Setting up authentication via deep link

Deep links allow the user to authenticate in the Web Shop through the game in one click, instead of going through the authentication process via user ID or Xsolla Login.

If the game is installed on the user’s mobile device, they will be redirected to the game via deep link to get an authorization token.

User flow

  1. An unauthorized user in the Web Shop clicks the login button or the buy button. A modal window for entering the user ID or logging in through the mobile game opens.
  1. The user clicks the login button through the game.
  2. The user is redirected to the game where they are automatically redirected to Web Shop as an authorized user.

  1. An unauthorized user in the Web Shop clicks the login button or the buy button. A modal window for entering the user ID or logging into the mobile version of the game using a QR code opens.

  1. The user scans the QR code using their mobile device, after which the Web Shop opens on their mobile device.
  2. The mobile version of the game opens on the user's mobile device.
  3. The user is automatically redirected to Web Shop on the mobile device as an authorized user.
  1. In your game’s mobile app settings, register a URL scheme to open the game via deep link:
    • in Android applications — in the AndroidManifest.xml file
    • in iOS applications — in the Info.plist file
After registering the scheme, when the user authenticates in the Web Shop via the game, the game should open at the specified address. Example of a URL scheme to register a game: gamename://authorize, where:
  • gamename — the name of your game that should open on a mobile device for user authentication.
  • authorize — an example of an action name that should be performed after the gamename game opens. Use the action name that matches the actions in your application’s operating system.
Example of registering a URL scheme in iOS applications:
Copy
Full screen
Small screen
    <key>CFBundleURLTypes</key>
      <array>
        <dict>
          <key>CFBundleTypeRole</key>
          <string>Editor</string>
          <key>CFBundleURLSchemes</key>
          <array>
            <string>gamename</string>
          </array>
        </dict>
      </array>
    

    Example of registering a URL scheme in Android applications:

    Copy
    Full screen
    Small screen
      <intent-filter>
          <action android:name="android.intent.action.VIEW" />
          <category android:name="android.intent.category.DEFAULT" />
          <category android:name="android.intent.category.BROWSABLE" />
          <data android:scheme="gamename" android:host="authorize" />
      </intent-filter>
      

      1. Implement the generation of an authorization token in JWT format using the user ID from the game.

      ParameterTypeDescription
      stringID of the authorization method from the Publisher Account. Required.
      stringURL for receiving the User validation in Web Shop webhook. The URL should match the address specified when setting up authentication via user ID. Xsolla expects a 200 HTTP code in response to the webhook to authorize the Web Shop user. If Xsolla receives a response with a 404 HTTP code or does not receive a response, the user will not be authorized.

      You can specify the value "webhookUrl": "https://nowebhook.com" to disable webhooks when authenticating via deep link. In this case, Xsolla does not check for the existence of the user, so make sure that in the user.id parameter you pass the user ID that exists in the game.
      Required.
      stringProject ID found in Publisher Account, which is specified next to the name of your project in browser address bar. The URL has the following format: https:​//publisher.xsolla.com/merchant ID/Publisher Account section. Required.
      stringUser ID in the game. Required.
      stringUser name. Required.

      Example of calling the user token generation API method using curl:

      Copy
      Full screen
      Small screen
      curl --location 'https://sb-user-id-service.xsolla.com/api/v1/user-id' \
      --header 'Content-Type: application/json' \
      --data '{
       "loginId": "000001aa-001a-0ab0-00001-01a01a01a01a",
       "webhookUrl": "https://nowebhook.com",
       "settings": {
         "projectId": 123456,
         "merchantId": 123456
       },
       "user": {
         "id": "123",
         "name": "a-user-name"
       }
      }'
      

      You will get a response like {token=“JWT_TOKEN”}.

      1. Add a pop-up window with a notification of successful authorization (optional).
      2. Implement the opening of the Web Shop in the browser using the obtained user token.

      Example of creating a URL for opening the Web Shop in the browser for an authorized user:

      • https:​//example.com/?token={token}, if you are using a custom domain
      • https:​//example.xsollasitebuilder.com/?token={token}, if you are using an Xsolla domain
      Where {token} is the user’s authorization token.You can perform the settings on the Site Builder side yourself, using the code examples provided below.
      For setup assistance, contact your Customer Success Manager or email to csm@xsolla.com.
      Note
      First set up authentication via User ID. This is necessary so that users have an alternative way of authentication if deep link authentication is not available. For example, if the game is not installed on a user’s mobile device.
      1. Open the project in the Publisher Account.
      2. In the side menu, click Site Builder.
      3. Click Configure on the card of your Web Shop site with authentication via User ID.
      4. Go to the Login Settings and select the User ID section.
      5. Set Deeplink authorization toggle to On.
      1. In the Deeplink URL field enter the link for user authentication.
      1. If you are using the Fast Login block on the site:
        1. Go to the Fast Login block.
        2. In the Layout section, set the QR code toggle to On.
      1. To check the authentication, click on Preview.
      2. To publish the website, click on Publish.
      Was this article helpful?
      Thank you!
      Is there anything we can improve? Message
      We’re sorry to hear that
      Please explain why this article wasn’t helpful to you. Message
      Thank you for your feedback!
      We’ll review your message and use it to help us improve your experience.
      Last updated: August 22, 2024

      Found a typo or other text error? Select the text and press Ctrl+Enter.

      Report a problem
      We always review our content. Your feedback helps us improve it.
      Provide an email so we can follow up
      Thank you for your feedback!