How to set up authentication when selling items
Both the authorized and unauthorized users can make purchases.
Set up selling items for not authenticated users
You can sell games and physical goods to users without authentication if you follow the rules below:- Use a direct link or widget without a token to sell one copy of the game.
- Pass the unique user ID and email address to sell several copies of the game in a cart.
- Use methods for fast purchases to sell one physical item without specified parameters.
- Pass the unique user ID to sell several physical items in a cart.
You should use the unique user ID in the title as a number or line when calling the
The email address and other additional data (username and country code per
Example:
- curl
{
"name": "John Smith"
"email": "test@test.com"
"country": "US"
}
You can also pass the data to body or query in the object form.
Example:
- curl
"user": {
"name": "John Smith"
"email": "test@test.com"
"country": "US"
}
Set up selling items for authenticated users
There are the following options for authenticating users:
- If you integrated Xsolla Login, the requests are authenticated via the Xsolla Login JWT.
- If you have your own authentication system, the requests are authenticated via the Pay Station Access Token.
Authentication via Xsolla Login
- Follow the instructions to set up a project in Publisher Account.
- Implement the authentication methods callback: based on the
JSON Web Token orOAuth 2.0 protocol.
If the user data is stored in the Xsolla storage, implement the following methods:
- registration (
JWT orOAuth 2.0 ) - authentication via (choose one of the options):
- password reset
If the user data is stored in the
If you store user data in a custom storage, use the recipe for a custom storage.
Authentication via Pay Station access token
Authentication flow:
- Your client sends the authentication request to your server.
- Your server passes
Merchant ID andAPI key to the Xsolla server and requestsaccess_token . - The Xsolla server sends
access_token to your server. - Your server sends
access_token to your client.
Returned
