Integrate payment solution

To track referrals and make payouts for collaborators, you first need to integrate Xsolla Pay Station. Requirements:

  1. Pay Station is integrated on a performance-optimized landing page.
  2. Pay Station is the only payment method used on the game’s landing page that drives traffic through the Partner Network program.

Get token

To open the payment UI, you need to get a token. A token is a string that includes encrypted data about a game and a user. You need to implement the getting of a token to identify the user to allow the purchase.

In the back-end of your application, implement getting a user authentication token. To do so, use an HTTP POST request that includes basic HTTP authentication and pass the required parameters in the request body.

API reference
See the full list of parameters.

The lifetime of the token is 14 hours after the last call to the Xsolla API. Implement the logic of receiving a new token after its expiration. It is recommended that you get a new token in the background, so the user doesn’t have to log in to the application again.

Basic HTTP authentication

Xsolla API uses basic access authentication. All requests to API must contain the Authorization: Basic <your_authorization_basic_key> header, where <your_authorization_basic_key> is the merchant ID:API key pair, encoded according to the Base64 standard. Go to Publisher Account to find these parameters:

  • Merchant ID is shown:
    • In the Project settings > Webhooks section.
    • In the Company settings > Company section.
    • In the URL in the browser address bar on any Publisher Account page. The URL has the following format:​merchant ID/Publisher Account section.

  • API key is shown in Publisher Account only once when it is created and must be stored on your side. You can create a new key in the following section:
    • Company settings > API keys
    • Project settings > API keys


For more information about working with API keys, see the API reference.

Key recommendations:

  • Save the generated API key on your side. You can view the API key in Publisher Account only once when it is created.
  • Keep your API key a secret. It provides access to your personal account and your projects in Publisher Account.
  • The API key must be stored on your server and never in binaries or on the frontend.

Request body

In the request body, pass the following required parameters:

stringUnique user ID in your system.
stringUser email to send purchase receipts. If the parameter is not passed, a required field for entering an email appears on the payment page.
integerGame’s Xsolla ID. You can find this information in your project section in Publisher Account.

To improve user experience, you can also pass the following parameters:

stringUser screen name displayed on receipts.
stringPreferred payment currency.
stringInterface language.

Example of the request for obtaining a user authentication token

Full screen
Small screen

    curl -i -X POST \
      -u 2340:ZHgbSDVP6LtAJVWu \<merchant_id>/token \
      -H 'Content-Type: application/json' \
      -d '{
        "settings": {
          "currency": "USD",
          "language": "en",
          "project_id": <project_id>
        "user": {
          "email": {
            "value": "<user_email>"
          "id": {
            "value": "<user_id>"
          "name": {
            "value": "<user_name>"

    Example of a user authentication token received in response

    Full screen
    Small screen

          "token": "1230OWrp0KF6uqvmN8jWuzLyoXMzxTyK_lc_en"

      Open payment UI


      Before you sign a contract with Xsolla, testing your payment process is only available in sandbox mode. In case of any errors, see their descriptions.

      To open the payment UI in sandbox mode, use the following URL:, where ACCESS_TOKEN is the token obtained in the previous step.

      New window

      To open the payment UI in a new window, use the following URL:, where TOKEN is the obtained token.

      Use the link above to open the payment UI in sandbox mode. After the project launch, use this URL

      You can also open the payment UI using other options:

      • With Pay Station Embed. Limitation: there might be problems when opening it in the in-game browser (WebView).
      • In iframe. Limitation: there might be problems when opening it in the in-game browser (WebView) and in the mobile version of your application.

      Pay Station Embed

      This way of opening payment UI doesn’t support selling game keys. To sell game keys, follow the instruction.


      Full screen
      Small screen

         var options = {
             access_token: 'ACCESS_TOKEN', //TODO use access token, received on previous step
             sandbox: true //TODO please do not forget to remove this setting when going live
         var s = document.createElement('script');
         s.type = "text/javascript";
         s.async = true;
         s.src = "";
         s.addEventListener('load', function (e) {
         }, false);
         var head = document.getElementsByTagName('head')[0];
      <button data-xpaystation-widget-open>Buy Credits</button>

      Pay Station Embed allows getting events from the payment UI via postMessage. You can send these events to analytics systems. To set up events processing in your analytics system, contact your Account Manager or send email to

      The Xsolla team created a widget that simplifies the integration of the payment UI into your website. The widget script is available in our GitHub repository.

      Script initialization parameters:

      stringToken, received via API. Required.
      booleanSet to true to test the payment process: will be used instead of
      objectLightbox parameters (object; desktop version only).
      stringLightbox frame width. If null, depends on Pay Station width. Default is null.
      stringLightbox frame height. If null, depends on Pay Station height. Default is 100%.
      integerDefines arrangement order. Default is 1000.
      integerOverlay opacity (0 to 1). Default is .6.
      stringOverlay background color. Default is #000000.
      booleanIf true, the lightbox frame cannot be closed. Default is false.
      booleanIf true, clicking the overlay will close the lightbox. Default is true.
      booleanIf true, pressing ESC will close the lightbox. Default is true.
      stringFrame background color. Default is #ffffff. Note that these color changes do not affect the Pay Station iframe itself, only the settings of the lightbox that hold it.
      stringFrame margin. Default is 10px.
      stringType of animated loading indicator. Can be xsolla or round. Default is xsolla.
      stringSpinner color. No default value.
      objectOptions for the child window containing the Pay Station UI. Supported in the mobile version.
      stringWhere to open the Pay Station window. Can be _blank, _self, _parent. Default is _blank.

      The script allows you to track payment UI events. Depending on the event type, you can perform various actions on the web page.

      List of events:

      initWidget initialized.
      openWidget opened.
      loadPayment UI (Pay Station) loaded.
      closePayment UI (Pay Station) closed.
      statusUser is on the status page.
      status-invoiceUser is on the status page; payment in progress.
      status-deliveringEvent when the user was moved on the status page, payment was completed, and we’re sending payment notification.
      status-doneUser is on the status page; payment credited to the user’s account.
      status-troubledEvent when the user was moved on the status page, but the payment failed.

      If you want to initialize the opening of the payment UI, use the following link:

      It is necessary to use the link with the https:// prefix only for the payment UI opening.

      Use the following URL for testing purposes:

      access_token parameter contains private user data. Make sure that you use server-to-server communication when getting this parameter.


      To open the payment UI in an iframe:

      1. Implement the postMessage mechanism to receive events from the payment UI.
      2. Open the payment UI by following the link, where TOKEN is the received token.

      Set up webhooks

      If you want to receive notifications about events (e.g. change of the payment status), set up webhooks in Publisher Account:

      1. Open your project in Publisher Account.
      2. Click Project settings in the side menu and go to Webhooks.
      3. Set the Webhooks toggle to On.
      4. Specify the webhook URL.
      5. A secret key to sign project webhooks is generated by default. If you want to generate a new secret key, click the refresh icon.
      6. Click Save settings.

      It is recommended to implement the following webhooks:

      To confirm that the webhook is received, your server must respond with:

      • HTTP code 204 without a message body.
      • HTTP code 400 describing the problem if the specified user was not found or if an invalid signature was passed.

      Refer to the API reference for more information about webhooks.

      Test payment process

      To test the payment process, you can use the sandbox mode. Sandbox mode is a stand-alone environment that supports all features of a live environment, except real and declined payments. You can access sandbox mode by sending "mode":"sandbox" when you get the token.

      Before you sign a contract with Xsolla, testing the payment process is only available in sandbox mode.

      In sandbox mode, you can test the payment process with:

      Test bank card payment

      1. Open the payment UI in sandbox mode.
      2. Choose the Credit/Debit cards group of payment methods.
      3. Enter the bank card details. Enter any values in the remaining fields. You can also specify incorrect details (card number or expiration date) to generate an error.
      4. Click Pay now.
      Test cards list
      See the list of test bank cards.

      In addition to card details, you need to specify the ZIP code if at least one of the following conditions is true:

      • The user’s country is the US or Canada.
      • The Bank Identification Number (BIN) indicates that a card was issued in the US.

      You can specify any valid ZIP code (e.g., 12345). This determines the sales tax rate and does not affect the progress of the test payment.
      Sandbox bank card payments can be made in the following currencies: USD, EUR, RUB, GBP, AED, ALL, AMD, ARS, AUD, AZN, BGN, BRL, BYN, CAD, CHF, CLP, CNY, COP, CZK, DKK, DZD, EGP, GEL, HKD, HRK, HUF, IDR, ILS, INR, ISK, JPY, KES, KGS, KRW, KZT, MAD, MDL, MKD, MNT, MXN, MYR, NGN, PEN, PHP, PKR, PLN, RON, RSD, SAR, SEK, SGD, THB, TRY, TWD, UAH, UYU, UZS, VEF, VND, ZAR.

      See the description of all available scenarios for testing one-time purchases and saved cards.

      Test PayPal payment

      Create test PayPal account

      To test the payment process, you need to create an account for PayPal sandbox mode:

      1. Open the PayPal Developer website.
      2. Log in to your account or create a new one.
      3. Go to the Sandbox accounts tab.
      4. On the Sandbox test accounts page, click Create account.
      5. Select the Personal (Buyer Account) account type and choose the country.
      6. Click Create.

      The created account is shown in the list of sandbox accounts.

      You can also use information from existing sandbox accounts:

      Email IDSystem Generated Password

      Make test payment

      1. Open the payment UI in sandbox mode.
      2. Choose the PayPal payment method.
      3. In the Mock Response Code field, enter 0 or leave the field empty.
      4. In the ZIP Code field, enter any 5 digits.

      1. Click Pay. You will be redirected to a window to log in to your PayPal account.
      2. Enter information about your sandbox account: Email ID as the email address and System Generated Password as the password. To find this information:
        1. Log in to your account on the PayPal Developer website.
        2. Go to the Sandbox accounts tab.
        3. On the Sandbox test accounts page, choose a sandbox account.
        4. Click ••• and select View/Edit account from the drop-down list. You will see the data in the modal window that opens.
      3. Complete the test payment.

      See the description of all available scenarios for testing one-time purchases and saved PayPal accounts.

      Go live

      After completing the previous steps, you can start receiving real payments:

      1. Make sure you signed the licensing agreement with Xsolla.
      2. Remove "sandbox": true parameter from the request body when obtaining a token.
      3. Open the payment UI using the following link:

      After the first real payment is made, a strict sandbox payment policy takes effect. Payments made in sandbox mode are available only to users who are specified in Publisher Account in the Company settings > Users section.
      Your progress
      Thank you for your feedback!
      Last updated: July 5, 2021

      Found a typo or other text error? Select the text and press Ctrl+Enter.

      Report a problem
      We always review our content. Your feedback helps us improve it.
      Provide an email so we can follow up
      Thank you for your feedback!