If your game is built with PlayFab, integrating SCILL is easy and straightforward.

Integrate SCILL into PlayFab auth

SCILL integrates into existing user authentication systems and does not store any private user data. All items within SCILL are linked to an external user id that you provide.

Some SCILL endpoints require an access token. This is required if your game client directly communicates with the SCILL backend. In these unsecure areas, hackers could extract your API-Key and use it to hack or manipulate their state within your application (faking challenge progress for example). To prevent this, your client asks your backend to generate an access token which then uses an API based SCILL backend to create and sign the access token. In subsequent calls to client APIs you just send the access token instead of the API key to securely identify the user and your game.

If you are using PlayFab Authentication the access token can be generated securely by adding a CloudScript function to your PlayFab CloudScript repository:

PlayFab Cloud Function
// This function generates a SCILL access token for the current PlayFab user.
// More info can be found here:
handlers.generateSCILLAccessToken = function (args, context) {
   // Set your API Key created in the SCILL Admin Panel
   var scillApiKey = "ai728S-1aSdgb9GP#R]Po[P!1Z(HSSTpdULDMUAlYX";

   var headers = {
      "Authorization": "Bearer " + scillApiKey

   // Provide the current playfab id as the user_id. Please make sure to use the
   // same user_id when sending events from the backend and use the generated
   // access token on client side
   var body = {
      user_id: currentPlayerId

   // Prepare request to SCILL cloud
   var url = "";
   var content = JSON.stringify(body);
   var httpMethod = "post";
   var contentType = "application/json";

   // The pre-defined http object makes synchronous HTTP requests to SCILL cloud
   var response = http.request(url, httpMethod, content, contentType, headers);
   var parsedData = JSON.parse(response);

   // Return the access token as a string
   return parsedData.token;

Get Access Token in Game

Using the PlayFab SDK in your game you can use the PlayFabClientAPI.ExecuteCloudScript function to execute CloudScripts and getting back the result. In the cloud function provided above, the result is the access token as a string.


In the Unity SDK the SCILLManager class sets up SCILL, generates an access token and handles the lifetime of other SCILL classes. The default implementation of SCILLManager uses the SCILLBackend to create an access token using the API key within the game. This is not recommended for production use, at this exposes the API key to the client.

To use the PlayFab authentication and CloudScript created earlier, create a new subclass of SCILLManager and override the GenerateAccessToken function like shown below:

Execute PlayFab Cloud Function
// The default SCILLManager implementation creates access token in client - which is not recommended for production
public class MySCILLManager : SCILLManager {
   // Override SCILLManager class with custom implementation
   public override IPromise<string> GenerateAccessToken(string userId)
       // Execute cloud script created earlier and either return access token or error
       PlayFabClientAPI.ExecuteCloudScript(new ExecuteCloudScriptRequest()
           FunctionName = "generateSCILLAccessToken", // name of function created in PlayFab cloud
           GeneratePlayStreamEvent = true
       (ExecuteCloudScriptResult result) =>
            // Return the access token returned by the cloud function back to the SCILLManager to set up everything
            return Promise<string>.Resolved(result.FunctionResult);
       (PlayFabError error) =>
            return Promise<string>.Rejected(error.errorMessage);


In Unreal, use the PlayFab SDK to wire up a Blueprint that executes the PlayFab login and wire the PlayFab user id to the SCILLClient blueprint component.

The whole process is described in the Unreal Getting Started Guide