Set up selling items
In-Game Store allows you to monetize games through the in-game sale of the following items for real or virtual currency:
- in-game currency and currency packages
- consumable items
- nonconsumable items
- time-limited items
| Goods | Selling method |
|---|---|
| One item (e.g., virtual item or a custom amount of virtual currency) | Fast purchase calls |
| Several items in a cart | Pass the unique user ID. The unique user ID is used in the title as a number or line when calling the API methods of the Catalog subsection from the Virtual items & currency method group (x-unauthorized-id parameter). The identifier is generated on the front-end side, for example, via the identifier generation library. |
To manage the users’ access to your application and features of Xsolla products, set up an authentication system. For this, you can use Xsolla Login or implement your own authentication system.
If you have implemented your own authentication system and need only the payment UI, generate a Pay Station access token and set up webhooks on your server.
You can use Xsolla Login for your in-game store, if you don’t have your own servers or you want to use the existing solution. The following features are performed on the Xsolla side:
- store and manage a catalog
- manage prices
- store data on regional prices
- authenticate users
- process transactions
Authentication via Xsolla login
Xsolla Login supports the OAuth 2.0 standard protocol for user registration and authentication. The standard OAuth 2.0 protocol helps to simplify the development of the client-side application. OAuth 2.0 lets you update the access token without involving the user.
The data on authorized users can be stored:
- In the Xsolla storage. See Get started for Xsolla Login to set it up.
- In the PlayFab database. Use the how-to for the PlayFab storage to set it up.
- In a custom storage. Use the how-to for a custom storage to set it up.
Authentication via Pay Station access token
General flow
The flow of interaction between your client and the Xsolla server:- Your client sends an authentication request to your server.
- Your server requests an authorization token and sends a header that contains
project_id/merchant_idandapi_keyparameters to the Xsolla server. - Xsolla server returns the Pay Station access token.
- Your server passes the Pay Station access token to your client.
- The returned Pay Station access token is used as an authorization token for authentication in the In-Game Store API and building a store interface.
Get Pay Station access token
On the back-end of your application, implement a method to get a Pay Station access token using an HTTP POST request.
The Xsolla API uses basic HTTP authentication. The request must contain the Authorization: Basic <your_authorization_basic_key> header, where <your_authorization_basic_key> is the merchant ID:API key pair, encoded according to the Base64 standard. Go to Publisher Account to find these parameters:
- Merchant ID is shown:
- In the Company settings > Company section.
- In the URL in the browser address bar on any Publisher Account page. The URL has the following format:
https://publisher.xsolla.com/<merchant ID>/<Publisher Account section>.
- API key is shown in Publisher Account only once when it is created and must be stored on your side. You can create a new key in the following section:
- Company settings > API keys
- Project settings > API keys
For more information about working with API keys, see the API reference.
Key recommendations:
- Save the generated API key on your side. You can view the API key in Publisher Account only once when it is created.
- Keep your API key a secret. It provides access to your personal account and your projects in Publisher Account.
- The API key must be stored on your server and never in binaries or on the frontend.
If an API call you need does not contain the project_id path parameter, use the API key that is valid in all the company’s projects to set up authorization.
HTTP request:
POST https://api.xsolla.com/merchant/v2/merchants/{merchant_id}/token
To get the token, pass the following parameters in the request body:
| Parameter | Type | Description |
|---|---|---|
settings | object | Custom project settings (object). |
settings.project_id | integer | Game’s Xsolla ID. Can be found in Publisher Account beside the name of your project. Required. |
user | object | User details (object). |
user.id | object | User ID in your authorization system (object). |
user.id.value | string | User ID. Required. |
user.email | object | User email (object). |
user.email.value | string | User email. Must be valid according to the RFC 822 protocol. Required. |
user.name | object | User screen name (object).Required. |
user.name.value | string | User screen name |
user.steam_id | object | User Steam ID (object). |
user.steam_id.value | string | User Steam ID. Required if the application is published on Steam. |
user.playfab_id | object | User PlayFab ID (object) |
user.playfab_id.value | string | User PlayFab ID. Required if the application uses PlayFab services to grant items. |
custom_parameters, purchase, etc.), they are not intended to receive an authorization token.The lifetime of the Pay Station access token when working with the in-game store and inventory is 1 hour after the last call to the Xsolla API. To change the lifetime of the Pay Station access token, contact your Customer Success Manager or email to csm@xsolla.com.
Implement the logic of receiving a new Pay Station access token after its expiration. It is recommended that you get a new token in the background mode, so the user doesn’t have to log in to the application again.
Found a typo or other text error? Select the text and press Ctrl+Enter.
