Grant purchases to user
Implement granting purchases to the user in your application using information from Xsolla about the transaction status. You can get the information in the following ways:
Request information using API
You can get info about user purchased virtual items, virtual currency, or bundles from the player’s inventory on the Xsolla side. To take into account both the purchases made via Web Shop and purchases made by other methods when granting the purchases, synchronize the info about the player’s inventory on the application side and on the Xsolla side.
API calls for managing the inventory include the following groups:
Basic HTTP authentication
The request must contain the
Authorization: Basic <your_authorization_basic_key> header, where
<your_authorization_basic_key> is the merchant ID:API key pair, encoded according to the Base64 standard. Go to Publisher Account to find these parameters:
- Merchant ID is shown:
- In the Project settings > Webhooks section.
- In the Company settings > Company section.
- In the URL in the browser address bar on any Publisher Account page. The URL has the following format: `https://publisher.xsolla.com/merchant ID/Publisher Account section`.
- API key is shown in Publisher Account only once when it is created and must be stored on your side. You can create a new key in the following section:
- Company settings > API keys
- Project settings > API keys
For more information about working with API keys, see the API reference.
- Save the generated API key on your side. You can view the API key in Publisher Account only once when it is created.
- Keep your API key a secret. It provides access to your personal account and your projects in Publisher Account.
- The API key must be stored on your server and never in binaries or on the frontend.
Server OAuth 2.0 authentication
The request must contain the
Authorization: Bearer <user_JWT> header where
<user_JWT> is the user JWT.
To get the user JWT, follow the steps below:
- Create a server OAuth 2.0 client:
- Open your project in Publisher Account. Go to Login > your Login project and click Configure.
- In the Security block, click OAuth 2.0.
- Click Add OAuth 2.0 and specify:
- Client name.
- OAuth 2.0 redirect URIs (Required).
- Authentication type — server.
- Project ID.
- Click Connect. You will need a generated client ID and secret key for further integration.
- Get the server JWT. To do this, call the Generate JWT API method and pass the following parameters:
grant_type— JWT type. Specify the
client_secret— server OAuth 2.0 client secret key.
client_id— server OAuth 2.0 client ID.
- Get the user JWT. To do this, call the Auth by custom ID API method. The request must contain the
X-Server-Authorization: <server_JWT>header, where
<server_JWT>is the server JWT obtained in step 2.
Receive information using webhooks
- Configure parameters for receiving webhooks:
- Open your project in Publisher Account.
- Click Project settings in the side menu.
- Go to the Webhooks section.
- Set the Webhooks toggle to On.
- In the Webhook URL field, specify the URL to receive webhooks.
- A secret key to sign project webhooks is generated by default. If you want to generate a new secret key, click the refresh icon.
- Click Save settings.
- Implement the processing of the following types of webhooks in your application:
To confirm that the webhook is received, your server must respond with:
- HTTP code 204 without a message body.
- HTTP code 400 describing the problem if the specified user was not found or if an invalid signature was passed.
In the absence of real values, you can enter arbitrary values.
Was this article helpful?
Rate this page
Don’t want to answer
Thank you for your feedback!
Found a typo or other text error? Select the text and press Ctrl+Enter.