Set up selling items

There are two Xsolla solutions for monetizing games — Buy Button (sell items on a game’s website) and In-Game Store (sell items in the game).

Buy Button gives you an opportunity to sell the following items for real or virtual currency:

  • game keys
  • virtual items
  • virtual currency
  • physical goods

In-Game Store gives you an opportunity to sell the following items for real or virtual currency:

  • in-game currency and currency packages
  • consumable items
  • nonconsumable items
  • time-limited items

You can sell items to unauthorized and authenticated users.

Set up selling items for unauthorized users

When making a purchase, users are limited by the following conditions:

  • Unauthorized users can’t use the entitlement system.
  • Payment methods and Xsolla balance are not available in Xsolla Pay Station.

GoodsSelling method
One copy of a game (game key).Use direct link or widget.
Several copies of the game (game keys) or several games in a cart.Pass the unique user ID and email address. The email address and other additional data (a username and country code per ISO 3166-1 alpha-2) have the Base64 encoding and are passed in the title for the x-user parameter when calling the method for getting a payment token.
One item.Use fast purchase calls of one item.
Several items in a cart.Pass the unique user ID. The unique user ID is used in the title as a number or line when calling the In-Game Store & Buy Button API methods (x-unauthorized-id parameter). The identifier is generated on the front-end side, for example via the identifier generation library.

Set up selling items for authenticated users

To manage the users’ access to your application and features of Xsolla products, set up an authentication system. For this, you can use Xsolla Login or implement your own authentication system.

If you have implemented your own authentication system and need only the payment UI, generate a Pay Station access token and set up webhooks on your server.

You can use Xsolla Login for your in-game store, if you don’t have your own servers or you want to use the existing solution. The following features are performed on the Xsolla side:

  • store and manage a catalog
  • manage prices
  • store data on regional prices
  • authenticate users
  • process transactions

Authentication via Xsolla login

Xsolla Login supports the OAuth 2.0 standard protocol for user registration and authentication. The standard OAuth 2.0 protocol helps to simplify the development of the client-side application. OAuth 2.0 lets you update the access token without involving the user.

The data on authorized users can be stored:

User data includes the balance in the real currency (change), saved cards, transactions history, and subscriptions.

Authentication via Pay Station access token

Recommended if you want to integrate In-Game Store and Buy Button API methods.

The flow of interaction between your client and the Xsolla server:

  1. Your client sends an authentication request to your server.
  2. Your server requests an authorization token and sends a header that contains project_id/merchant_id and api_key parameters to the Xsolla server.
  3. Xsolla server returns the Pay Station access token.
  4. Your server passes the Pay Station access token to your client.
  5. The returned Pay Station access token is used as an authorization token for authentication in the In-Game Store and Buy Button API and building a store interface.

Get Pay Station access token

On the back-end of your application, implement a method to get a Pay Station access token using an HTTP POST request.

The Xsolla API uses basic HTTP authentication. The request must contain the Authorization:Basic <your_authorization_basic_key> header where <your_authorization_basic_key> is the merchant_id:api_key encoded according to the Base64 standard. You can find the parameter values ​​in Publisher Account:

  • For merchant_id, go to the Project settings > Webhooks > Merchant ID section.
  • For api_key, go to the Company settings > API key section.

HTTP request:


To get the token, pass the following parameters in the request body:

objectCustom project settings (object).
integerGame’s Xsolla ID. Can be found in Publisher Account beside the name of your project. Required.
objectUser details (object).
objectUser ID in your authorization system (object).
stringUser ID. Required.
objectUser email (object).
stringUser email. Must be valid according to the RFC 822 protocol. Required.
objectUser screen name (object). Required.
stringUser screen name
objectUser Steam ID (object).
stringUser Steam ID. Required if the application is published on Steam.
objectUser PlayFab ID (object)
stringUser PlayFab ID. Required if the application uses PlayFab services to grant items.

See examples of requests and responses in the API reference.

In the request, use only parameters from the list above. Don’t pass other parameters of the API call (custom_parameters, purchase, etc.), they are not intended to receive an authorization token.

The lifetime of the Pay Station access token when working with the in-game store and inventory is 1 hour after the last call to the Xsolla API. To change the lifetime of the Pay Station access token, contact your Account Manager.

Implement the logic of receiving a new Pay Station access token after its expiration. It is recommended that you get a new token in the background mode, so the user doesn’t have to log in to the application again.

Your progress
Thank you for your feedback!
Last updated: August 8, 2022

Found a typo or other text error? Select the text and press Ctrl+Enter.

Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!