User validation

Xsolla Developers

User validationWebhook POST

Xsolla sends a webhook with the user_validation type to the webhook URL to verify that a user is registered in the game. The request is sent multiple times as part of the payment process:

when a user chooses a payment method in the payment UI
when a user enters data in the payment form, e.g., bank card data or the ZIP code when paying via PayPal
when a user clicks Pay now to proceed with payment
when payment process is completed and the transaction status changes to done

The request is sent when paying with any payment methods.

When you save the webhook URL in Publisher Account, you can give permissions to receive detailed information in webhooks. To do that, set the necessary toggles to active in Publisher Account in the Project settings > Webhooks > Advanced settings section.

Note

If you registered in Publisher Account on or before January 22, 2025, you can find the toggles in the Project settings > Webhooks > Testing > Payments > Advanced settings section.

Toggle	Description
Send only necessary user parameters without sensitive data	Only the following information about the user is passed in the webhook: ID country
Send custom parameters	Information about custom token parameters is passed in the webhook.

Toggle

Description

Send only necessary user parameters without sensitive data

Only the following information about the user is passed in the webhook:

ID
country

Send custom parameters

Information about custom token parameters is passed in the webhook.

Request

Request Body schema: application/json

notification_type

required

string

Notification type.

object

Custom project settings (object).

project_id	integer Project ID. You can find this parameter in your Publisher Account next to the name of the project.
merchant_id	integer Merchant ID.

object

User details (object).

id required	string User ID.
ip	string User IP.
phone	string User phone.
email	string User email.
name	string Username.
country	string User’s country. Two-letter uppercase ISO 3166-1 alpha-2 country code.

Responses

204

Return to indicate successful processing.

400

Return in case of an error in the provided information (e.g., a required parameter missing, failed authorization, etc.).

500

Return to indicate temporary errors with your servers.

Request samples

CURL
PHP
HTTP

curl -v 'https://your.hostname/your/uri' \
-X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: Signature 13342703ccaca5064ad33ba451d800c5e823db8f' \
-d '{
    "notification_type":"user_validation",
    "settings": {
      "project_id": 18404,
      "merchant_id": 2340
    },
    "user": {
        "ip": "127.0.0.1",
        "phone": "18777976552",
        "email": "email@example.com",
        "id": "1234567",
        "name": "John Smith",
        "country": "US"
    }
}'

Response samples

application/json

{"error": {"code": "INVALID_USER",
"message": "Invalid user"
}
}