Set up selling items

In-Game Store allows you to monetize games through the in-game sale of the following items for real or virtual currency:

  • in-game currency and currency packages
  • consumable items
  • nonconsumable items
  • time-limited items

GoodsSelling method
One item.Use fast purchase calls of one item.
Several items in a cart.Pass the unique user ID. The unique user ID is used in the title as a number or line when calling the API-methods of the Catalog subsection from the Virtual items & currency method group (x-unauthorized-id parameter). The identifier is generated on the front-end side, for example via the identifier generation library.

For authorized users

To manage the users’ access to your application and features of Xsolla products, set up an authentication system. For this, you can use Xsolla Login or implement your own authentication system.

If you have implemented your own authentication system and need only the payment UI, generate a Pay Station access token and set up webhooks on your server.

You can use Xsolla Login for your in-game store, if you don’t have your own servers or you want to use the existing solution. The following features are performed on the Xsolla side:

  • store and manage a catalog
  • manage prices
  • store data on regional prices
  • authenticate users
  • process transactions

Authentication via Xsolla login

Xsolla Login supports the OAuth 2.0 standard protocol for user registration and authentication. The standard OAuth 2.0 protocol helps to simplify the development of the client-side application. OAuth 2.0 lets you update the access token without involving the user.

The data on authorized users can be stored:

Note
User data includes the balance in the real currency (change), saved cards, transactions history, and subscriptions.

Authentication via Pay Station access token

Note
Recommended if you want to integrate In-Game Store and Buy Button API methods.

The flow of interaction between your client and the Xsolla server:

  1. Your client sends an authentication request to your server.
  2. Your server requests an authorization token and sends a header that contains project_id/merchant_id and api_key parameters to the Xsolla server.
  3. Xsolla server returns the Pay Station access token.
  4. Your server passes the Pay Station access token to your client.
  5. The returned Pay Station access token is used as an authorization token for authentication in the In-Game Store and Buy Button API and building a store interface.

Get Pay Station access token

On the back-end of your application, implement a method to get a Pay Station access token using an HTTP POST request.

The Xsolla API uses basic HTTP authentication. The request must contain the Authorization: Basic <your_authorization_basic_key> header, where <your_authorization_basic_key> is the merchant ID:API key pair, encoded according to the Base64 standard. Go to Publisher Account to find these parameters:

  • Merchant ID is shown:
    • In the Project settings > Webhooks section.
    • In the Company settings > Company section.
    • In the URL in the browser address bar on any Publisher Account page. The URL has the following format: https://publisher.xsolla.com/​merchant ID/Publisher Account section.

  • API key is shown in Publisher Account only once when it is created and must be stored on your side. You can create a new key in the following section:
    • Company settings > API keys
    • Project settings > API keys

Notice

For more information about working with API keys, see the API reference.

Key recommendations:

  • Save the generated API key on your side. You can view the API key in Publisher Account only once when it is created.
  • Keep your API key a secret. It provides access to your personal account and your projects in Publisher Account.
  • The API key must be stored on your server and never in binaries or on the frontend.

HTTP request:

POST https://api.xsolla.com/merchant/v2/merchants/{merchant_id}/token

To get the token, pass the following parameters in the request body:

ParameterTypeDescription
settings
objectCustom project settings (object).
settings.project_id
integerGame’s Xsolla ID. Can be found in Publisher Account beside the name of your project. Required.
user
objectUser details (object).
user.id
objectUser ID in your authorization system (object).
user.id.value
stringUser ID. Required.
user.email
objectUser email (object).
user.email.value
stringUser email. Must be valid according to the RFC 822 protocol. Required.
user.name
objectUser screen name (object). Required.
user.name.value
stringUser screen name
user.steam_id
objectUser Steam ID (object).
user.steam_id.value
stringUser Steam ID. Required if the application is published on Steam.
user.playfab_id
objectUser PlayFab ID (object)
user.playfab_id.value
stringUser PlayFab ID. Required if the application uses PlayFab services to grant items.

See examples of requests and responses in the API reference.

Notice
In the request, use only parameters from the list above. Don’t pass other parameters of the API call (custom_parameters, purchase, etc.), they are not intended to receive an authorization token.

The lifetime of the Pay Station access token when working with the in-game store and inventory is 1 hour after the last call to the Xsolla API. To change the lifetime of the Pay Station access token, contact your Account Manager.

Implement the logic of receiving a new Pay Station access token after its expiration. It is recommended that you get a new token in the background mode, so the user doesn’t have to log in to the application again.

Your progress
Thank you for your feedback!
Last updated: January 31, 2023

Found a typo or other text error? Select the text and press Ctrl+Enter.

Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!