All Collections
General questions
A way to prevent certain API calls from S2S
A way to prevent certain API calls from S2S

S2S, restrict APIs

Jason Liang avatar
Written by Jason Liang
Updated over a week ago

For some security reasons, you might want to restrict your server to access limited S2S API calls from brainCloud, this article will show you how to use brianCloud API Hook to achieve it.

Step 1: Create a pre-hook script

  • Create a script called RestrictS2SCalls

    "use strict";

    function main() {
        var response = false;
        bridge.logDebugJson("script input...", data);
        // enforce restrictions if this call is not from *within* a cloud-code script
        if ( !data.message.ccCall) {
            var listtype = data.parms.listtype;
            var services = data.parms.services;
            // default response differs by type of list
            if (listtype == "whitelist") {
                response = false;
            } else {
                response = true;
            }
            // look to see if the service is listed 
            if (services.hasOwnProperty(data.service)) {
                var ops = services[data.service];
                // check the listed operations in service
                if (Object.keys(ops).length > 0) {
                    if (ops.hasOwnProperty(data.operation)) {
                        response = (listtype == "whitelist");
                    }
                } else {
                    // if no ops, that means all...
                    response = (listtype == "whitelist");
                }
            }
        } else {
            response = true;
        }
        return response;
    }

    main();

Step 2: Hook the scrip up

  • Open Design | Cloud Code | API Hooks page, and pre-hook the script you created from the previous step with the following parameters to S2SDisparcher service processMessage Operation.

    {
        "listtype": "blocklist",
        "services": {
            "user": {
                "SYS_GET_PAGE": 1
            },
            "globalEntity": {
                "GET_LIST": 1,
                "GET_LIST_COUNT": 1
            },
            "script": {}
        }
    }

  • This example will block the specified API/Operation calls from the user and globalEntity services, and all APIs from script service, you can modify them as you wish, find the service and operation from brainCloud API Reference. Also note, you can modify the listtype to whitelist to make this hook only allow the calls from the listed services and operations.

Step 3: Test

  • Call the blocked APIs/Operations from brianCloud S2S Exploer or from your S2S server, if the APIs/Operations are listed in your blocklist, you should get a response that is similar to the following. 

    {
      "reason_code": 40639,
      "status_message": "Processing exception: Api call rejected for service: globalEntity - operation: GET_LIST",
      "status": 500
    }
Did this answer your question?