Hello I am breaking my head over something that is supposed to be fairly easy:
I am using an azure functions for my project. In an attempt to prevent cheating, I want to submit score to the leaderboards via the azure function. Now in order to access the leaderboard I must authenticate, however if i use the rest api I quickly hit the rate limit:
The API has rate limiting in place. The endpoints are limited to 15 requests per second on a per-IP basis, and 300 requests over 30 minutes. The API responds with a 429 HTTP status code if the rate limit is exceeded. It also responds with a Retry-After header to be used in conjunction with a client’s retry logic. The value is the number of seconds until a request for the given player to be accepted.
I don’t understand how to achieve this i don’t want to so sign in on my local device as it is prone for cheats could anyone shed some light?
I see you have a different thread open, so let me try to start by confirming my understanding.
Your game client calls an azure function
The azure function authenticates then calls leaderboards
Your game clients are calling the azure functions so often, you’re hitting rate limits
Am I understanding your problem properly?
Your local device calls azure function, the azure function authenticates and calls leaderboards (2-3 calls)
In this scenario, I dont see where the local device signs in?
The sign in should be happening from your azure function.
Let me know if that clears things up, or your need more help
I don’t want to sign in from a local devices as I don’t want my game to be prone to cheaters.
So you are pretty much accurate about the flow but just in case let me clarify it:
clients calls an azure function
the azure functions has a cached access token that is being refreshed automatically every 2 days
azure uses the access token to make a call for the leaderboard for example submit score or get leaderboard score
client receives the data and populate the UI with it
My worry here is about the rate limits since all the clients are using the same access token.
I read about the cloud code however many of my configurations are already sitting on PlayFab I don’t want to have duplicate configuration as it is human error prone.
So My question is will the rate limits work? if not what is a possible solution?
To tackle the rate limiting problem when accessing the leaderboard API via Azure Functions, you can set up a retry strategy that respects the specified rate limits. Think about incorporating exponential backoff with jitter for smoother retries. Also, look into utilizing managed identities or service principals for authentication within Azure Functions to steer clear of signing in on local devices, which helps minimize the risk of cheating. Hope this helps!
Indeed, that is how it should be done. If you check the docs, you will also see that the 429 response has a Retry-After header with the seconds before the API will accept another response.