Xsolla Login is a solution that provides users with easier authentication and secures their sensitive data. Login offers you convenient, safe, and fast methods for signing up players or logging them into all of their favorite games.

Xsolla Login allows to:

  • Use API:
    • Login API for user authentication and attributes management
    • User Account API for user’s account management
    • Achievements API for user’s game achievements management
    • GameCloud API for managing the game: saving the game and profile statistics, storing the game settings, etc.
  • Process personal data according to the GDPR regulations
  • Account for age-restriction that depends on the user’s location when logging in/creating an account
  • Age confirmation for the users from South Korea via I-PIN
  • Authenticate users via username/password pair
  • Authenticate users via 30+ social networks providers
  • Select the user data storage including PlayFab
  • Manage users from Publisher Account:
    • Export users to Mailchimp
    • Export the list of users to the CSV file
    • Block users
    • Group users
  • Collect the user authorization statistics
  • Customize emails
  • Localize the product emails into 20 languages
  • Sort social networks by the user’s location and the frequency of using

You can also authenticate users via the widget which supports:

  • UI customization
  • Localization into 20 languages
  • Setting up the start page

Integration Flow

To integrate Xsolla Login:

  1. Set up your Login project in Publisher Account.
  2. Integrate the solution on your application side.

Setting up Login project in Publisher Account

  1. Create Login project in Publisher Account and specify Name.
  2. Go to General settings > URL and fill in the following fields:
    • Callback URL to redirect the user to after successful authentication;
    • Error callback URL to redirect the user to in case of an authentication error. If you do not specify any value, we will be using the Callback URL.
  3. Select a storage for user data.
  4. Set up the social networks for social authentication.

Integrating the Solution on the Application Side

There are the following possible ways of integration:

Integrating via the Widget

To integrate Xsolla Login with Widget 2.0, connect Xsolla Login SDK. If you use the previous version of the widget and want to switch to version 2.0, contact your Account Manager.

Integrating via API

  1. Go to Publisher Account > your Login project > General Settings > URL and fill in the Allowed origins (CORS) field. The URL for calling the API methods is passed in CORS. The field is required if the browser is used for sending the requests to API.
  2. Implement the callback of the API methods:
    1. Register,
    2. Auth by Username and Password,
    3. Auth via Social Network,
    4. Reset Password.

Processing of Personal Data

Processing of personal data of the European Union (EU) users is regulated according to the provisions of the GDPR. Below you will find a list of the GDPR regulations and how Login can help you comply with them.

Login uses cookies that are necessary for it to work correctly. A registration form in Login Widget is used for giving consent to process cookies.

According to Articles 6-8 of the regulation, you must:

  • Request the data subject to give consent to the processing of his or her personal data,
  • Give the data subject the right to withdraw his or her consent at any time.

A registration form is used in Login Widget to request user consent to process personal data.

If a user changes his or her decision, you can cancel the processing of the personal data by sending a request to support@xsolla.com.

User Rights

According to Articles 15-17, 19 of the regulation, the user has rights to:

  • Get a copy of his or her personal data,
  • Ask for the rectification of inaccurate personal data concerning him or her,
  • Ask for the erasure of personal data concerning him or her.

To get, rectify or erase user data:

  • Send a request to support@xsolla.com if you use the Xsolla storage.
  • Read the tutorial if you use PlayFab.
  • Choose your own method if you use a custom storage.

Processing and Storage of Personal Data

According to Article 5 of the regulation, personal data shall be:

  • Collected for specified purposes and not further processed in a manner that is incompatible with those purposes;
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Login uses the data that can affect the user's blocking, email sending, payment making, and other ways of applying personal data.

Storage and transfer of personal data are encrypted according to the AES-256 algorithm.

Data Portability

According to Article 20 of the regulation, the user has the right to transmit and store his or her personal data. You must provide the user with structured, commonly used and machine-readable format data.

To get user data:

  • Go to your Publisher Account > your Login project > Users if you use the Xsolla storage.
  • Read the tutorial if you use PlayFab.
  • Choose your own method if you use a custom storage.

User Data Protection

According to Article 32 of the regulation, you must provide a reliable level of data security, using:

  • Data encryption,
  • Data confidentiality,
  • Data integrity,
  • Resilient data processing systems.

There are several Login features than can help you comply with the requirements:

  • Data encryption in accordance with the AES-256 algorithm,
  • Checking for the correctness of the entered password,
  • Checking the password for security,
  • Data access restriction.


Our Recipes will help you try out some of the advanced features of Login: