How to set up authentication when selling game keys

Both the authorized and unauthorized users can make purchases.

Set up selling game keys for not authenticated users

You can sell games to users without authentication if you follow the rules below:

  • Use a direct link or widget without a token to sell one copy of the game.
  • Pass the unique user ID and email address to sell several copies of the game in a cart.
  • Use methods for fast purchases to sell one item without specified parameters.

You should use the unique user ID in the title as a number or line when calling the IGS&BB API (x-unauthorized-id parameter). The identifier is generated on the frontend side, for example via the identifier generation library.

The email address and other additional data (username and country code per ISO 3166-1 alpha-2) have the Base64 encoding and are passed in the title for the x-user parameter when calling the method for getting a payment token.

Example:

Copy
Full screen
Small screen
  • curl

{
 "name": "John Smith",
 "email": "test@test.com", 
 "country": "US"
}

You can also pass the data to body or query in the object form.

Example:

Copy
Full screen
Small screen
  • curl

"user": {
 "name": "John Smith",
 "email": "test@test.com", 
 "country": "US"
}

Set up selling game keys for authenticated users

There are the following options for authenticating users:

  1. If you integrated Xsolla Login, the requests are authenticated via the Xsolla Login JWT.
  2. If you have your own authentication system, the requests are authenticated via the Pay Station access token.

Authentication via Xsolla Login

  1. Follow the instructions to set up a project in Publisher Account.
  2. Implement the authentication methods callback: based on the JSON Web Token or OAuth 2.0 protocol.

If the user data is stored in the Xsolla storage, use the following methods:

If the user data is stored in the PlayFab database, use the how-to for the PlayFab storage.

If you store user data in a custom storage, use the how-to for a custom storage.

Authentication via Pay Station access token

Authentication flow:

  1. Your client sends the authentication request to your server.
  2. Your server passes Merchant ID and API key to the Xsolla server and requests access_token.
  3. The Xsolla server sends access_token to your server.
  4. Your server sends access_token to your client.

Returned access_token is used as an authentication token to authenticate the requests sent by the game client.

Was this article helpful?
Thank you!
Is there anything we can improve? Message
We’re sorry to hear that
Please explain why this article wasn’t helpful to you. Message
Thank you for your feedback!
We’ll review your message and use it to help us improve your experience.
Rate this page
Rate this page
Is there anything we can improve?

Don’t want to answer

Thank you for your feedback!
Last updated: October 10, 2023

Found a typo or other text error? Select the text and press Ctrl+Enter.

Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!