Documentation

SetPlayerSecret

Sets the player's secret if it is not already set. Player secrets are used to sign API requests. To reset a player's secret use the Admin or Server API method SetPlayerSecret.

Request Details

APIs that require signatures require that the player have a configured Player Secret Key that is used to sign all requests. Players that don't have a secret will be blocked from making API calls until it is configured. To create a signature header add a SHA256 hashed string containing UTF8 encoded JSON body as it will be sent to the server, the current time in UTC formatted to ISO 8601, and the players secret formatted as 'body.date.secret'. Place the resulting hash into the header X-PlayFab-Signature, along with a header X-PlayFab-Timestamp of the same UTC timestamp used in the signature.

SetPlayerSecretRequest
Request Properties
EncryptedRequest String

Base64 encoded body that is encrypted with the Title's public RSA key (Enterprise Only).

PlayerSecret String

Player secret that is used to verify API request signatures (Enterprise Only).

POST https://{{TitleID}}.playfabapi.com/Client/SetPlayerSecret
    Content-Type: application/json
    X-Authentication: <user_session_ticket_value>
{
  "PlayerSecret": "A cryptographically strong string"
}
        

Response Details

SetPlayerSecretResult
Result Properties

Sample Response

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
  "code": 200,
  "status": "OK",
  "data": {}
}

Authentication

SessionTicket

Possible Error Codes

Name Code
PlayerSecretAlreadyConfigured 1294