brainCloud

For some security reasons, you might want to restrict your server to access limited S2S API calls from brainCloud, this article will show you how to use brianCloud API Hook to achieve it.

Create a script called <code>RestrictS2SCalls</code>

"use strict"; function main() { var response = false; bridge.logDebugJson("script input...", data); // enforce restrictions if this call is not from *within* a cloud-code script if ( !data.message.ccCall) { var listtype = data.parms.listtype; var services = data.parms.services; // default response differs by type of list if (listtype == "whitelist") { response = false; } else { response = true; } // look to see if the service is listed if (services.hasOwnProperty(data.service)) { var ops = services[data.service]; // check the listed operations in service if (Object.keys(ops).length &gt; 0) { if (ops.hasOwnProperty(data.operation)) { response = (listtype == "whitelist"); } } else { // if no ops, that means all... response = (listtype == "whitelist"); } } } else { response = true; } return response; } main();

- Create a script called <code>RestrictS2SCalls</code>
 "use strict"; function main() { var response = false; bridge.logDebugJson("script input...", data); // enforce restrictions if this call is not from *within* a cloud-code script if ( !data.message.ccCall) { var listtype = data.parms.listtype; var services = data.parms.services; // default response differs by type of list if (listtype == "whitelist") { response = false; } else { response = true; } // look to see if the service is listed if (services.hasOwnProperty(data.service)) { var ops = services[data.service]; // check the listed operations in service if (Object.keys(ops).length &gt; 0) { if (ops.hasOwnProperty(data.operation)) { response = (listtype == "whitelist"); } } else { // if no ops, that means all... response = (listtype == "whitelist"); } } } else { response = true; } return response; } main();

Open Design | Cloud Code | API Hooks page, and pre-hook the script you created from the previous step with the following parameters to <code>S2SDisparcher</code> service <code>processMessage</code> Operation.

{ "listtype": "blocklist", "services": { "user": { "SYS_GET_PAGE": 1 }, "globalEntity": { "GET_LIST": 1, "GET_LIST_COUNT": 1 }, "script": {} } }

This example will block the specified API/Operation calls from the <code>user</code> and <code>globalEntity</code> services, and all APIs from <code>script</code> service, you can modify them as you wish, find the service and operation from <a href="https://getbraincloud.com/apidocs/apiref/index.html#introduction" rel="nofollow noopener noreferrer" target="_blank">brainCloud API Reference</a>. Also note, you can modify the <code>listtype</code> to <code>whitelist</code> to make this hook only allow the calls from the listed services and operations.

- Open Design | Cloud Code | API Hooks page, and pre-hook the script you created from the previous step with the following parameters to <code>S2SDisparcher</code> service <code>processMessage</code> Operation.
 { "listtype": "blocklist", "services": { "user": { "SYS_GET_PAGE": 1 }, "globalEntity": { "GET_LIST": 1, "GET_LIST_COUNT": 1 }, "script": {} } }
 
 
 
- This example will block the specified API/Operation calls from the <code>user</code> and <code>globalEntity</code> services, and all APIs from <code>script</code> service, you can modify them as you wish, find the service and operation from <a href="https://getbraincloud.com/apidocs/apiref/index.html#introduction" rel="nofollow noopener noreferrer" target="_blank">brainCloud API Reference</a>. Also note, you can modify the <code>listtype</code> to <code>whitelist</code> to make this hook only allow the calls from the listed services and operations.

Call the blocked APIs/Operations from brianCloud <code>S2S Exploer</code> or from your S2S server, if the APIs/Operations are listed in your <code>blocklist</code>, you should get a response that is similar to the following.

{ "reason_code": 40639, "status_message": "Processing exception: Api call rejected for service: globalEntity - operation: GET_LIST", "status": 500 }

- Call the blocked APIs/Operations from brianCloud <code>S2S Exploer</code> or from your S2S server, if the APIs/Operations are listed in your <code>blocklist</code>, you should get a response that is similar to the following. 
 { "reason_code": 40639, "status_message": "Processing exception: Api call rejected for service: globalEntity - operation: GET_LIST", "status": 500 }