Login

Xsolla Login is a solution that provides users with easier authentication and secures their sensitive data. Login offers you convenient, safe, and fast methods for signing up players or logging them into all of their favorite games.

Features

The solution has the following functionality:

NameDetails
User authenticationAvailable via Login API with the ability to manage user attributes. Also, the authentication is made via Login Widget.
User account managementAvailable via User Account API. User friends management is supported by the User Friends method group.
User game achievements managementAvailable via Achievements API.
User game managementAvailable via GameCloud API.
Cross-platform publishing ecosystemsFeatures:
Resetting previous authentication while logging in via a new deviceSet by the with_logout parameter in the authentication request.
Processing of personal data according to the GDPRBy default, available when creating your Login project.
Application of privacy and cookie policiesXsolla’s policies are used by default. Contact your Account Manager to set up your own policies.
Accounting for age-restriction that depends on the user’s location when logging in/creating an accountContact your Account Manager to set it up.
Age confirmation for the users from South Korea via the okname service or I-PIN and SMSContact your Account Manager to set it up.
Authentication via social networksSet up in Publisher Account > your Login project > Social connections. You have the following options to choose a social network for authentication from:
  • Your own application. When connecting a social network, you will need to enter your application data.
  • Xsolla Login application. When connecting a social network, you need to leave the fields empty.
Social Auth Webhook URLContact your Account Manager to set it up. See the recipe.
User data storageYou can choose one of the following options for storing user data:
Exporting users to MailchimpFollow the recipe to set it up.
Exporting the list of users to a CSV fileAvailable in Publisher Account > your Login project > Users > Export users.
Blocking usersAvailable in Publisher Account > your Login project > Users > user settings > Profile.
User groupsAvailable in Publisher Account > your Login project > Users > Manage user groups.
User profileAvailable in Publisher Account > your Login project > Users > user settings > Profile.
Resending a user account confirmation emailAvailable in User profile > Primary email address > primary email settings > Resend email confirmation.
Displaying users authentication statisticsBy default, available in Publisher Account > Statistics.
Emails customizationFollow the recipe to set it up.
B2C emails localization into 20 languagesOnly the preset text is localized. Text is localized into the following languages: Arabic (ar_AE), Bulgarian (bg_BG), Czech (cz_CZ), German (de_DE), Spanish (es_ES), French (fr_FR), Hebrew (he_IL), Italian (it_IT), Japanese (ja_JP), Korean (ko_KR), Polish (pl_PL), Portuguese (pt_BR), Romanian (ro_RO), Russian (ru_RU), Thai (th_TH), Turkish (tr_TR), Vietnamese (vi_VN), Chinese Simplified (zh_CN), Chinese Traditional (zh_TW).
Sorting social networks by user location and frequency of usingContact your Account Manager to set it up.
Widget UI customizationAvailable in Publisher Account > your Login project > Customization.
Widget UI localization into 20 languagesUI texts are localized in the same 20 languages as B2C emails.
Widget start page customizationFollow the instruction to set it up.
Requesting additional data when creating a user account (extended registration form)The flow depends on the user data storage:
  • If you use a custom storage, additional data is passed with the authentication request.
  • If you use a PlayFab storage, additional data is sent as UserData.
Contact your Account Manager to set it up.
User authentication via social networks onlyAvailable only for the previous version of Login Widget. You can set it up by switching off the Sign in via username/password toggler in Publisher Account > your Login project > General settings > Authentication.
Requesting additional user data when creating the account via social networksAllows to request user data that is not returned by social networks. Contact your Account Manager to set it up.

Integration Flow

To integrate Xsolla Login:

  1. Set up your Login project in Publisher Account.
  2. Integrate the solution on your application side.

Setting up Login project in Publisher Account

  1. Create Login project in Publisher Account and specify Name.
  2. Go to General settings > URL and fill in the following fields:
    • Callback URL to redirect the user to after successful authentication;
    • Error callback URL to redirect the user to in case of an authentication error. If you do not specify any value, we will be using the Callback URL.
  3. Select a storage for user data.
  4. Set up the social networks for social authentication.

Integrating the Solution on the Application Side

There are the following possible ways of integration:

Integrating via the Widget

To integrate Xsolla Login with Widget 2.0, connect Xsolla Login Widget SDK. If you use the previous version of the widget and want to switch to version 2.0, contact your Account Manager.

Integrating via API

  1. Go to Publisher Account > your Login project > General Settings > URL and fill in the Allowed origins (CORS) field. The URL for calling the API methods is passed in CORS. The field is required if the browser is used for sending the requests to API.
  2. Implement the callback of the API methods:
    1. Register a New User,
    2. Auth by Username and Password,
    3. Auth via Social Network,
    4. Reset Password.

Processing of Personal Data

Processing of personal data of the European Union (EU) users is regulated according to the provisions of the GDPR. Below you will find a list of the GDPR regulations and how Login can help you comply with them.

Login uses cookies that are necessary for it to work correctly. A registration form in Login Widget is used for giving consent to process cookies.

According to Articles 6-8 of the regulation, you must:

  • Request the data subject to give consent to the processing of his or her personal data,
  • Give the data subject the right to withdraw his or her consent at any time.

A registration form is used in Login Widget to request user consent to process personal data.

If a user changes his or her decision, you can cancel the processing of the personal data by sending a request to support@xsolla.com.

User Rights

According to Articles 15-17, 19 of the regulation, the user has rights to:

  • Get a copy of his or her personal data,
  • Ask for the rectification of inaccurate personal data concerning him or her,
  • Ask for the erasure of personal data concerning him or her.

To get, rectify or erase user data:

  • Send a request to support@xsolla.com if you use the Xsolla storage.
  • Read the tutorial if you use PlayFab.
  • Choose your own method if you use a custom storage.

Processing and Storage of Personal Data

According to Article 5 of the regulation, personal data shall be:

  • Collected for specified purposes and not further processed in a manner that is incompatible with those purposes;
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Login uses the data that can affect the user's blocking, email sending, payment making, and other ways of applying personal data.

Storage and transfer of personal data are encrypted according to the AES-256 algorithm.

Data Portability

According to Article 20 of the regulation, the user has the right to transmit and store his or her personal data. You must provide the user with structured, commonly used and machine-readable format data.

To get user data:

  • Go to your Publisher Account > your Login project > Users if you use the Xsolla storage.
  • Read the tutorial if you use PlayFab.
  • Choose your own method if you use a custom storage.

User Data Protection

According to Article 32 of the regulation, you must provide a reliable level of data security, using:

  • Data encryption,
  • Data confidentiality,
  • Data integrity,
  • Resilient data processing systems.

There are several Login features than can help you comply with the requirements:

  • Data encryption in accordance with the AES-256 algorithm,
  • Checking for the correctness of the entered password,
  • Checking the password for security,
  • Data access restriction.

Recipes

Our Recipes will help you try out some of the advanced features of Login: