title data, I can't see the contents clearly instead of the readable JSON format.

Comment

People who like this

0 Show 1
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image CodeHunter · May 18 at 04:24 AM 0
Share

EDIT: assuming that this isn't possible, is there a way to hide the header instead? API policy most likely can't be used here because I'm using an external service that requires API calls to read and edit player data.

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Gosen Gao · May 18 at 08:09 AM

The main purpose of encrypting data is to prevent data leakage during transmission. PlayFab encrypts data transmission via HTTPS, so you don't need to worry about this. No matter what encryption method you use, the client will eventually decrypt the encrypted data to get the real data. So the player still will know what is the response. If you are worried that players can modify key data, you can disable the client APIs that can modify these data through API policy, and then modify these data through Azure Function or Cloud Script, and since the return value is set by yourself, please do not return important information as a result to the client.

Comment

People who like this

0 Show 2 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image CodeHunter · May 18 at 08:31 AM 0
Share

There are API calls outside the game client using the same method and that is to edit the player data (UpdateUserData). If I disable the client API using the API policy, would it block the API calls from outside the game but using server API? The reason I haven't looked into API policy too deeply is because I need to prevent players from editing player data that's sent using client API from the game client, but I cannot block any API calls that is server API calls to edit player data from external services.

avatar image CodeHunter · May 18 at 08:35 AM 0
Share

Also, would that mean that editing player value is restricted to admin/server API if I block the client API calls for player data editing?

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    12 People are following this question.

    avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

    Related Questions

    Problem in login to playfab with android studio, Apk genrated withouterror but no data of players in playfab 1 Answer

    Admin panel in unity, to modify the statistics of the player you want / choose,Modify player data in a unit panel 1 Answer

    Transfer titile to another studio 1 Answer

    How to add a key for All Players? 1 Answer

    Looking for a viable way to save our mutiple json files. 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges