- Version: 2.0.0
- Servers:
https://store.xsolla.com/api - Contact Us by Email
- Contact URL: https://xsolla.com/
- Required TLS version: 1.2
In-Game Store & Buy Button API provides a third-party solution for implementing the server side for your store interface. Use the endpoints to manage in-game items, in-game currencies, cart, player inventory, promotions, game library, etc.
It can be enabled for two Xsolla products:
For more information, read Integration guide.
basicAuth
Xsolla API uses basic access authentication. All requests to API must
contain the Authorization: Basic <your_authorization_basic_key>
header, where your_authorization_basic_key is the project_id:api_key
pair encoded according to the Base64 standard.
Go to Xsolla Publisher Account to find values of the parameters:
project_idon the All projects > Project ID pageapi_keyon the Company settings > API key tab.
You can use merchant_id instead of project_id. It doesn't affect
functionality.
To find merchant_id, go to Company settings > Company > Merchant ID.
| Security Scheme Type | HTTP |
|---|---|
| HTTP Authorization Scheme | basic |
XsollaLoginUserJWT
By default, the Xsolla Login User JWT (Bearer token) is used for authorization. You can try calling this endpoint with a test Xsolla Login User JWT token: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI.
You can use the Pay Station access token as an alternative.
| Security Scheme Type | HTTP |
|---|---|
| HTTP Authorization Scheme | bearer |
| Bearer format | "JWT" |
AuthForCart
When selling a cart with games or physical goods, you can call the endpoint without authorization.
To do this:
- add a unique identifier to the
x-unauthorized-idparameter in the header for games and physical goods - add user’s email to the
x-userparameter (Base64 encoded) in the header for games.
By default, the Xsolla Login User JWT (Bearer token) is used for authorization. You can try calling this endpoint with a test Xsolla Login User JWT token: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI.
You can use the Pay Station access token as an alternative.
| Security Scheme Type | HTTP |
|---|---|
| HTTP Authorization Scheme | bearer |
basicMerchantAuth
Xsolla API uses basic access authentication. All requests to API must contain the Authorization: Basic <your_authorization_basic_key> header, where your_authorization_basic_key is the merchant_id:api_key pair encoded according to the Base64 standard.
Go to Xsolla Publisher Account > Company settings to find values of the parameters:
merchant_idon the Company tabapi_keyon the API key tab.
| Security Scheme Type | HTTP |
|---|---|
| HTTP Authorization Scheme | basic |