Documentation

Support

Cloud Code

Use modules

Use scripts

Use Triggers

Open Unity Dashboard

Cloud Code

Authentication

Authenticate Cloud Code requests.
Read time 3 minutesLast updated 18 hours ago
Cloud Code only accepts authenticated requests. Authentication allows you to use a player's identity to ensure security, consistency, and safety with every interaction in your game. To authenticate with Cloud Code, you can use the authentication methods below:

Request origin

Authentication method

Untrusted client (players)Use the Unity Authentication service.
Trusted client (game server, integration testing, local machine)Use service account authentication or Multiplay Hosting authentication.

Authenticate players

Unity Authentication assigns unique identifiers to players and provides a variety of authentication methods. Unity authentication uses Bearer authentication with JSON Web Tokens (JWT). Cloud Code modules provide an 
IExecutionContext
interface which contains an 
AccessToken
property. This access token is the JWT that you use to authenticate the player that calls the module. For more information about how to use the 
AccessToken
in your module, refer to the Access token support documentation.

Restrict access

If you want to restrict access to specific module endpoints, you can use Role-based Access Control (RBAC) rules. These rules allow you to ensure that players can't run special module endpoints, such as single-use support functions that grant players additional resources. For more information, refer to the Access Control documentation.

Authenticate trusted clients

You can use the both the Client and Admin Cloud Code APIs with Service Account Authentication. This opens up a variety ways that you can use Cloud Code:
  • Write modules from your local machine.
  • Write and run modules from a CI/CD pipeline.
  • Run modules from a game server.
  • Run modules in integration tests.
You can use Service Accounts for both Bearer (JWT) and Basic authentication.

Cloud Code Admin API (Basic Authentication)

To access the Cloud Code Admin API, you need to use Basic authentication. To use the Service Account credentials directly, base64 encode the 
<KEY_ID>:<SECRET_KEY>
. You also need to grant the service account the appropriate permissions. For more information on permissions and roles in Cloud Code, refer to the table below.

Access rights

Role

Read modulesCloud Code Viewer
Read/Write/Delete modulesCloud Code Editor
For more information, refer to the Service Account Authentication documentation.

Cloud Code Client API (Bearer Authentication)

To access the Cloud Code Client API, use Bearer authentication. You can use the Token Exchange API to obtain a stateless token with a limited lifespan. To refresh the token when it expires, you can use the same API. Cloud Code modules provide an 
IExecutionContext
object which contains an 
ServiceToken
property. The 
ServiceToken
property is a JWT that you can use to authenticate as Cloud Code and access cross-player data. For example, you can use this token to make calls to Cloud Save to save data on behalf of another player. For more information about how to use the 
ServiceToken
in your module, refer to the Service token support documentation.

Authenticate with Multiplay Hosting

Multiplay Hosting supports an additional authentication method which uses server-generated JWTs. For more information, refer to the documentation on how to Call from Unity game server (Multiplay Hosting).