Correct understanding of IExecutionContext.ServiceToken

Hey, I am using cloud code from an authenticated client, what I am trying to achieve is to make cloud code modify some data based on a request, before doing so I have to check if my player is in the lobby it says it is so I am calling IGameApiClient.Lobby.GetLobbyAsync with IExecutionContext.AccessToken which is getting rate limited, I think because I am using the same pc for both clients therefore hitting the limit of 1 request per second (both clients make the same request more or less at the same time).
Now, reading around I think the correct usage would be to use the ServiceToken since that is allegedly a “trusted” token used from CloudCode. That is giving me a Bad Request back. Now, am I fully misunderstanding what I am doing here? And if so what is the point of this ServiceToken, I would expect the CloudCode context to be able to act like an authoritative server since it runs on a “trusted” environment?
My request looks like this:
var lobbyResult = await m_gameApiClient.Lobby.GetLobbyAsync(ctx, ctx.ServiceToken, lobbyId);
What I get when I use the ServiceToken is:
Exception type: ApiException. Message: Bad Request
The same happens if I try to modify Lobby data when I am not the host, even if I use the ServiceToken.

Can anybody help?

That’s my expectation too: Unity Services Web API docs.
I dont think that’ll work around through the “too many requests”, though 1/sec seems a lil low.

I’ll bring it up with the team.

Thanks for the answer, I am referring to this page where it say clients are limited to 1 per second, in fact that’s what I am likely seeing (Rate limits).
The same page says the service is rate limited by IP, so even if I use a different authentication profile doesn’t make a difference. Although, I am totally fine with this if this ServiceToken works the way I think, which says is rate limited 100 per second. The ServiceToken doc mentions that this has already gone through the token exchange process so I don’t get why I get BadRequest back.

Hi @Pezzano

There is one difference I can see compared to our Lobby sample Interact with cross-player data where a fourth argument “cloud-code” is passed as the service identifier.

If that doesn’t resolve the issue then I’ll investigate a bit further.

Ok that worked, can I ask why some APIs have it and others don’t?
Thanks for the help