Zum Inhalt springen

LiveOps API (2.0.0)

Overview

  • Version: 2.0.0
  • Servers: https://store.xsolla.com/api
  • Contact Us by Email
  • Contact URL: https://xsolla.com/
  • Required TLS version: 1.2

LiveOps is a toolkit for driving ongoing player engagement through promotions and personalized offers.

Use the API to manage the following features:

  • Promotions — create and manage coupons, promo codes, discounts, and bonus campaigns.
  • Personalization — specify the conditions for displaying the item catalog and applying promotions only for certain authorized users.
  • Promotion limits — set a limit on how many times a promotion can be used by a user and configure scheduled resets for these limits.
  • Reward chains & Value points — configure reward progressions tied to value point accumulation.
  • Daily chains — set up recurring daily rewards to motivate regular logins.
  • Offer chains — build sequential purchase offers with per-step pricing and free reward options.
  • Upsell — a sales method in which the user is offered to buy an item with additional value.

API calls

The API is divided into the following groups:

  • Admin — calls for creating, updating, activating, and deleting campaigns and chain configurations. Authenticated via basic access authentication with your merchant or project credentials.
  • Client — calls for retrieving available promotions, getting active chains, redeeming codes, and claiming rewards on behalf of authenticated end users. Authenticated via user JWT.

Authentication

API calls require authentication either on behalf of a user or on behalf of a project. The authentication scheme used is specified in the Security section in the description of each call.

Authentication using user's JWT

User's JWT authentication is used when a request is sent from a browser, mobile application, or game. In this case, a user's JWT is used. By default, the XsollaLoginUserJWT scheme is applied. For details on how to create a token, see the Xsolla Login API documentation.

The token is passed in the Authorization header in the following format: Authorization: Bearer <user_JWT>, where <user_JWT> is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI

Alternatively, you can use a token for opening the payment UI.

Basic HTTP authentication

Basic HTTP authentication is used for server-to-server interactions, when an API call is sent directly from your server rather than from a user's browser or mobile application. HTTP Basic authentication with an API key is typically used.

Note

The API key is confidential and must not be stored or used in client applications.

With basic server-side authentication, all API requests must include the following header:

  • for basicAuthAuthorization: Basic <your_authorization_basic_key>, where your_authorization_basic_key is the project_id:api_key pair encoded in Base64
  • for basicMerchantAuthAuthorization: Basic <your_authorization_basic_key>, where your_authorization_basic_key is the merchant_id:api_key pair encoded in Base64

You can find the parameter values in Publisher Account:

  • merchant_id is displayed:
    • In Company settings > Company.
    • In the URL in the browser address bar on any Publisher Account page. The URL has the following format: https://publisher.xsolla.com/<merchant_id>.
  • project_id is displayed:
    • Next to the project name in Publisher Account.
    • In the URL in the browser address bar when working on a project in Publisher Account. The URL has the following format: https://publisher.xsolla.com/<merchant_id>/projects/<project_id>.
  • api_key is shown in Publisher Account only at the time of creation and must be stored securely on your side. You can create an API key in the following sections:
Notice

If a required API call doesn't include the project_id path parameter, use an API key that is valid across all company projects for authorization.

For more information about working with API keys, see the API references.

Authentication with guest access support

The AuthForCart authentication scheme is used for cart purchases and supports two modes:

  1. Authentication with a user's JWT. The token is passed in the Authorization header in the following format: Authorization: Bearer <user_JWT>, where <user_JWT> is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI

Alternatively, you can use a token for opening the payment UI.

  1. Simplified mode without Authorization header. This mode is used only for unauthorized users and can be applied only for game key sales. Instead of a token, the request must include the following headers:
    • x-unauthorized-id with a request ID
    • x-user with the user's email address encoded in Base64

Core entity structure

Items of all types (virtual items, bundles, virtual currency, and keys) use a similar data structure. Understanding the basic structure simplifies working with the API and helps you navigate the documentation more easily.

Note

Some calls may include additional fields but they don't change the basic structure.

Identification

  • merchant_id — company ID in Publisher Account
  • project_id — project ID in Publisher Account
  • sku — item SKU, unique within the project

Store display

  • name — item name
  • description — item description
  • image_url — image URL
  • is_enabled — item availability
  • is_show_in_store — whether the item is displayed in the catalog

For more information about managing item availability in the catalog, see the documentation.

Organization

  • type — item type, for example, a virtual item (virtual_item) or bundle (bundle)
  • groups — groups the item belongs to
  • order — display order in the catalog

Sale conditions

  • prices — prices in real or virtual currency
  • limits — purchase limits
  • periods — availability periods
  • regions — regional restrictions

Example of core entity structure:

{
  "attributes": [],
  "bundle_type": "virtual_currency_package",
  "content": [
    {
      "description": {
        "en": "Main in-game currency"
      },
      "image_url": "https://.../image.png",
      "name": {
        "en": "Crystals",
        "ru": "Crystals"
      },
      "quantity": 500,
      "sku": "com.xsolla.crystal_2",
      "type": "virtual_currency"
    }
  ],
  "description": {
    "en": "Crystals x500"
  },
  "groups": [],
  "image_url": "https://.../image.png",
  "is_enabled": true,
  "is_free": false,
  "is_show_in_store": true,
  "limits": {
    "per_item": null,
    "per_user": null,
    "recurrent_schedule": null
  },
  "long_description": null,
  "media_list": [],
  "name": {
    "en": "Medium crystal pack"
  },
  "order": 1,
  "periods": [
    {
      "date_from": null,
      "date_until": "2020-08-11T20:00:00+03:00"
    }
  ],
  "prices": [
    {
      "amount": 20,
      "country_iso": "US",
      "currency": "USD",
      "is_default": true,
      "is_enabled": true
    }
  ],
  "regions": [],
  "sku": "com.xsolla.crystal_pack_2",
  "type": "bundle",
  "vc_prices": []
}

Pagination

API calls that return large sets of records (for example, when building a catalog) return data in pages. Pagination is a mechanism that limits the number of items returned in a single API response and allows you to retrieve subsequent pages sequentially.

Use the following parameters to control the number of returned items:

  • limit — number of items per page
  • offset — index of the first item on the page (numbering starts from 0)
  • has_more — indicates whether another page is available
  • total_items_count — total number of items

Example request:

GET /items?limit=20&offset=40

Response example:

{
  "items": [...],
  "has_more": true,
  "total_items_count": 135
}

It is recommended to send subsequent requests until the response returns has_more = false.

Date and time format

Dates and time values are passed in the ISO 8601 format.

The following are supported:

  • UTC offset
  • null value when there is no time restriction for displaying an item
  • Unix timestamp (in seconds) used in some fields

Format: YYYY-MM-DDTHH:MM:SS±HH:MM

Example: 2026-03-16T10:00:00+03:00

Localization

Xsolla supports localization of user-facing fields such as item name and description. Localized values are passed as an object where the language code is used as the key. The full list of supported languages is available in the documentation.

Supported fields

Localization can be specified for the following parameters:

  • name
  • description
  • long_description

Locale format

The locale key can be specified in one of the following formats:

  • Two-letter language code: en, ru
  • Five-letter language code: en-US, ru-RU, de-DE

Examples

Example with a two-letter language code:

{
  "name": {
    "en": "Starter Pack",
    "ru": "Стартовый набор"
  }
}

Example with a five-letter language code:

{
  "description": {
    "en-US": "Premium bundle",
    "de-DE": "Premium-Paket"
  }
}

Error response format

If an error occurs, the API returns an HTTP status and a JSON response body. The full list of store-related errors is available in the documentation.

Response example:

{
  "errorCode": 1102,
  "errorMessage": "Validation error",
  "statusCode": 422,
  "transactionId": "c9e1a..."
}
  • errorCode — error code.
  • errorMessage — short error description.
  • statusCode — HTTP response status.
  • transactionId — request ID. Returned only in some cases.
  • errorMessageExtended — additional error details, such as request parameters. Returned only in some cases.

Extended response example:

{
  "errorCode": 7001,
  "errorMessage": "Chain not found",
  "errorMessageExtended": {
    "chain_id": "test_chain_id",
    "project_id": "test_project_id",
    "step_number": 2
  },
  "statusCode": 404
}

Common HTTP status codes

  • 400 — invalid request
  • 401 — authentication error
  • 403 — insufficient permissions
  • 404 — resource not found
  • 422 — validation error
  • 429 — rate limit exceeded

Recommendations

  • Handle the HTTP status and the response body together.
  • Use errorCode to process errors related to application logic.
  • Use transactionId to identify requests more quickly when analyzing errors.
OpenAPI-Beschreibung herunterladen
index.json
index.yaml
Sprachen
Server
https://store.xsolla.com/api/
Mock server
https://xsolla.redocly.app/_mock/de/api/liveops/

Allgemeines

Operationen

Gutscheine

Mit dieser API können Sie Gutscheine verwalten.

Operationen

Limits eindeutiger Gutscheincodes abrufenServer-sideAdmin

Anfrage

Ruft ab, wie oft die Codes noch eingelöst werden dürfen. Verwenden Sie zum Filtern der Codes den Abfrageparameter codes.

Im Abschnitt "Verwaltung" können Sie das Code-Limit selbst festlegen:

Sicherheit
basicAuth
Pfad
project_idintegererforderlich

Projekt-ID. Dieser Parameter wird im Kundenportal neben dem Projektnamen angezeigt.

Beispiel: 44056
external_idintegererforderlich

Externe ID der Werbeaktion. Eindeutige Werbeaktionskennung innerhalb des Projekts.

Beispiel: coupon_44056_1
Abfrage
codes[]Array of strings

Eindeutige Codes, bei denen zwischen Groß-/Kleinschreibung unterschieden wird. Enthält nur Buchstaben und Ziffern.

limitinteger>= 1

Begrenzung der Elementanzahl auf der Seite.

Beispiel: limit=50
offsetinteger>= 0

Elementnummer, aus der die Liste generiert wird (die Zählung beginnt bei 0).

Beispiel: offset=0
curl -i -X GET \
  -u <username>:<password> \
  'https://store.xsolla.com/api/v2/project/44056/admin/code/limit/coupon/external_id/coupon_44056_1?codes%5B%5D=string&limit=50&offset=0'

Antworten

Gutscheinlimits für einen Code erfolgreich erhalten.

Bodyapplication/json
has_moreboolean

Wenn eine andere Seite mit Codes existiert.

itemsArray of objects(Code-limit-promo-code)
promotion_idinteger

Werbeaktions-ID. Eindeutige Werbeaktionskennung innerhalb des Projekts.

total_items_countnumber

Gesamtzahl der Codes.

Antwort
application/json
{
  "has_more": false,
  "items": [
    {},
    {}
  ],
  "promotion_id": 1,
  "total_items_count": 2
}

Gutscheinaktion aktivierenServer-sideAdmin

Anfrage

Aktiviert eine Gutscheinaktion. Die erstellte Gutscheinaktion ist standardmäßig deaktiviert. Gutscheine lassen sich erst einlösen, wenn Sie die zugehörige Werbeaktion aktivieren. Verwenden Sie diesen Endpunkt, um eine Gutscheinaktion zu aktivieren.

Sicherheit
basicAuth
Pfad
project_idintegererforderlich

Projekt-ID. Dieser Parameter wird im Kundenportal neben dem Projektnamen angezeigt.

Beispiel: 44056
external_idintegererforderlich

Externe ID der Werbeaktion. Eindeutige Werbeaktionskennung innerhalb des Projekts.

Beispiel: coupon_44056_1
curl -i -X PUT \
  -u <username>:<password> \
  https://store.xsolla.com/api/v2/project/44056/admin/coupon/coupon_44056_1/activate

Antworten

Gutschein wurde erfolgreich aktiviert.

Antwort
Kein Inhalt

Gutscheincodes abrufenServer-sideAdmin

Anfrage

Ruft Gutscheincodes ab.

Sicherheit
basicAuth
Pfad
project_idintegererforderlich

Projekt-ID. Dieser Parameter wird im Kundenportal neben dem Projektnamen angezeigt.

Beispiel: 44056
external_idintegererforderlich

Externe ID der Werbeaktion. Eindeutige Werbeaktionskennung innerhalb des Projekts.

Beispiel: coupon_44056_1
Abfrage
limitinteger>= 1

Begrenzung der Elementanzahl auf der Seite.

Beispiel: limit=50
offsetinteger>= 0

Elementnummer, aus der die Liste generiert wird (die Zählung beginnt bei 0).

Beispiel: offset=0
curl -i -X GET \
  -u <username>:<password> \
  'https://store.xsolla.com/api/v2/project/44056/admin/coupon/coupon_44056_1/code?limit=50&offset=0'

Antworten

Die Liste der Codes für einen Gutschein wurde erfolgreich empfangen.

Bodyapplication/json
codesArray of objects
total_countnumber

Gesamtzahl der Gutscheincodes.

Antwort
application/json
{
  "codes": [
    {},
    {},
    {},
    {},
    {}
  ],
  "total_count": 5
}

Promocodes

Diese API ermöglicht die Verwaltung von Promocodes.

Operationen

Katalogsonderangebote

Mit dieser API können Sie Katalogsonderangebote verwalten.

Operationen

Rabatte

Mit dieser API können Sie Rabattaktionen verwalten.

Operationen

Boni

Diese API ermöglicht die Verwaltung von Bonusaktionen.

Operationen

Personalisierter Katalog

Diese API ermöglicht es, Regeln für Benutzerattribute festzulegen. Wenn der Nutzer alle Bedingungen einer konkreten Regel erfüllt, werden personalisierte Artikel angezeigt.

Für personalisierte Werbeaktionen siehe Abschnitt Werbeaktionen.

Um Attribute vor einem Kauf zu übermitteln, können Sie die Xsolla Login API verwenden oder die Attribute in der Eigenschaft user.attributes übermitteln, während Sie den Token mit der Pay Station API generieren.

Operationen

Verwaltung

Operationen

Verwaltung

Operationen

Client

Operationen

Clans-Client

Operationen

Verwaltung

Operationen

Client

Operationen

Verwaltung

Operationen

Client

Operationen

Verwaltung

Operationen

Client

Operationen