Set up order status tracking

To grant items to the user, you need to make sure that the payment was successful.

Use test web applications as an implementation example:

To track the status of created orders and validate them, you will need to configure webhooks processing on the server side of your application.

On Xsolla’s side, there are two options to receive webhooks in case of item purchase and refund: information with payment and transaction data and information about purchased items can either come separately, or be combined into one webhook. By default, all new projects receive combined webhook.

To switch to the new option with receiving combined webhooks, contact your Customer Success Managers or email to csm@xsolla.com.

More information on webhook receiving options

Receiving information in combined webhooks:

If you registered in Publisher Account after January 22, 2025, you receive all the information in the Successful payment for order (order_paid) and Order cancellation (order_canceled) webhooks. In this case, you do not need to process the Payment (payment) and Refund (refund) webhooks.

Receiving information in separate webhooks:

If you registered in Publisher Account on or before January 22, 2025, you receive the following webhooks:

Payment (payment) and Refund (refund) with information about payment data and transaction details.
Successful payment for order (order_paid) and Order cancellation (order_canceled) with information about purchased items.

You need to process all incoming webhooks.

For the full operation of the in-game store and payment management, it is necessary to implement the processing of the main webhooks:

Webhook name	Description
User validation > User validation (`user_validation`)	Is sent at different stages of the payment process to ensure the user is registered in the game.
Game services > Combined webhooks > Successful payment for order (`order_paid`)	It contains payment data, transaction details, and information about purchased items. Use the data from the webhook to add items to the user.
Game services > Combined webhooks > Order cancellation (`order_canceled`)	It contains data of the canceled payment, transaction details, and information about purchased items. Use the data from the webhook to remove the purchased items.

The scheme below shows the process of purchasing and returning items using combined webhooks.

  sequenceDiagram
    participant User
    participant GameClient as Game Client
    participant Xsolla
    participant GameServer as Game Server
    %% Item Purchase
        Note over User, GameServer: Item purchase
        User ->> GameClient: Logs in
        GameClient ->> Xsolla: Sends user authentication request
        Xsolla -->> GameClient: Returns JWT / OAuth 2.0 token
        GameClient ->> Xsolla: Sends JWT, project ID, pagination parameters
        Xsolla -->> GameClient: Returns array of items
        GameClient -->> User: Displays storefront
        User ->> GameClient: Selects item and clicks Buy
        GameClient ->> Xsolla: Creates order request
        Xsolla -->> GameClient: Returns payment token
        GameClient ->> Xsolla: Opens payment UI URL with received token
        Xsolla ->> GameServer: Sends User validation webhook
        GameServer -->> Xsolla: Returns success status code
        Xsolla -->> User: Displays payment UI
        User ->> Xsolla: Chooses payment method and clicks Pay
        Xsolla ->> GameServer: Sends Successful payment for order webhook
        GameServer ->> GameServer: Grants purchases to user
        GameServer -->> Xsolla: Returns success status code
        Xsolla -->> User: Shows successful purchase screen
    %% Refund / Chargeback
        Note over User, GameServer: Refund / Chargeback
        User ->> Xsolla: Requests refund or chargeback
        Xsolla ->> GameServer: Sends Order cancellation webhook
        GameServer ->> GameServer: Removes items from user inventory
        GameServer -->> Xsolla: Returns success status code
        Xsolla -->> User: Refunds the payment

Refunds and chargebacks may be initiated not only by the user, but also by Xsolla or a payment provider.

If item catalog personalization is implemented on your application’s side, set up processing of Catalog personalization on the partner’s side.

To receive real payments, you only need to sign the licensing agreement and implement processing of the webhooks:

Payment, Successful payment for order, and User validation if you receive separate webhooks
Successful payment for order, and User validation if you receive combined webhooks

For the full list of webhooks and general information about working with them, refer to the webhooks documentation.

PHP SDK

Use ready classes for processing webhooks

Set up webhooks sending

To configure webhooks on the Xsolla side:

In the project in Publisher Account go to Settings > Webhooks section.
In the Webhook server field, specify the URL of your server where you want to receive webhooks in the https://example.com format. You can also specify the URL you find in a tool for testing webhooks.

To test webhooks, you can also choose any dedicated site, such as webhook.site, or a platform, such as ngrok. For a real project, you need to add purchase validation logic.

A secret key to sign project webhooks is generated by default. If you want to generate a new secret key, click the refresh icon.
Click Enable webhooks.

Add webhook listener

Webhook listener is program code that allows receiving incoming webhooks at a specified URL address, generating a signature, and sending a response to the Xsolla webhook server.

Generation of signature

When receiving a webhook, you should ensure the security of data transmission. To achieve this, a signature must be generated from the webhook data and verified that it matches the signature sent in the HTTP request header.

To generate a signature:

Concatenate the JSON from the request body and the project’s secret key.
Apply the SHA-1 cryptographic hash function to the string obtained in the first step.

Sending responses to webhook

To confirm receipt of the webhook, your server must return:

200, 201, or 204 HTTP code in case of a successful response.
400 HTTP-code with description of the problem if the specified user was not found or an invalid signature was passed.

Your webhook handler may also return a 5xx code in case of temporary issues on your server.

If the Xsolla server doesn’t receive a response to the Successful payment for order and Order cancellation webhooks or receives a response with a 5xx code, the webhooks are resent according to the following schedule:

2 attempts with a 5-minute interval
7 attempts with a 15-minute interval
10 attempts with a 60-minute interval

Maximum of 20 attempts to send webhooks are made within 12 hours from the first attempt.

The retry logic for the Payment and Refund webhooks is described on the respective webhook page.

If the Xsolla server doesn’t receive a response to the User validation webhook or receives a response with a code of 400 or 5xx, the User validation webhook is not resent.

In this case, an error is shown to the user and the Payment and Successful payment for order webhooks are not sent.

The complete list and mechanism of webhooks, along with detailed examples of their processing, are described in the webhooks documentation.

Configuring item information in webhooks

You can configure which item data is included in the Successful payment for order and Order cancellation webhooks via the items array.

Enabling additional parameter inclusion

Enable the inclusion of additional parameters that indicate:

whether the item is free (is_free)
whether the item is a bonus (is_bonus)
whether the item is part of a bundle (is_bundle_content)

To receive these parameters, you must switch your webhooks to version 2 using the Update information about webhook settings API call. In version 1 (default), these parameters are not available.

Example of an items array with additional parameters:

Copy

Full screen

Small screen

 1"items": [
 2      {
 3        "sku": "com.xsolla.item_new_1",
 4        "type": "bundle",
 5        "is_pre_order": false,
 6        "is_free": false,
 7        "is_bonus": false,
 8        "is_bundle_content": false,
 9        "quantity": 1,
10        "amount": "1000",
11        "promotions": []
12      },
13      {
14        "sku": "com.xsolla.gold_1",
15        "type": "virtual_currency",
16        "is_pre_order": false,
17        "is_free": false,
18        "is_bonus": false,
19        "is_bundle_content": true,
20        "quantity": 1500,
21        "amount": "[null]",
22        "promotions": []
23      }
24 ]

Disabling bundle content inclusion

By default, webhooks include all items from the bundle as a list of individual items. You can configure the webhook to include only the bundle itself, without listing its contents.

In this case, the items included in the bundle are not included in the items array. In the array shown above, the item with the SKU com.xsolla.gold_1, which is part of the bundle, is excluded.

Example of the items array when bundle content is disabled:

Copy

Full screen

Small screen

 1
 2"items": [
 3      {
 4        "sku": "com.xsolla.item_new_1",
 5        "type": "bundle",
 6        "is_pre_order": false,
 7        "is_free": false,
 8        "is_bonus": false,
 9        "is_bundle_content": false,
10        "quantity": 1,
11        "amount": "1000",
12        "promotions": []
13      }
14 ]

To disable bundle content inclusion, contact your Customer Success Manager or email to csm@xsolla.com.

Thank you for your feedback!

We’ll review your message and use it to help us improve your experience.

Last updated: December 31, 2025

Found a typo or other text error? Select the text and press Ctrl+Enter.

Contents

Set up webhooks sending
Add webhook listener
Generation of signature
Sending responses to webhook
Configuring item information in webhooks
Enabling additional parameter inclusion
Disabling bundle content inclusion

Your browser is not supported. Please try a different browser