Login API v2.0

Overview

The section describes methods for working with Login. Use basic authentication to call methods.

Endpoint path: https://login.xsolla.com/api.

Authentication

Authenticate via Social Network

Authenticates a user via their social network account using the XL.login method.

Parameter Type Description
authType
string Name of the authentication method. Required.
Copy
Full screen
  • html
Request
<script src="https://cdn.xsolla.com/xsolla-login/1.3.1/xl.min.js"></script>
<script type="text/javascript">
XL.login({authType: 'sn-<social_network_name>'})
</script>
Response

Authenticate via Username and Password

Authenticates the user using the username and password entered via the XL.login method.

HTTP REQUEST

POST https://login.xsolla.com/api/login?projectId={projectId}&login_url={loginUrl}&redirect_url={redirectUrl}

Parameter Type Description
projectId
string Project ID. Required.
username
string Username. Required.
password
string Password. Required.
remember_me
boolean Whether to save the authentication data. Default: ‘false’.
login_url
string URL to redirect the user to after authentication. Must be identical to Callback URL specified in Publisher Account in Login settings. Required if there are several Callback URLs.
redirect_url
string The URL the partner redirects the user to after authentication.
Copy
Full screen
  • http
  • curl
  • html
Request
POST https://login.xsolla.com/api/login?projectId={projectId}&login_url={loginUrl}&redirect_url={redirectUrl}
Host: login.xsolla.com
Accept: application/json
Content-Type: application/json
{
  "username": "username",
  "password": "password",
  "remember_me": true
}
$ curl -v 'https://login.xsolla.com/api/login?projectId={projectId}&login_url={loginUrl}&redirect_url={redirectUrl}' \
-X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
  "username": "username",
  "password": "password",
  "remember_me": true
}'
<script src="https://cdn.xsolla.com/xsolla-login/1.3.1/xl.min.js"></script>
<script type="text/javascript">
XL.login(
    {
        authType: 'login-pass',
        login: document.login.value,
        pass: document.password.value,
        rememberMe: true
    }, function(error) {
       alert(error.message)
    }, function (success) {
        console.log('login success');
        success.finish();
    }
});
</script>
Response
{
  "login_url": "http://someurl.com?token=XXXXXXX"
}
{
  "login_url": "http://someurl.com?token=XXXXXXX"
}

Redirects the user to the social network authentication page using the HTTP 302 method.

HTTP REQUEST

GET https://login.xsolla.com/api/social/{providerName}/login_redirect?projectId={projectId}&login_url={loginUrl}&fields={fields}&access_key={accessKey}

Parameter Type Description
string Social network name. Can be: ‘amazon’, ‘baidu’, ‘battlenet’, ‘china_telecom’, ‘discord’, ‘facebook’, ‘github’, ‘google’, ‘google+’, ‘instagram’, ‘kakao’, ‘linkedin’, ‘mailru.oauth’, ‘microsoft’, ‘msn’, ‘naver’, ‘ok’, ‘paradox’, ‘paypal’, ‘pinterest’, ‘qq’, ‘reddit’, ‘steam’, ‘twitch’, ‘twitter’, ‘vimeo’, ‘vk’, ‘wechat’, ‘weibo’, ‘yahoo’, ‘yandex’, ‘youtube’. Required.
string Project ID. Required.
string URL to redirect the user to after authentication. Must be identical to Callback URL specified in Publisher Account in Login settings. Required if there are several Callback URLs.
string List of parameters required to complete the registration, separated by commas. Example: ‘email,promo_email_agreement’. If some parameters cannot be obtained from the social network, the user will be asked to specify them in the sign-up form.
string User access key.
Copy
Full screen
  • http
  • curl
Request
GET https://login.xsolla.com/api/social/{providerName}/login_redirect?projectId={projectId}&login_url={loginUrl}&fields={fields}&access_key={accessKey}
Host: login.xsolla.com
Accept: application/json
Content-Type: application/json
$ curl -v 'https://login.xsolla.com/api/social/{providerName}/login_redirect?projectId={projectId}&login_url={loginUrl}&fields={fields}&access_key={accessKey}' \
- X GET \
- H 'Content-Type: application/json' \
- H 'Accept: application/json' \
Response

Proxy-Authenticate via Username and Password

Proxies the request to the redirect_url set in the project settings.

HTTP REQUEST

POST https://login.xsolla.com/api/proxy/login?projectId={projectId}&redirect_url={redirectUrl}&login_url={loginUrl}

Parameter Type Description
projectId
string Project ID. Required.
username
string Username. Required.
password
string Password. Required.
remember_me
boolean Whether to save the authentication data. Default: ‘false’.
redirect_url
string The URL the partner redirects the user to after authentication.
Copy
Full screen
  • http
  • curl
Request
POST https://login.xsolla.com/api/proxy/login?projectId={projectId}&redirect_url={redirectUrl}&login_url={loginUrl}
Host: login.xsolla.com
Accept: application/json
Content-Type: application/json
{
  "username":"ХХХХ",
  "password":"ХХХХ",
  "remember_me": true|false
}
$ curl -v 'https://login.xsolla.com/api/proxy/login?projectId={projectId}&redirect_url={redirectUrl}&login_url={loginUrl}' \
- X POST \
- H 'Content-Type: application/json' \
- H 'Accept: application/json' \
-d '{
  "username":"ХХХХ",
  "password":"ХХХХ",
  "remember_me": true|false
}'
Response
{
  "login_url"=> "http://someurl.com?token=XXXXXXX"
}
{
  "login_url"=> "http://someurl.com?token=XXXXXXX"
}

Retrieves an authentication link for a certain social network.

HTTP REQUEST

GET https://login.xsolla.com/api/social/{providerName}/login_url?projectId={projectId}&login_url={loginUrl}&fields={fields}

Parameter Type Description
string Social network name. Can be: ‘amazon’, ‘baidu’, ‘battlenet’, ‘china_telecom’, ‘discord’, ‘facebook’, ‘github’, ‘google’, ‘google+’, ‘instagram’, ‘kakao’, ‘linkedin’, ‘mailru.oauth’, ‘microsoft’, ‘msn’, ‘naver’, ‘ok’, ‘paradox’, ‘paypal’, ‘pinterest’, ‘qq’, ‘reddit’, ‘steam’, ‘twitch’, ‘twitter’, ‘vimeo’, ‘vk’, ‘wechat’, ‘weibo’, ‘yahoo’, ‘yandex’, ‘youtube’. Required.
string Project ID. Required.
string URL to redirect the user to after authentication. Must be identical to Callback URL specified in Publisher Account in Login settings. Required if there are several Callback URLs.
string List of parameters required to complete the registration, separated by commas. Example: ‘email,promo_email_agreement’. If some parameters cannot be obtained from the social network, the user will be asked to specify them in the sign-up form.
string User access key.
Copy
Full screen
  • http
  • curl
Request
GET https://login.xsolla.com/api/social/{providerName}/login_url?projectId={projectId}&login_url={loginUrl}&fields={fields}
Host: login.xsolla.com
Accept: application/json
Content-Type: application/json
$ curl -v 'https://login.xsolla.com/api/social/{providerName}/login_url?projectId={projectId}&login_url={loginUrl}&fields={fields}' \
- X GET \
- H 'Content-Type: application/json' \
- H 'Accept: application/json' \
Response
{
  "url":"http://someurl.com”
}
{
  "url":"http://someurl.com”
}

Retrieves authentication links for all social networks set for the project.

HTTP REQUEST

GET https://login.xsolla.com/api/social/login_urls?projectId={projectId}&fields={fields}&locale={locale}

Parameter Type Description
string Project ID. Required.
string List of parameters required to complete the registration, separated by commas. Example: ‘email,promo_email_agreement’. If some parameters cannot be obtained from the social network, the user will be asked to specify them in the sign-up form.
string User regional settings specified as <language code>_<country code>, where:
Copy
Full screen
  • http
  • curl
Request
GET https://login.xsolla.com/api/social/login_urls?projectId={projectId}&fields={fields}&locale={locale}
Host: login.xsolla.com
Accept: application/json
Content-Type: application/json
$ curl -v 'https://login.xsolla.com/api/social/login_urls?projectId={projectId}&fields={fields}&locale={locale}' \
- X GET \
- H 'Content-Type: application/json' \
- H 'Accept: application/json' \
Response
{
  "provider1": "http://someurl1.com",
  "provider2": "http://someurl2.com"
}
{
  "provider1": "http://someurl1.com",
  "provider2": "http://someurl2.com"
}

Settings

Change User Email

After email confirmation, the request is proxied to the redirect_url set in the project settings.

HTTP REQUEST

PUT https://login.xsolla.com/api/user/by_access_key/{accessKey}/profile/email?login_url={loginUrl}

Parameter Type Description
access_key
string User access key. Required.
email
string User email. Required.
redirect_url
string The URL the partner redirects the user to after email confirmation. Required.
login_url
string URL Xsolla redirects the user to after email confirmation.
Copy
Full screen
  • http
  • curl
Request
PUT https://login.xsolla.com/api/user/by_access_key/{accessKey}/profile/email?login_url={loginUrl}
Host: login.xsolla.com
Accept: application/json
Content-Type: application/json
{
  "email": "example@example.com",
  "redirect_url": "http://example.com"
}
$ curl -v 'https://login.xsolla.com/api/user/by_access_key/{accessKey}/profile/email?login_url={loginUrl}' \
-X PUT \
-u merchant_id:merchant_api_key \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
  "email": "example@example.com",
  "redirect_url": "http://example.com"
}'
Response
204 No Content
204 No Content

Get Widget Settings

Retrieves widget settings.

HTTP REQUEST

GET https://login.xsolla.com/api/widget/settings?projectId={projectId}&redirect_url={redirectUrl}&login_url={loginUrl}&fields={fields}&locale={locale}

Parameter Type Description
projectId
string Project ID. Required.
login_url
string URL to redirect the user to after authentication. Must be identical to Callback URL specified in Publisher Account in Login settings. Required if there are several Callback URLs.
redirect_url
string The URL the partner redirects the user to after authentication.
fields
string List of parameters required to complete the registration, separated by commas. Example: ‘email,promo_email_agreement’. If some parameters cannot be obtained from the social network, the user will be asked to specify them in the sign-up form.
locale
string User regional settings specified as <language code>_<country code>, where:
Copy
Full screen
  • http
  • curl
Request
GET https://login.xsolla.com/api/widget/settings?projectId={projectId}&redirect_url={redirectUrl}&login_url={loginUrl}&fields={fields}&locale={locale}
Host: login.xsolla.com
Accept: application/json
Content-Type: application/json
$ curl -v 'https://login.xsolla.com/api/widget/settings?projectId={projectId}&redirect_url={redirectUrl}&login_url={loginUrl}&fields={fields}&locale={locale}' \
- X GET \
- H 'Content-Type: application/json' \
- H 'Accept: application/json' \
Response
{
    "centralBlock": "OFF",
    "socialLinks": {
        "primary": [],
        "secondary": [],
        "other": [
            {
                "name": "github",
                "url": "хххххххххххххх"
            },
            {
                "name": "google",
                "url": "хххххххххххххххх"
            }
        ]
    },
    "proxyLogin": true,
    "proxyRegistration": true,
    "proxyResetPassword": true,
    "custom_css": "app.somecss.css"
}
{
    "centralBlock": "OFF",
    "socialLinks": {
        "primary": [],
        "secondary": [],
        "other": [
            {
                "name": "github",
                "url": "хххххххххххххх"
            },
            {
                "name": "google",
                "url": "хххххххххххххххх"
            }
        ]
    },
    "proxyLogin": true,
    "proxyRegistration": true,
    "proxyResetPassword": true,
    "custom_css": "app.somecss.css"
}

Error Codes

Errors while Authenticating via Username/Password

Error code format: <error_code>::=<group_code>-<situation_code>.

Group code: 003

Situation code Description
001 Wrong username or password.
002 User not found.
003 A user with the specified name already exists.
007 A user is not activated (email not confirmed).
008 Changing the email is prohibited.
061 Project not found.
091 User account blocked.

Other Errors

Error code format: <error_code>::=<group_code>-<situation_code>.

Group code: 010

Situation code Description
003 Access to project restricted.
004 Service temporarily unavailable.
005 Allowable number of requests exceeded.
006 No authentication methods.
007 Incorrect CAPTCHA input.
008 No linked social profile.
009 Authentication canceled by user.
010 Invalid confirmation code.
011 No value passed for the “login_url” parameter.
012 Project “login_url” is incorrect.
014 Unable to send user data. Applicable for social network authentication.
015 Request to social network provider failed.
016 Profile not found or linked to another user.