Documentation

Support

Cloud Code

Use modules

Use scripts

Use Triggers

Open Unity Dashboard

Cloud Code

Authentication

Authenticate Cloud Code requests with player identities.
Read time 3 minutesLast updated a day ago
Cloud Code only accepts authenticated requests. Authentication allows you to use a player's identity to ensure security, consistency, and safety with every interaction in your game. To authenticate with Cloud code, you can use the authentication methods below:

Request origin

Authentication method

Untrusted client (player)Use the Unity Authentication service.
Trusted client (game server, integration testing, local machine)Use service account authentication or Multiplay Hosting authentication.

Authenticate players

Unity Authentication assigns unique identifiers to players and provides a variety of authentication methods. Cloud Code scripts provide a 
context
object which contains an 
accessToken
property. This access token is the JWT that you use to authenticate the player that calls the script. For more information about how to use the 
accessToken
in your script, refer to the Access token support documentation.

Restrict access

If you want to restrict access to specific scripts, you can use Role-based Access Control (RBAC) rules. These rules allow you to ensure that players can't run special scripts, such as single-use support scripts that grant players additional resources. For more information, refer to the Access Control documentation.

Authenticate trusted clients

You can use the both the Client and Admin Cloud Code APIs with Service Account Authentication. This opens up a variety ways that you can use Cloud Code:
  • Write scripts from your local machine.
  • Write and run scripts from a CI/CD pipeline.
  • Run scripts from a game server.
  • Run scripts in integration tests.
You can use Service Accounts for both Bearer (JWT) and Basic authentication. For more information, check the Service Account Authentication documentation.

Cloud Code Admin API (Basic Authentication)

To access the Cloud Code Admin API, use Basic authentication. To use the Service Account credentials directly, base64 encode the 
<KEY_ID>:<SECRET_KEY>
. You also need to grant the service account the appropriate permissions. For more information on permissions and roles in Cloud Code, refer to the table below.

Access rights

Role

Read scriptsCloud Code Viewer
Read/Write/Delete scriptsCloud Code Editor
Publish scriptsCloud Code Publisher

Cloud Code Client API (Bearer Authentication)

To access the Cloud Code Client API, use Bearer auth with Token Exchange API to obtain a stateless token with a limited lifespan. To refresh the token when it expires, you can use the same API. Cloud Code scripts provide a 
context
object which contains an 
serviceToken
property. The 
serviceToken
property is a JWT that you can use to authenticate as Cloud Code and access cross-player data. For example, you can use this token to make calls to Cloud Save to save data on behalf of another player. For more information about how to use the 
serviceToken
in your script, refer to the Service token support documentation.

Authenticate with Multiplay Hosting

Multiplay Hosting supports an additional authentication method which uses server-generated JWTs. For more information, learn how to Call from Unity game server (Multiplay).