Xsolla-logo

Overview

In-Game Store & Buy Button API provides a third-party solution for implementing the server side for your store interface. Use the endpoints to manage in-game items, in-game currencies, cart, player inventory, promotions, game library, etc.

It can be enabled for two Xsolla products:

For more information, read Integration guide.

Authentication

basicAuth

Xsolla API uses basic access authentication. All requests to API must contain the Authorization: Basic <your_authorization_basic_key> header, where your_authorization_basic_key is the project_id:api_key pair encoded according to the Base64 standard.

Go to Xsolla Publisher Account to find values of the parameters:

  • project_id on the All projects > Project ID page
  • api_key on the Company settings > API key tab.

You can use merchant_id instead of project_id. It doesn't affect functionality.

To find merchant_id, go to Company settings > Company > Merchant ID.

Security Scheme Type HTTP
HTTP Authorization Scheme basic

XsollaLoginUserJWT

By default, the Xsolla Login User JWT (Bearer token) is used for authorization. You can try calling this endpoint with a test Xsolla Login User JWT token: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI.

You can use the Pay Station access token as an alternative.

Security Scheme Type HTTP
HTTP Authorization Scheme bearer
Bearer format "JWT"

AuthForCart

When selling a cart with games or physical goods, you can call the endpoint without authorization.

To do this:

  • add a unique identifier to the x-unauthorized-id parameter in the header for games and physical goods
  • add user’s email to the x-user parameter (Base64 encoded) in the header for games.

By default, the Xsolla Login User JWT (Bearer token) is used for authorization. You can try calling this endpoint with a test Xsolla Login User JWT token: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI.

You can use the Pay Station access token as an alternative.

Security Scheme Type HTTP
HTTP Authorization Scheme bearer

basicMerchantAuth

Xsolla API uses basic access authentication. All requests to API must contain the Authorization: Basic <your_authorization_basic_key> header, where your_authorization_basic_key is the merchant_id:api_key pair encoded according to the Base64 standard.

Go to Xsolla Publisher Account > Company settings to find values of the parameters:

  • merchant_id on the Company tab
  • api_key on the API key tab.
Security Scheme Type HTTP
HTTP Authorization Scheme basic