Purpose
Allows an app to severely restrict access to brainCloud Client APIs. Very useful if your app has significant security requirements.
The script can be configured in one of two ways:
- whitelist – all services and operations specified are *allowed*. Any API calls not specified are not allowed.
- blacklist – disallow access to the services and operations specified. All other API calls allowed.
Script
Click RestrictClientCalls.ccjs.zip to download the file.
Usage / Setup
To configure this script, you must first import it into your app.
Then go to the Design | Cloud Code | API Hooks screen, and click the [+ Create] button to configure the script.
On the configuration dialog that displays, choose:
- Service: “Dispatcher”
- Operation: “ProcessMessage”
- Pre/Post: “Pre”
- Script: “RestrictClientCalls”
And then in the Params section, you can configure a whitelist or blacklist of services and operations to enable or restrict. Here is an example:
{
"listtype": "whitelist",
"services": {
"entity": { "READ": 1 },
"globalEntity": { "GET_LIST": 1, "GET_LIST_COUNT": 1 },
"heartbeat": { "READ": 1 },
"playerState": {},
"script": {}
}
}
The example above allows calls to:
- “entity” service, “READ” operation only
- “globalEntitity” service, “GET_LIST” and “GET_LIST_COUNT” operations
- “heartbeat” service, “READ” operation only <- important – heartbeats are used to keep your client sessions alive!
- “playerState” service – any operation
- “script” service – any operation… <- note, individual script permissions still apply
Notes
- Calls to the “authenticationV2” service are always allowed.
- Rejected API calls will return an HTTP status of 500 with a 40639
reason_code.