Skip to main content

Add permissions to an IAM client

Last updated on March 14, 2024


AccelByte Gaming Services (AGS) uses identity and access management (IAM) clients to manage which game resources can be accessed and manipulated by applications. This How-to will walk you through adding permissions to an IAM client you created for your game using the AGS Admin Portal.

For more information about IAM clients and how they interact with AGS, see the documentation for managing access control for applications under the Services section.


To manage IAM clients, you will need an AGS account with Admin Portal administrator privileges to the game namespace you wish to create an IAM client for. If you don't have access, please reach out to your AccelByte account representative.

You will also need an IAM client created in your desired game namespace to add permissions to it.

Add permissions to an IAM client

Add permissions to an IAM client in Premium

  1. Log in to your AGS Admin Portal.
  2. In the Admin Portal, go into the namespace for the game you want to create an IAM client for.
  3. On the sidebar of that namespace, go to Authorizations > IAM Clients.
  4. On the "IAM Clients" page, click View under the "Action" column next to the IAM client you wish to add permissions to.
  5. Click the Permissions tab, then click the + Add button.
  6. Enter the information on the "Add Client Permissions" form that appears.
    1. Resource: A permission resource is a string containing multiple tokens that the system uses to grant access to specific resources. For more information, see the documentation on permissions.
    2. Action: Select which actions this permission will be able to perform.
  7. Click Confirm to save this permission to the IAM client.

Add permissions to an IAM client in Starter

AGS Starter

To add permission to an IAM Client in Starter, you can see the add permission to a client in Starter documents under the Service section.

Get application access token using AGS SDKs

A Credential client requires a valid access token for server-to-server (S2S) calls to AGS services.

The code below generates a valid access token using AGS SDK for a credential client.

bool bServerLoggedIn = false;
bool bServerLoginComplete = false;
FRegistry::ServerOauth2.LoginWithClientCredentials(FVoidHandler::CreateLambda([&bServerLoggedIn, &bServerLoginComplete]()
UE_LOG(LogAccelByteEcommerceTest, Log, TEXT("Server Login Success"));
bServerLoginComplete = bServerLoggedIn = true;
}), FErrorHandler::CreateLambda([&bServerLoggedIn, &bServerLoginComplete](int32 ErrCode, FString const& ErrMsg)
UE_LOG(LogAccelByteEcommerceTest, Error, TEXT("Server Login Success"));
bServerLoginComplete = true;
WaitUntil(bServerLoginComplete, "Waiting for server logged in...");