Home Page
Solutions
Web Shop
Overview Integration flow Demo walkthrough
Catalog and items
Create Web Shop
Promotions
Test and publish Web Shop
Analytics
Payments
Overview Integration scenarios
Generation of payment token on client side
Generation of payment token on server side
Testing
Catalog configuration
Customization
Promotions
Payment UI management
Anti-fraud
Sell game keys
Overview Integration flow
Prerequisites
Catalog
Create site
Set up authentication
Set up selling game keys
Promotions and other features
Multi-game store
Cloud Gaming
Digital Distribution Hub
Products
Pay Station
Shop Builder
Overview
Integration guide
Features
How-tos
Extensions
References
Tutorials
Subscriptions
Site Builder
Partner Network
Login
Overview API reference FAQs
Integration guide
Authentication options
User data storage
Security
Customization
Communication service providers
Features
How-tos
Extensions
Legal settings
References
Metaframe
Overview
Integration guide
Setting up custom sections
Setting up Wallet
Setting up Backpack
Setting up mobile version
Launcher
Overview
Integration guide
Features
How-tos
Extensions
References
Chat
Xsolla Partner Ecosystem FAQs
API references
Getting started Pay Station API Login API Shop Builder API Webhooks Subscriptions API DDH API
SDKs & libraries
Xsolla Mobile SDK
Headless checkout
SDK for Unity (PC, web)
Overview SDK reference documentation
Integration guide
BaaS integrations
Demo project
Authentication
Catalog
Subscriptions
Promotions
Item purchase
Player inventory
User account and attributes
Application build guides
Troubleshooting
How to migrate to SDK version 1.0.0 and higher How to migrate to SDK version 2.0.0 and higher
SDK for Unreal Engine
Overview SDK reference documentation
Integration guide
BaaS integrations
Demo project
Authentication
Catalog
Subscriptions
Promotions
Item purchase
Player inventory
User account and attributes
Application build guides
How to modify SDK
SDK for Cocos Creator
Overview
Integration guide
Demo project
Authentication
Catalog
Promotions
Subscriptions
Item purchase
Player inventory
User account and attributes
Troubleshooting
How to connect native Xsolla SDK for Android to your project How to connect native Xsolla SDK for iOS to your project
Extensions for BaaS
PHP

Silent authentication

How it works

Silent authentication allows you to automatically authenticate users in your game via a publishing platform. The Steam, Xbox Live, and Epic Games platforms are currently supported. If you need support for the Stone or Mail.ru platforms, contact your Customer Success Manager or email to csm@xsolla.com.

Interaction flow:

  1. User launches your game.
  2. The game receives platform authorization data through the platform SDK.
  3. Your game generates and sends a request to the Xsolla Login server to get a JWT.
  4. The Xsolla Login server authenticates the user and sends the JWT.

Note
If you have integrated the Xsolla Launcher, use the instructions to authenticate users via platforms.
With silent authentication, you can also collect user email addresses as you would with the authentication via social networks. To configure this, use the Collecting email addresses and phone numbers instructions.

Who can use it

Partners who have already integrated Login and have a publishing platform account.

How to get it

  1. Set up silent authentication in Publisher Account.
  2. Complete integration steps on the side of your application.

Setting up silent authentication

In the Login product, two approaches to enabling silent authentication are implemented:

Note
The shadow Login project is required to create cross-platform accounts that allow users to play on different platforms under the same account, sync their inventory across platforms, etc. A shadow Login project is created for each publishing platform that hosts the game and is then tied to the main account of the user. See Cross-platform account for details.

In the classic login option, you can enable silent authentication for several publishing platforms at once, but creating a cross-platform account is not possible. If a user logs into a game on one platform and then on another, the Login product will consider these logins as two different users.
To enable silent authentication in the classic login option:
  1. Open your project in Publisher Account and go to the Login section.
  2. Click Configure in the panel of a classic login option.
  3. Go to the Authentication block and select the Publishing platforms section.
  1. To connect a publishing platform, click the ⚙ icon next to its name and select Settings.
  1. In the modal window, specify the parameters for the selected platform:
    • Steam:
      • Application ID — AppID of your account on the platform;
      • Application secret keyWeb API Key.
    • Epic Games:
      • Application ID — Client ID of the client of your game on the platform;
      • Application secret key — Secret key of the client of your game on the platform.
    • Xbox Live:
      • Application ID — Application ID/Client ID of your game on the platform;
      • Application secret key — Application Secret generated when your game was registered on the platform.
Note
For the Xbox Live platform, it is not necessary to provide setting values. You can connect Xbox Live with access keys owned by Xsolla. To do this, click the ⚙ icon to the right of the platform name and select Connect.
  1. Click Connect.
  2. Repeat steps 4 – 6 for other publishing platforms, if required.

Application side integration

Use the instruction for the publishing platform that hosts your application:

Steam

Form a session ticket (session_ticket parameter) based on the platform data after user authentication:
  1. Get the session ticket.
  2. Pass it to the silent authentication request (JWT or OAuth 2.0) as a session_ticket parameter.

Xbox Live

  1. Form a session ticket (session_ticket parameter) based on the platform data after user authentication. The parameter is formed based on the <xid>-<uhs>;<XSTSToken> template where:
    • <xid> — Xbox User ID;
    • <uhs> — user hash;
    • <XSTSToken> — Xbox Secure Token Service.
  2. Pass the session_ticket parameter to the silent authentication request (JWT or OAuth 2.0).

Epic Games

  1. Get the exchangecode authorization code from the platform, which is generated after user authentication.
  2. Pass the received exchangecode to the silent authentication request (JWT or OAuth 2.0) as the session_ticket parameter.
Was this article helpful?
Thank you!
Is there anything we can improve? Message
We’re sorry to hear that
Please explain why this article wasn’t helpful to you. Message
Thank you for your feedback!
We’ll review your message and use it to help us improve your experience.
Last updated: July 31, 2024

Found a typo or other text error? Select the text and press Ctrl+Enter.

System status
All services operational
Partial outage
© 2006–2025 Xsolla Inc.
Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!
We couldn't send your feedback
Try again later or contact us at doc_feedback@xsolla.com.