Custom Storage

How It Works

  1. Your application (client) sends requests to the Xsolla Login server.
  2. The Xsolla Login server sends requests to your server.
  3. The Xsolla Login server processes the response from your server and returns the result to your client.
  4. Your client processes this response.

Info: User information is stored both in your database and Xsolla. The passwords are kept in your database only.

Registration

  1. Your client sends a request to register a user to the Xsolla Login server.
  2. The Xsolla Login server sends a request to the New user URL. The response must be in the format described in this instruction.
  3. User information is written to the Xsolla database, while:
    • The email parameter is flagged as unconfirmed. The user will receive an account confirmation email.
    • The password is not written.
  4. If you have integrated the Login Widget, the user will be redirected to the page with the following message: Please confirm your account following the instructions we sent to {email}.

Authentication by the Username and Password

  1. Your client sends a request to authenticate the user by the username and password to the Xsolla Login server.
  2. The Xsolla Login server sends a request to the User verification URL. The response must be in the format described in this instruction.
  3. The Xsolla Login server generates a user JWT.
  4. The user is redirected to the login_url with a token query parameter. The token parameter contains the user JWT.

If there is no information about this user in the Xsolla database, a new entry is created, but the password is not written.

Password Reset

  1. Your client sends a request to reset the user password to the Xsolla Login server.
  2. The Xsolla Login server sends a request to the Password reset URL. The response must be in the format described in this instruction.
  3. The user receives a password change verification email.
  4. A new password is written to your database.

Who Can Use It

Partners who have already integrated Login.

How to Get It

  1. Go to Publisher Account > your Login project > General settings.
  2. In the User data storage block, select Custom storage.
  3. Enter the URLs to get API requests to.
  4. Implement an API, which will respond in the following way:
    • HTTP 200 / HTTP 204 for successful requests. A JSON containing additional user data can be placed to the response body, if needed. Passed data is written to a JWT > partner_data parameter.
    • Other HTTP status codes for unsuccessful requests.

Info: If you want a JWT to contain the user ID from your database, please contact your Account Manager.