Could RTT be used to broadcast player-authoritative movement periodically?

Most of what I'm seeing related to RTT use-cases is chat, which is great, but the idea is it should also be able to be used for events. If we had a grid-level, and wanted players to be able to broadcast their position (not sensitive, so client authoritative is fine), would this be a potential use-case for it? Or is the idea that it would become too expensive what's really stopping its use-cases beyond just chat? Referencing this price calculation post here https://help.getbraincloud.com/en/articles/2500416-how-does-rtt-pricing-work . Maybe it would get quite expensive if many players were broadcasting their position to each other, since this example only assumes 5 people receiving the msg.

I guess really it depends on a number of factors, ie how often you broadcast that info as well. Basically a serverless solution for client-authoritative movement (the rest of the game is server/cloud script authoritative via cloud scripts) would be nice to give the players a feeling of community. Not having to set up server infrastructure of use relay servers would simplify architecture, only concern would be cost.

Hey all,
Trying to let email-and-password users request a password reset if they forgot their password.
While using resetemailpasswordwithexpiry, I got this error:

"{\"reason_code\":40304,\"status\":403,\"status_message\":\"No session\",\"severity\":\"ERROR\"}"

I believe this is a error msg stating that there's no user authentication, so the user can't make the request, is that right? If so, how can I achieve this? Shouldn't a user be able to request a password reset without being logged in?

Any insight is appreciated, thanks!

Thanks @JasonL -- just to clarify, that means that the base response status code is just whether or not the script itself was properly executed by the request, so the only exception would be like if the user wasn't authenticated or a network timeout, is that right? It doesn't account for anything like if a proxy/bridge request that was made within the script failed-- that we should include ourselves in a custom response/error field. Right?

I'm trying to handle my game logic exclusively through cloud code.
I know the default response has 200 in it, if we are using bridges/proxies and encounter a failure within the script, should we also set the main response status to some code other than 200?

Also is there a way to simulate failures for testing? IE blocked network etc. I see the docs have some of the error codes that can be found, but it doesn't seem exhaustive.

As always any adivce is appreciated!

@Paul-Winterhalder Amazing! This is perfect for my needs-- thanks so much Paul.

Scenario:
Lets say a user needs to consume 1 item to upgrade another. Its a perfect task for cloud code to prevent exploits. Lets say both items are each a user entity or custom entity (doesn't matter which).

In the cloud script, if we get item 1 (material item) and delete it, and then get item 2 (item to upgrade) and attempt to enhance it, but the first call (delete) works and the second call (upgrade) fails (maybe network failure or something), wouldn't this result in a scenario where the user lost their item without getting the upgrade?

Perhaps the only solution to this is to make the users items one large entity, broken up into multiple items, so that the cloud script can either fail and no item gets consumed, or succeed and edit the larger "items" which does both delete the item and upgrade the other in the same call?

For a lot of games a unique username (other than the profile name, a unique display name) is a bare minimum requirement. @Paul-Winterhalder Has this use case been solved?
I see this post from 2021 https://forums.getbraincloud.com/topic/119/unique-field-for-a-custom-entity but unfortunately its not a solution

I'm beginning to get into social features and I want some cloud code to pick up shared entities of another player.

When designing my game, is the standard way for a player to lookup another player playerId? Meaning, if they click on a profile in a leaderboard, to get that players info, would I be using a request that pulls via profileId?

If that's the case, a bad-actor could look at the network requests and discover other players' playerIds, just wondering if that's of concern or not. Obviously ACL settings are the most important to have set properly, but wondering if profileID should be considered sensitive entirely

Was following the tutorial over at bootcamp episode

but a couple things came up.

1. It looks like users can have overlapping display names / usernames correct? Is there a way to disable this behavior so that users will get an error if a name is taken?
2. Can we implement a profanity filter on usernames?

Hi team,

While working I thought of a potential vulnerability unless I'm misunderstanding something.
I'm working on a game in which no sensitive inputs could come from the client. As in, never trust the client.
Basically, my app will take non-sensitive inputs, calculate results in cloud scripts, and finally securely update relevant items from cloud-scripts.

But, as I was watching the bootcamp, I realized, what's stopping a bad-actor from doing the following:

1. Identify the app runs on braincloud. This part isn't difficult, even email verification links will lead to a braincloud page.
2. Once knowing the app is running on braincloud, watch the bootcamp series to learn of the various APIs.
3. Authenticate from their machine.
4. Start making POST requests to various operations (IE update global entity, update custom entity, update statistic) with their authenticated session.

How can I prevent this? Basically want to lock out all of these api's from outside of cloud-scripts-- its the only way I can see to maintain competitive integrity unless I've missed something.

@Paul-Winterhalder or anyone else, any ideas?

I believe this worked @Steve-Jones -- thanks so much for the tip!

@Paul-Winterhalder In case you have a moment, I saw you were the creator of the post I mention regarding creating environments. Ever run into something like this while setting that up?

Hi all--

I've been trying to follow this question that was answered by the braincloud team about managing multiple environments, ie dev and prod, to prevent introducing issues to the production game once its live.

Link:
BrainCloud Team's Suggestion

However, I'm stuck right at my first call to servers. I init the braincloud wrapper just like in the bootcamp:
Bootcamp link

Then, following the braincloud team's suggestion, I'm trying to use a compiler flag to change the app I'm pointing to, to make it so that I have a dev app and a prod app. In unity, this looks like:

        m_brainCloud = gameObject.AddComponent<BrainCloudWrapper>();
#if UNITY_EDITOR
        m_brainCloud.Init("https://api.braincloudservers.com/", "devEnvironmentSecretREDACTED", "devEnvironmentIDREDACTED","1.0");
#else
        m_brainCloud.Init();
#endif

Where the else statement is pointing to my prod app via the plugin extension.

When using this setup, once I submit a request to Anonymous Authentication, I get:

Please re-select app in brainCloud settings, something went wrong
UnityEngine.Debug:LogWarning (object)
BrainCloud.Internal.BrainCloudComms:GetWebRequestResponse (BrainCloud.Internal.RequestState) (at Assets/BrainCloud/Client/BrainCloud/Internal/BrainCloudComms.cs:1918)
BrainCloud.Internal.BrainCloudComms:Update () (at Assets/BrainCloud/Client/BrainCloud/Internal/BrainCloudComms.cs:534)
BrainCloud.BrainCloudClient:Update (BrainCloud.eBrainCloudUpdateType) (at Assets/BrainCloud/Client/BrainCloud/BrainCloudClient.cs:920)
BrainCloudWrapper:RunCallbacks () (at Assets/BrainCloud/Client/BrainCloud/BrainCloudWrapper.cs:364)
Network:Update () (at Assets/Scripts/Network.cs:43)

And my personal logs (from the bootcamp) show:

RequestAnonymousAuthentication failed. 900 Received an invalid json format response, check your network settings.

Any ideas on what I could try? If I set the else if to just use the plugin credentials (ie just Init()) without the overload, it works, but of course then its just having both branches point to my prod app.

Ah thanks-- and I assume the cloud Date().getTime() would be based on braincloud's servers and not the user's phone right? To prevent time-abuse. Appreciate the feedback!

Most mobile games have a energy system that limits a user from being able to play constantly, so as to limit progress. This resource can usually be bought as well up to a certain number of times per day, but otherwise replenishes on a time-loop when a user doesn't have max energy.

I know some ways I could implement this, but I'm curious what braincloud suggests as the optimal way to do this (to minimize usage) since this is a relatively common scenario? Other BaaS recognize this as such a common scenario that they have built-in functionality for this (ie lootlocker) - so assuming this is a popular use-case.

Any advice? Thanks!