Set up authentication when selling game keys

Both the authorized and unauthorized users can make purchases.

Set up selling game keys for not authenticated users

You can sell games to users without authentication if you follow the rules below:

Use a direct link or widget without a token to sell one copy of the game.
Pass the unique user ID and email address to sell several copies of the game in a cart.
Use methods for fast purchases to sell one item without specified parameters.

You should use the unique user ID in the title as a number or line when calling the IGS API (x-unauthorized-id parameter). The identifier is generated on the frontend side, for example via the identifier generation library.

The email address and other additional data (username and country code per ISO 3166-1 alpha-2) have the Base64 encoding and are passed in the title for the x-user parameter when calling the method for getting a payment token.

Example:

Copy

Full screen

Small screen

{
 "name": "John Smith",
 "email": "test@test.com", 
 "country": "US"
}

You can also pass the data to body or query in the object form.

Example:

Copy

Full screen

Small screen

"user": {
 "name": "John Smith",
 "email": "test@test.com", 
 "country": "US"
}

Set up selling game keys for authenticated users

There are the following options for authenticating users:

If you integrated Xsolla Login, the requests are authenticated via the Xsolla Login JWT.
If you have your own authentication system, the requests are authenticated via the Pay Station access token.

Authentication via Xsolla Login

Follow the instructions to set up a project in Publisher Account.
Implement the authentication methods callback: based on the JSON Web Token or OAuth 2.0 protocol.

If the user data is stored in the Xsolla storage, use the following methods:

registration (JWT or OAuth 2.0)
authentication via (choose one of the options):
- username and password (JWT or OAuth 2.0)
- social networks (JWT or OAuth 2.0)
password reset

If the user data is stored in the PlayFab database, use the how-to for the PlayFab storage.

If you store user data in a custom storage, use the how-to for a custom storage.

Authentication via Pay Station access token

Authentication flow:

Your client sends the authentication request to your server.
Your server passes Merchant ID and API key to the Xsolla server and requests access_token.
The Xsolla server sends access_token to your server.
Your server sends access_token to your client.

Returned access_token is used as an authentication token to authenticate the requests sent by the game client.

Thank you for your feedback!

We’ll review your message and use it to help us improve your experience.

Last updated: November 8, 2024

Found a typo or other text error? Select the text and press Ctrl+Enter.

Your browser is not supported. Please try a different browser

Popular articles

Or choose frequently asked ones:

Answer based on the following sources:

Leave us some feedback (optional)