Clients

Overview

Client Management is a feature to control all of the applications that are integrated with your resources. As an admin, you can manage all of your clients data and organize which resources that a client can access as well as revoking them. If this feature is connected with the session management API gateway, you can have a combination of security countermeasures to prevent a bad impact that may cause danger to your resources.

Tutorials

Create a Game or Backend Service Client

This tutorial shows you how to create either a game client or a backend service client. Follow the instructions carefully to ensure that you input the correct information for the type of client you want to create.

Create a Game or Backend Service Client Using the API Gateway

Use the Create Client: POST /iam/v3/admin/namespaces/{namespace}/clients endpoint. Follow these steps to make the request:

Step 1: Namespace

Input the namespace to which you want to add the client.

  • If you are making a game client, input the game namespace into the namespace field.
  • If you are making a backend service client, input the publisher namespace into the namespace field.

Step 2: Audiences

Input list of target client IDs that will receive the token, e.g ["eaaa65618fe24293b00a61454182b435", "40073ee9bc3446d3a051a71b48509a5d"]

Step 3: Base URI

Input the base URI of the client application, to ensure that the token can be used by the client. e.g example.net/platform

Step 4: Client ID & Client Name

  1. Input the Client ID, e.g f815e5c44f364993961be3b3f26a7bf4
  2. Input the Client Name, e.g E-commerce

Step 5: Client Permissions

  1. Input the Action needed for the permission.

  2. Input the Resource you want to access into the Resource parameter. Note that the Resource parameter has its own formatting requirements, listed below:

    • Only uppercase letters and numbers can be used, except in the variable section
    • Variable placeholders should be wrapped with {}
    • Uppercase and lowercase letters are both allowed for the variable placeholder
    • Variable placeholders can be replaced with * as the value or alphanumeric only string
    • Sections are separated by a colon (:)
    • Cannot end with colon (:)
    • Spaces cannot be used

    Below are some examples of how to fill in the Resource parameter:

  • NAMESPACE:game:USER:{userId} Replace userId with the ID of the user you’re creating the permissions for. This allows the user to access any data related to their account in game.

  • NAMESPACE:{namespace}:USER:{userId} Replace namespace and userId with the with the desired client and user. This allows the user to access their account data in whatever client they’re logged into.

  • ADMIN:NAMESPACE:USER: This permission allows admins to access all namespaces and all user IDs.

    The following parameters are optional; they can be used to schedule permissions that are granted on a temporary basis.

  1. Input the desired action value into the SchedAction field.
  2. For recurring permissions, input the desired string or date range in UTC into the SchedCron field.
  3. Input the start and end dates for the permission into the SchedRange field.

Step 6: Complete the Required Fields

  1. Input the namespace into the Namespace field.
  2. Input the appropriate client type into the oauthClientType field. For both game and backend service clients, use the Confidential client type.

Upon successful request, the client will be generated in the desired namespace.

Create a Game or Backend Service Client Through the Admin Portal

  1. Login with your valid credentials.
  2. In the dashboard, go to the Platform Configuration section and click the Clients menu.

cm

  1. The list of existing clients appears.

cm

  1. Click Create New.
  2. Fill in the fields required by your client type:
    • To create a game client, choose the Game Namespace and Confidential Client Type.
    • To create a backend service client, choose the Publisher Namespace and Public Client Type.

cm

  1. When you’re finished, click Create. Your new client will be added to the client list.

Create an SPA Client

Create an SPA Client Using the API Gateway

Use the Create SPA Client: POST /iam/v3/admin/namespaces/{namespace}/clients endpoint. Follow these steps to make the request:

Step 1: Namespace

Input the namespace to which you want to add the client.

Step 2: Audiences

Input list of target client IDs that will receive the token, e.g ["eaaa65618fe24293b00a61454182b435", "40073ee9bc3446d3a051a71b48509a5d"]

Step 3: Base URI

Input the base URI of the client application, to ensure that the token can be used by the client. e.g example.net/platform

Step 4: Client ID & Client Name

Input the Client ID, e.g f815e5c44f364993961be3b3f26a7bf4 Input the Client Name, e.g E-commerce

Step 5: Client Permissions

  1. Input the Action needed for the permission.

  2. Input the Resource you want to access into the Resource parameter. Note that the Resource parameter has its own formatting requirements, listed below:

    • Only uppercase letters and numbers can be used, except in the variable section
    • Variable placeholders should be wrapped with {}
    • Uppercase and lowercase letters are both allowed for the variable placeholder
    • Variable placeholders can be replaced with * as the value or alphanumeric only string
    • Sections are separated by a colon (:)
    • Cannot end with colon (:)
    • Spaces cannot be used

    Below are some examples of how to fill in the Resource parameter:

  • NAMESPACE:game:USER:{userId} Replace userId with the ID of the user you’re creating the permissions for. This allows the user to access any data related to their account in game.

  • NAMESPACE:{namespace}:USER:{userId} Replace namespace and userId with the with the desired client and user. This allows the user to access their account data in whatever client they’re logged into.

  • ADMIN:NAMESPACE:USER: This permission allows admins to access all namespaces and all user IDs.

    The following parameters are optional; they can be used to schedule permissions that are granted on a temporary basis.

  1. Input the desired action value into the SchedAction field.
  2. For recurring permissions, input the desired string or date range in UTC into the SchedCron field.
  3. Input the start and end dates for the permission into the SchedRange field.

Step 6: Complete the Required Fields

  1. Input the namespace into the Namespace field.
  2. Input the appropriate client type into the oauthClientType field. For both game and backend service clients, use the Confidential client type.

Upon successful request, the client will be generated in the desired namespace.

Create an SPA Client Through the Admin Portal

  1. Login with your valid credentials.
  2. In the dashboard, go to the Platform Configuration section and click the Clients menu.

cm

  1. There you can see the list of existing clients.

cm

  1. Click the Create New button.
  2. Input the required fields according to the client type. To create an SPA Client, choose the Public client type.

cm

  1. When you’re finished, click Create. Your new client will be added to the list.

What’s Next?

  • For more information about Client Management you can access the API references.