콘텐츠로 건너뛰기
/
JSON 파일을 통해 아이템 가져오기

Catalog API (2.0.0)

Overview

  • Version: 2.0.0
  • Servers: https://store.xsolla.com/api
  • Contact Us by Email
  • Contact URL: https://xsolla.com/
  • Required TLS version: 1.2

The Catalog API allows you to configure a catalog of in-game items on the Xsolla side and display the catalog to users in your store.

The API allows you to manage the following catalog entities:

  • Virtual items — in-game items such as weapons, skins, boosters.
  • Virtual currency — virtual money used to purchase virtual goods.
  • Virtual currency packages — predefined bundles of virtual currency.
  • Bundles — combined packages of virtual items, currency, or game keys sold as a single SKU.
  • Game keys — keys for games and DLCs distributed via platforms like Steam or other DRM providers.
  • Groups — logical groupings for organizing and sorting items within the catalog.

API calls

The API is divided into the following groups:

  • Admin — calls for creating, updating, deleting, and configuring catalog items and groups. Authenticated via basic access authentication with your merchant or project credentials. Not intended for storefront use.
  • Catalog — calls for retrieving items and building custom storefronts for end users. Designed to handle high-load scenarios. Support optional user JWT authorization to return personalized data such as user-specific limits and active promotions.

Authentication

API calls require authentication either on behalf of a user or on behalf of a project. The authentication scheme used is specified in the Security section in the description of each call.

Authentication using user's JWT

User's JWT authentication is used when a request is sent from a browser, mobile application, or game. By default, the XsollaLoginUserJWT scheme is applied. For details on how to create a token, see the Xsolla Login API documentation.

The token is passed in the Authorization header in the following format: Authorization: Bearer <user_JWT>, where <user_JWT> is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI

Alternatively, you can use a token for opening the payment UI.

Basic HTTP authentication

Basic HTTP authentication is used for server-to-server interactions, when an API call is sent directly from your server rather than from a user's browser or mobile application. HTTP Basic authentication with an API key is typically used.

Note

The API key is confidential and must not be stored or used in client applications.

With basic server-side authentication, all API requests must include the following header:

  • for basicAuthAuthorization: Basic <your_authorization_basic_key>, where your_authorization_basic_key is the project_id:api_key pair encoded in Base64
  • for basicMerchantAuthAuthorization: Basic <your_authorization_basic_key>, where your_authorization_basic_key is the merchant_id:api_key pair encoded in Base64

You can find the parameter values in Publisher Account:

  • merchant_id is displayed:
    • In Company settings > Company.
    • In the URL in the browser address bar on any Publisher Account page. The URL has the following format: https://publisher.xsolla.com/<merchant_id>.
  • project_id is displayed:
    • Next to the project name in Publisher Account.
    • In the URL in the browser address bar when working on a project in Publisher Account. The URL has the following format: https://publisher.xsolla.com/<merchant_id>/projects/<project_id>.
  • api_key is shown in Publisher Account only at the time of creation and must be stored securely on your side. You can create an API key in the following sections:
Notice

If a required API call doesn't include the project_id path parameter, use an API key that is valid across all company projects for authorization.

For more information about working with API keys, see the API references.

Authentication with guest access support

The AuthForCart authentication scheme is used for cart purchases and supports two modes:

  1. Authentication with a user's JWT. The token is passed in the Authorization header in the following format: Authorization: Bearer <user_JWT>, where <user_JWT> is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI

Alternatively, you can use a token for opening the payment UI.

  1. Simplified mode without Authorization header. This mode is used only for unauthorized users and can be applied only for game key sales. Instead of a token, the request must include the following headers:
    • x-unauthorized-id with a request ID
    • x-user with the user's email address encoded in Base64

Core entity structure

Items of all types (virtual items, bundles, virtual currency, and keys) use a similar data structure. Understanding the basic structure simplifies working with the API and helps you navigate the documentation more easily.

Note

Some calls may include additional fields but they don't change the basic structure.

Identification

  • merchant_id — company ID in Publisher Account
  • project_id — project ID in Publisher Account
  • sku — item SKU, unique within the project

Store display

  • name — item name
  • description — item description
  • image_url — image URL
  • is_enabled — item availability
  • is_show_in_store — whether the item is displayed in the catalog

For more information about managing item availability in the catalog, see the documentation.

Organization

  • type — item type, for example, a virtual item (virtual_item) or bundle (bundle)
  • groups — groups the item belongs to
  • order — display order in the catalog

Sale conditions

  • prices — prices in real or virtual currency
  • limits — purchase limits
  • periods — availability periods
  • regions — regional restrictions

Example of core entity structure:

{
  "attributes": [],
  "bundle_type": "virtual_currency_package",
  "content": [
    {
      "description": {
        "en": "Main in-game currency"
      },
      "image_url": "https://.../image.png",
      "name": {
        "en": "Crystals",
        "de": "Kristalle"
      },
      "quantity": 500,
      "sku": "com.xsolla.crystal_2",
      "type": "virtual_currency"
    }
  ],
  "description": {
    "en": "Crystals x500"
  },
  "groups": [],
  "image_url": "https://.../image.png",
  "is_enabled": true,
  "is_free": false,
  "is_show_in_store": true,
  "limits": {
    "per_item": null,
    "per_user": null,
    "recurrent_schedule": null
  },
  "long_description": null,
  "media_list": [],
  "name": {
    "en": "Medium crystal pack"
  },
  "order": 1,
  "periods": [
    {
      "date_from": null,
      "date_until": "2020-08-11T20:00:00+03:00"
    }
  ],
  "prices": [
    {
      "amount": 20,
      "country_iso": "US",
      "currency": "USD",
      "is_default": true,
      "is_enabled": true
    }
  ],
  "regions": [],
  "sku": "com.xsolla.crystal_pack_2",
  "type": "bundle",
  "vc_prices": []
}

Basic purchase flow

The Xsolla API allows you to implement in-game store logic, including retrieving the item catalog, managing the cart, creating orders, and tracking their status. Depending on the integration scenario, API calls are divided into Admin and Catalog subsections, which use different authentication schemes.

The following example shows a basic flow for setting up and operating a store, from item creation to purchase.

Create items and groups (Admin)

Create an item catalog for your store, such as virtual items, bundles, or virtual currency.

Example API calls:

Set up promotions, chains, and limits (Admin)

Configure user acquisition and monetization tools, such as discounts, bonuses, daily rewards, or offer chains.

Example API calls:

Get item information (Client)

Configure item display in your application.

Notice

Do not use API calls from the Admin subsection to build a user catalog. These API calls have rate limits and aren't intended for user traffic.

Example API calls:

Note

By default, catalog API calls return items that are currently available in the store at the time of the request. To retrieve items that are not yet available or are no longer available, include the parameter "show_inactive_time_limited_items": 1 in the catalog request.

Sell items

You can sell items using the following methods:

  • Fast purchase — sell one SKU multiple times.
  • Cart purchase — the user adds items to the cart, removes items, and updates quantities within a single order.

If an item is purchased using virtual currency instead of real money, use the Create order with specified item purchased by virtual currency API call. The payment UI is not required, as the charge is processed when the API call is executed.

For free item purchase, use the Create order with specified free item API call or the Create order with free cart API call. The payment UI is not required — the order is immediately set to the done status.

Fast purchase

Use the client-side API call to create an order with a specified item. The call returns a token used to open the payment UI.

Note

Discount information is available to the user only in the payment UI. Promo codes are not supported.

Cart purchase

Cart setup and purchase can be performed on the client or on the server side.

Set up and purchase a cart on the client

Implement the logic of adding and removing items by yourself. Before calling the API for setting up a cart, you will not have information about which promotions will be applied to the purchase. This means that the total cost and details of the added bonus items will not be known.

Implement the following cart logic:

  1. After the player has filled a cart, use the Fill cart with items API call. The call returns the current information about the selected items (prices before and after discounts, bonus items).
  2. Update the cart contents based on user actions:
Note

To get the current status of the cart, use the Get current user's cart API call.
  1. Use the Create order with all items from current cart API call. The call returns the order ID and payment token. The newly created order is set to new status by default.

Set up and purchase a cart on the server

This setup option may take longer for setting the cart up, since each change to the cart must be accompanied by API calls.

Implement the following cart logic:

  1. After the player has filled a cart, use the Fill cart with items API call. The call returns current information about the selected items (prices before and after discounts, bonus items).
  2. Use the Create order with all items from current cart API call. The call returns the order ID and payment token. The newly created order is set to new status by default.

Open payment UI

Use the returned token to open the payment UI in a new window. Other ways to open the payment UI are described in the documentation.

ActionEndpoint
Open in production environment.https://secure.xsolla.com/paystation4/?token={token}
Open in sandbox mode.https://sandbox-secure.xsolla.com/paystation4/?token={token}
Note

Use sandbox mode during development and testing. Test purchases don't charge real accounts. You can use test bank cards.

After the first real payment is made, a strict sandbox payment policy takes effect. A payment in sandbox mode is available only to users specified in Publisher Account > Company settings > Users.

Buying virtual currency and items for real currency is possible only after signing a license agreement with Xsolla. To do this, in Publisher Account, go to Agreements & Taxes > Agreements, complete the agreement form, and wait for confirmation. It may take up to 3 business days to review the agreement.

To enable or disable sandbox mode, change the value of the sandbox parameter in the request for fast purchase and cart purchase. Sandbox mode is off by default.

Possible order statuses:

  • new — order created
  • paid — payment received
  • done — item delivered
  • canceled — order canceled
  • expired — payment expired

Track order status using one of the following methods:

Pagination

API calls that return large sets of records (for example, when building a catalog) return data in pages. Pagination is a mechanism that limits the number of items returned in a single API response and allows you to retrieve subsequent pages sequentially.

Use the following parameters to control the number of returned items:

  • limit — number of items per page
  • offset — index of the first item on the page (numbering starts from 0)
  • has_more — indicates whether another page is available
  • total_items_count — total number of items

Example request:

GET /items?limit=20&offset=40

Response example:

{
  "items": [...],
  "has_more": true,
  "total_items_count": 135
}

It is recommended to send subsequent requests until the response returns has_more = false.

Date and time format

Dates and time values are passed in the ISO 8601 format.

The following are supported:

  • UTC offset
  • null value when there is no time restriction for displaying an item
  • Unix timestamp (in seconds) used in some fields

Format: YYYY-MM-DDTHH:MM:SS±HH:MM

Example: 2026-03-16T10:00:00+03:00

Localization

Xsolla supports localization of user-facing fields such as item name and description. Localized values are passed as an object where the language code is used as the key. The full list of supported languages is available in the documentation.

Supported fields

Localization can be specified for the following parameters:

  • name
  • description
  • long_description

Locale format

The locale key can be specified in one of the following formats:

  • Two-letter language code: en, ru
  • Five-letter language code: en-US, ru-RU, de-DE

Examples

Example with a two-letter language code:

{
  "name": {
    "en": "Starter Pack",
    "ru": "Стартовый набор"
  }
}

Example with a five-letter language code:

{
  "description": {
    "en-US": "Premium bundle",
    "de-DE": "Premium-Paket"
  }
}

Error response format

If an error occurs, the API returns an HTTP status and a JSON response body. The full list of store-related errors is available in the documentation.

Response example:

{
  "errorCode": 1102,
  "errorMessage": "Validation error",
  "statusCode": 422,
  "transactionId": "c9e1a..."
}
  • errorCode — error code.
  • errorMessage — short error description.
  • statusCode — HTTP response status.
  • transactionId — request ID. Returned only in some cases.
  • errorMessageExtended — additional error details, such as request parameters. Returned only in some cases.

Extended response example:

{
  "errorCode": 7001,
  "errorMessage": "Chain not found",
  "errorMessageExtended": {
    "chain_id": "test_chain_id",
    "project_id": "test_project_id",
    "step_number": 2
  },
  "statusCode": 404
}

Common HTTP status codes

  • 400 — invalid request
  • 401 — authentication error
  • 403 — insufficient permissions
  • 404 — resource not found
  • 422 — validation error
  • 429 — rate limit exceeded

Recommendations

  • Handle the HTTP status and the response body together.
  • Use errorCode to process errors related to application logic.
  • Use transactionId to identify requests more quickly when analyzing errors.
OpenAPI 설명 다운로드
index.json
index.yaml
언어
서버
https://store.xsolla.com/api/
Mock server
https://xsolla.redocly.app/_mock/ko/api/catalog/

관리자

작업

카탈로그

작업

가상 결제

작업

카탈로그

작업

권한

작업

관리자

작업

관리자

작업

카탈로그

작업

장바구니(클라이언트 측)

작업

장바구니(서버 측)

작업

결제(클라이언트 측)

작업

결제(서버 측)

작업

주문

작업

무료 아이템

작업

관리

작업

관리자

작업

아이템 가져오기 상태 검색Server-sideAdmin

요청

프로젝트로 아이템을 가져오는 진행률에 대한 정보를 검색합니다. 이 API 호출은 API 또는 관리자 페이지 API를 통해 수행된 마지막 가져오기에 대한 데이터를 검색합니다.

보안
basicAuth
경로
project_idinteger필수

Project ID. You can find this parameter in your Publisher Account next to the project name and in the browser address bar when working with a project. The URL has the following format: https://publisher.xsolla.com/<merchant_id>/projects/<project_id>.

예제: 44056
curl -i -X GET \
  -u <username>:<password> \
  https://connector.xsolla.com/v1/admin/projects/44056/connectors/import_items/import/status

응답

가져오기 상태가 성공적으로 검색되었습니다.

본문application/json
date_completedstring

GMT+3 시간대로 표시되는 가져오기 작업 완료 타임스탬프입니다. 오류로 인해 가져오기가 중단되고 가져온 아이템이 없는 경우 빈 문자열이 반환됩니다.

예제: "2024-11-19T15:27:31+03:00"
date_createdstring

GMT+3 시간대로 표시되는 가져오기 생성 작업의 타임스탬프입니다.

예제: "2024-11-19T14:27:31+03:00"
date_updatedstring

오류로 인해 가져오기가 중단된 GMT+3 시간대로 표시되는 타임스탬프입니다.

예제: "2024-11-19T15:27:31+03:00"
errorstring

일반 가져오기 오류에 대한 설명입니다.

error_codestring

일반 가져오기 오류에 대한 코드입니다.

progressinteger

가져오기 실행 진행률(%)입니다.

예제: 100
resultobject

특정 아이템 SKU에 대한 가져오기 결과 및 가져오기 오류에 대한 데이터가 있는 개체입니다.

예제: {"errors_by_sku":[{"error_code":4055,"error_message":"[0401-4055]: Item default price not set","sku":"com.xsolla.sword_1","type":"virtual_items"},{"error_code":1817,"error_message":"[0410-1817]: SKU can't be empty","sku":"","type":null}],"errors_count":2,"total_entities_count":10}
result.​errors_by_skuArray of objects

특정 아이템 SKU에 대한 가져오기 오류에 대한 데이터가 있는 개체 배열입니다.

예제: [{"error_code":4055,"error_message":"[0401-4055]: Item default price not set","sku":"com.xsolla.sword_1","type":"virtual_items"},{"error_code":1817,"error_message":"[0410-1817]: SKU can't be empty","sku":"","type":null}]
result.​errors_by_sku[].​error_codeinteger

특정 아이템 SKU에 대한 가져오기 오류 코드입니다.

예제: 1001
result.​errors_by_sku[].​error_messagestring

특정 아이템 SKU에 대한 가져오기 오류에 대한 설명입니다.

예제: "Something went wrong"
result.​errors_by_sku[].​skustring

가져온 아이템에 대한 SKU입니다.

예제: "sku_1"
result.​errors_by_sku[].​typestring

아이템 유형입니다.

열거형"virtual_good""virtual_currency""virtual_currency_packages""bundle"
예제: "vi"
result.​errors_countinteger

가져오는 동안 오류가 발생한 아이템 수입니다.

예제: 2
result.​total_entities_countinteger

가져온 아이템의 총 수입니다.

예제: 10
statusstring

Import status.

Possible values:

  • initialized — Import has been initiated.
  • process — Import is in progress.
  • done — Import was successfull.
  • error — Due to errors, the import was not completed or only partially completed.
열거형"initialized""process""done""error"
예제: "error"
응답
application/json
{
  "date_completed": "2024-11-19T15:27:31+03:00",
  "date_created": "2024-11-19T14:27:31+03:00",
  "date_updated": "2024-11-19T15:27:31+03:00",
  "error": null,
  "error_code": null,
  "progress": 100,
  "result": {
    "errors_by_sku": [],
    "errors_count": 2,
    "total_entities_count": 10
  },
  "status": "error"
}

JSON 파일을 통해 아이템 가져오기Server-sideAdmin

요청

지정된 URL을 통해 JSON 파일에서 스토어로 아이템을 가져옵니다. JSON 파일에서 가져오기에 대한 자세한 정보는 설명서를 참조하세요.

보안
basicAuth
경로
project_idinteger필수

Project ID. You can find this parameter in your Publisher Account next to the project name and in the browser address bar when working with a project. The URL has the following format: https://publisher.xsolla.com/<merchant_id>/projects/<project_id>.

예제: 44056
본문application/json
connector_external_idstring필수

아이템을 가져오기 위한 작업 유형을 지정하는 고정 값입니다.

"import_items"
file_urlstring필수

JSON 형식의 데이터가 있는 파일의 URL입니다. 파일은 공개 액세스가 가능한 스토리지 서비스에 호스팅되어야 합니다. 스토어 > 가상 아이템 > 카탈로그 관리 > 아이템 가져오기(JSON) 섹션의 관리자 페이지에서 파일 템플릿을 다운로드할 수 있습니다.

예제: "https://my-bucket.s3.amazonaws.com/items.json"
modestring

Import actions:

Possible values:

  • create — Add new items.
  • create_and_update — Add new items and update existing ones.
  • sync — Add new, update existing, and disable missing items.
기본값 "create_and_update"
열거형"create""create_and_update""sync"
curl -i -X POST \
  -u <username>:<password> \
  https://connector.xsolla.com/v1/projects/44056/import/from_external_file \
  -H 'Content-Type: application/json' \
  -d '{
    "connector_external_id": "import_items",
    "file_url": "https://my-bucket.s3.amazonaws.com/items.json",
    "mode": "create"
  }'

응답

파일을 성공적으로 가져와서 처리 중입니다.

본문application/json
import_idstring

가져오기 작업 ID입니다. JSON 파일을 가져오는 데 문제가 있는 경우, 이 ID를 고객 성공 관리자에게 보고하거나 csm@Xsolla.com으로 이메일을 보내십시오.

예제: "af9f3638a16e11ef880da2cd677d2d24"
응답
application/json
{
  "import_id": "af9f3638a16e11ef880da2cd677d2d24"
}

선주문

작업

판매자

작업

카탈로그

이 API를 사용하면 모든 종류의 판매할 수 있는 아이템 또는 특정 아이템을 가져올 수 있습니다.

작업

공통 지역

작업

관리자

작업

관리자

작업

카탈로그

작업