Set up order status tracking
To grant items to the user, you need to make sure that the payment was successful.
To track the status of created orders and validate them, you will need to configure webhooks processing on the server side of your application.
To fully operate an in-game store, it is necessary to implement the processing of the main webhooks:
| Webhook | Notification type | Description |
|---|---|---|
| User validation | user_validation | Is sent at different stages of the payment process to ensure the user is registered in the game. |
| Payment | payment | Is sent when an order is paid and contains payment data and transaction details. |
| Successful payment of the order | order_paid | Is sent when a Payment webhook has been successfully processed and contains information about purchased items and the transaction ID. Use the data from the webhook to add items to the user. |
| Refund | refund | Is sent when an order is canceled and contains the canceled payment data and transaction details. |
| Order cancellation | order_canceled | Is sent when a Refund webhook has been successfully processed and contains information about the purchased items and the ID of the canceled transaction. Use the data from the webhook to remove the purchased items. |
For the full list of webhooks and general information about working with them, refer to the webhooks documentation.
Set up webhooks sending
To configure webhooks on the Xsolla side:
- Open your project in Publisher Account.
- Click Project settings in the side menu and go to the Webhooks section.
- In the Webhook URL field, specify the URL to which Xsolla will send webhooks.
- Click Enable webhooks.
Add webhook listener
Webhook listener is program code that allows receiving incoming webhooks at a specified URL address, generating a signature, and sending a response to the Xsolla webhook server.
Generation of signature
When receiving a webhook, you should ensure the security of data transmission. To achieve this, a signature must be generated from the webhook data and verified that it matches the signature sent in the HTTP request header.
To generate a signature:
- Concatenate the JSON from the request body and the project’s secret key.
- Apply the SHA-1 cryptographic hash function to the string obtained in the first step.
Sending responses to webhook
To confirm receipt of the webhook, your server must return:
200,201, or204HTTP code in case of a successful response.400HTTP-code with description of the problem if the specified user was not found or an invalid signature was passed.
Your webhook handler may also return a 5xx code in case of temporary issues on your server.
If a response was not received for the Successful payment of the order and Order cancellation webhooks or if a response with a 5xx code was received, the webhooks are resent according to the following schedule:
- 2 attempts with a 5-minute interval
- 7 attempts with a 15-minute interval
- 10 attempts with a 60-minute interval
Maximum of 20 attempts to send webhooks are made within 12 hours from the first attempt.
If for the Payment webhook a response was not received or if a response with a 5xx code was received, webhooks are also resent with an increased time interval. A maximum of 12 attempts are made within 12 hours.
If a response was not received for the User validation webhook or a response with a code of 400 or 5xx was received, the User validation webhook is not resent.
In this case, an error is shown to the user and the Payment and Successful payment of the order webhooks are not sent.
Found a typo or other text error? Select the text and press Ctrl+Enter.
