Buy Button / How to set up authentication when selling items
 Back to Docs
Buy Button

How to set up authentication when selling items

Contents

Both the authorized and unauthorized users can make purchases.

Set up selling items for not authenticated users

You can sell games and physical goods to users without authentication if you follow the rules below:
  • Use a direct link or widget without a token to sell one copy of the game.
  • Pass the unique user ID and email address to sell several copies of the game in a cart.
  • Use methods for fast purchases to sell one physical item without specified parameters.
  • Pass the unique user ID to sell several physical items in a cart.

You should use the unique user ID in the title as a number or line when calling the Store API methods (x-unauthorized-id parameter). The identifier is generated on the frontend side, for example via the identifier generation library.

The email address and other additional data (username and country code per ISO 3166-1 alpha-2) have the Base64 encoding and are passed in the title for the x-user parameter when calling the method for getting a payment token.

Example:

Copy
Full screen
Small screen
  • curl
{
 "name": "John Smith" 
 "email": "test@test.com" 
 "country": "US" 
}

You can also pass the data to body or query in the object form.

Example:

Copy
Full screen
Small screen
  • curl
"user": {
 "name": "John Smith" 
 "email": "test@test.com" 
 "country": "US"
}

Set up selling items for authenticated users

There are the following options for authenticating users:

  1. If you integrated Xsolla Login, the requests are authenticated via the Xsolla Login JWT.
  2. If you have your own authentication system, the requests are authenticated via the Pay Station Access Token.

Authentication via Xsolla Login

  1. Follow the instructions to set up a project in Publisher Account.
  2. Implement the authentication methods callback: based on the JSON Web Token or OAuth 2.0 protocol.

If the user data is stored in the Xsolla storage, implement the following methods:

If the user data is stored in the PlayFab database, use the recipe for the PlayFab storage.

If you store user data in a custom storage, use the recipe for a custom storage.

Authentication via Pay Station access token

Authentication flow:

  1. Your client sends the authentication request to your server.
  2. Your server passes Merchant ID and API key to the Xsolla server and requests access_token.
  3. The Xsolla server sends access_token to your server.
  4. Your server sends access_token to your client.

Returned access_token is used as an authentication token to authenticate the requests sent by the game client.

Contents