Control access to services

To store a player’s information, you need an identifier for the player. Unity Gaming Services (UGS) requires players to authenticate to access most features for security and identification. The authentication process means that if the same player signs in to your game through the same provider on a new device, the player has the same playerId, which also allows you to synchronize their game data between devices.

By default, UGS allows player applications to call API endpoints directly, which you can use to test. Server authority principles recommend that you restrict direct player access and only allow updates through trusted server code. This means that the player client acts as a presentation layer while Cloud Code validates integrity and stores the accurate game state data.

To disable player API access at the endpoint level, you can use access control. You can use access control to only allow calls to backend services through Cloud Code functions. You can also use a project’s service credentials to grant access to a server.

For more information, refer to the page on how to Get started with Access Control and Cloud Code.

Integration with UGS services

Cloud Code integrates seamlessly with other Unity Gaming Services (UGS), such as Remote Config, Cloud Save, and more, to build complete backends. Some UGS services generate trigger events sent to the Triggers service when specific actions occur.

If you have a server authoritative game, clients have no ability to create events. This means that events like triggers are always created on the server and you can trust the data.

For more information on how you can use triggers and other events in you game, refer to Triggers.