Set up authentication when selling game keys
Both the authorized and unauthorized users can make purchases.
Set up selling game keys for not authenticated users
You can sell games to users without authentication if you follow the rules below:
- Use a direct link or widget without a token to sell one copy of the game.
- Pass the unique user ID and email address to sell several copies of the game in a cart.
- Use methods for fast purchases to sell one item without specified parameters.
You should use the unique user ID in the title as a number or line when calling the x-unauthorized-id
parameter). The identifier is generated on the frontend side, for example via the identifier generation library.
The email address and other additional data (username and country code per x-user
parameter when calling the method for getting a payment token.
Example:
- curl
{
"name": "John Smith",
"email": "test@test.com",
"country": "US"
}
You can also pass the data to body
or query
in the object form.
Example:
- curl
"user": {
"name": "John Smith",
"email": "test@test.com",
"country": "US"
}
Set up selling game keys for authenticated users
There are the following options for authenticating users:
- If you integrated Xsolla Login, the requests are authenticated via the Xsolla Login JWT.
- If you have your own authentication system, the requests are authenticated via the Pay Station access token.
Authentication via Xsolla Login
- Follow the instructions to set up a project in Publisher Account.
- Implement the authentication methods callback: based on the
JSON Web Token orOAuth 2.0 protocol.
If the user data is stored in the Xsolla storage, use the following methods:
- registration (
JWT orOAuth 2.0 ) - authentication via (choose one of the options):
- password reset
If the user data is stored in the
If you store user data in a custom storage, use the how-to for a custom storage.
Authentication via Pay Station access token
Authentication flow:
- Your client sends the authentication request to your server.
- Your server passes
Merchant ID andAPI key to the Xsolla server and requestsaccess_token . - The Xsolla server sends
to your server.access_token - Your server sends
to your client.access_token
Returned
is used as an authentication token to authenticate the requests sent by the game client.
Found a typo or other text error? Select the text and press Ctrl+Enter.