I have seen tons of people saying that by enabling Server API your game can be easily hackable and was wondering is this true?
I have seen tons of people saying that by enabling Server API your game can be easily hackable and was wondering is this true?
Do you mean enabling server API in some SDK such as Unity PlayFabSDK? The dangerous thing is not the action of enabling server API, but it is when you expose the developer secret key to the client. Because the attacker can use your developer secret key to call most of APIs and make changes to your title. If you are building a server, which you can hide the secret key from client, then it is fine to enable the server API. But if you are building a client App, please be careful and not exposing your secret key to client side.
16 People are following this question.