As it is the first time I need cloud services for a game, I have several questions regarding PlayFab. I don't want to encounter a blocking issue due to limitations and migrate to Firebase for example in the middle of client-server development.
Those can be noob questions and there are a lot of questions, so sorry in advance.
Regarding security, I know I shouldn't blindly trust any data sent from client. So I currently use Azure Functions to process that data and do verifications to ensure validity of that data.
First question is : is it possible for a malicious player to modify my code and add client API calls like UpdateCharacterData() for example. As long as they have their character ID in memory, what prevents them from adding API calls?
If it is possible, I was planning on relying exclusively on ExecuteFunction() to only use Azure Functions when needed to interact with PlayFab data. (especially for writes)
The only direct client API calls would be those regarding login. (And ExecuteFunction())
Second question : Is there a way to prevent client from making API calls that are not initially implemented by me?
I've seen in my Title Settings (in Game Manager) that I can disable client API calls. Is this the way? But if I do enable this option, won't my client login API and ExecuteFunction calls stop working? What are my options here?
As I would like to rely on Azure Functions, I've checked the limits and I was wondering : are those limits only applicable for development mode or even in production mode, I will be that limited?
For example, I see in Data Storage > Character data value updates per 15 seconds = 5 update operations. Are these limits only from client, or also from Azure functions? And in production mode, does this limit will increase? Because if I need in a specific situation to update value more frequently than 5 times per 15 seconds. Is my only option to drop PlayFab altogether ?
Same for number of entity objects, or Azure Function (Cloud Script) scripts size etc.
Also, I can't seem to find a limit to client calls to API ExecuteFunction(). So I guess I can make as many calls as I want to my Azure functions? And what if a corrupted client tries to make a LOT of calls to my Azure Functions, is there any kind of security to prevent the billing from skyrocketing ?
And last question, a bit different from the others :
In my Azure Function project, I have "Helper" static classes (so not functions) with static methods used to process data like for example check validity of a string with Regex or if a string is present in an Enum. Can there be a problem with concurrency ? If two players run the same Azure Function at the same time and the Azure Functions call the same static (or not) method, is this okay and handled correctly by Azure with instances or do I have to do something to prevent this? And if yes, what should I do please?
Sorry for the length but I couldn't find answers on the web.
Thanks for you help.