Catalog API (2.0.0)
- Version: 2.0.0
- Servers:
https://store.xsolla.com/api - Contact Us by Email
- Contact URL: https://xsolla.com/
- Required TLS version: 1.2
The Catalog API allows you to configure a catalog of in-game items on the Xsolla side and display the catalog to users in your store.
The API allows you to manage the following catalog entities:
- Virtual items — in-game items such as weapons, skins, boosters.
- Virtual currency — virtual money used to purchase virtual goods.
- Virtual currency packages — predefined bundles of virtual currency.
- Bundles — combined packages of virtual items, currency, or game keys sold as a single SKU.
- Game keys — keys for games and DLCs distributed via platforms like Steam or other DRM providers.
- Groups — logical groupings for organizing and sorting items within the catalog.
The API is divided into the following groups:
Admin — calls for creating, updating, deleting, and configuring catalog items and groups. Authenticated via basic access authentication with your merchant or project credentials. Not intended for storefront use.Catalog — calls for retrieving items and building custom storefronts for end users. Designed to handle high-load scenarios. Support optional user JWT authorization to return personalized data such as user-specific limits and active promotions.
API calls require authentication either on behalf of a user or on behalf of a project. The authentication scheme used is specified in the Security section in the description of each call.
User's JWT authentication is used when a request is sent from a browser, mobile application, or game. In this case, a user's JWT is used. By default, the XsollaLoginUserJWT scheme is applied. For details on how to create a token, see the Xsolla Login API documentation.
The token is passed in the Authorization header in the following format: Authorization: Bearer <user_JWT>, where <user_JWT> is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aIAlternatively, you can use a token for opening the payment UI.
Basic HTTP authentication is used for server-to-server interactions, when an API call is sent directly from your server rather than from a user's browser or mobile application. HTTP Basic authentication with an API key is typically used.
The API key is confidential and must not be stored or used in client applications.
With basic server-side authentication, all API requests must include the following header:
- for
basicAuth—Authorization: Basic <your_authorization_basic_key>, whereyour_authorization_basic_keyis theproject_id:api_keypair encoded in Base64 - for
basicMerchantAuth—Authorization: Basic <your_authorization_basic_key>, whereyour_authorization_basic_keyis themerchant_id:api_keypair encoded in Base64
You can find the parameter values in Publisher Account:
merchant_idis displayed:- In Company settings > Company.
- In the URL in the browser address bar on any Publisher Account page. The URL has the following format:
https://publisher.xsolla.com/<merchant_id>.
project_idis displayed:- Next to the project name in Publisher Account.
- In the URL in the browser address bar when working on a project in Publisher Account. The URL has the following format:
https://publisher.xsolla.com/<merchant_id>/projects/<project_id>.
api_keyis shown in Publisher Account only at the time of creation and must be stored securely on your side. You can create an API key in the following sections:
If a required API call doesn't include the
project_id path parameter, use an API key that is valid across all company projects for authorization.For more information about working with API keys, see the API references.
The AuthForCart authentication scheme is used for cart purchases and supports two modes:
- Authentication with a user's JWT. The token is passed in the
Authorizationheader in the following format:Authorization: Bearer <user_JWT>, where<user_JWT>is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aIAlternatively, you can use a token for opening the payment UI.
- Simplified mode without Authorization header. This mode is used only for unauthorized users and can be applied only for game key sales. Instead of a token, the request must include the following headers:
x-unauthorized-idwith a request IDx-userwith the user's email address encoded in Base64
Items of all types (virtual items, bundles, virtual currency, and keys) use a similar data structure. Understanding the basic structure simplifies working with the API and helps you navigate the documentation more easily.
Some calls may include additional fields but they don't change the basic structure.
Identification
merchant_id— company ID in Publisher Accountproject_id— project ID in Publisher Accountsku— item SKU, unique within the project
Store display
name— item namedescription— item descriptionimage_url— image URLis_enabled— item availabilityis_show_in_store— whether the item is displayed in the catalog
For more information about managing item availability in the catalog, see the documentation.
Organization
type— item type, for example, a virtual item (virtual_item) or bundle (bundle)groups— groups the item belongs toorder— display order in the catalog
Sale conditions
prices— prices in real or virtual currencylimits— purchase limitsperiods— availability periodsregions— regional restrictions
Example of core entity structure:
{
"attributes": [],
"bundle_type": "virtual_currency_package",
"content": [
{
"description": {
"en": "Main in-game currency"
},
"image_url": "https://.../image.png",
"name": {
"en": "Crystals",
"ru": "Crystals"
},
"quantity": 500,
"sku": "com.xsolla.crystal_2",
"type": "virtual_currency"
}
],
"description": {
"en": "Crystals x500"
},
"groups": [],
"image_url": "https://.../image.png",
"is_enabled": true,
"is_free": false,
"is_show_in_store": true,
"limits": {
"per_item": null,
"per_user": null,
"recurrent_schedule": null
},
"long_description": null,
"media_list": [],
"name": {
"en": "Medium crystal pack"
},
"order": 1,
"periods": [
{
"date_from": null,
"date_until": "2020-08-11T20:00:00+03:00"
}
],
"prices": [
{
"amount": 20,
"country_iso": "US",
"currency": "USD",
"is_default": true,
"is_enabled": true
}
],
"regions": [],
"sku": "com.xsolla.crystal_pack_2",
"type": "bundle",
"vc_prices": []
}API calls that return large sets of records (for example, when building a catalog) return data in pages. Pagination is a mechanism that limits the number of items returned in a single API response and allows you to retrieve subsequent pages sequentially.
Use the following parameters to control the number of returned items:
limit— number of items per pageoffset— index of the first item on the page (numbering starts from 0)has_more— indicates whether another page is availabletotal_items_count— total number of items
Example request:
GET /items?limit=20&offset=40Response example:
{
"items": [...],
"has_more": true,
"total_items_count": 135
}It is recommended to send subsequent requests until the response returns has_more = false.
Dates and time values are passed in the ISO 8601 format.
The following are supported:
- UTC offset
nullvalue when there is no time restriction for displaying an item- Unix timestamp (in seconds) used in some fields
Format: YYYY-MM-DDTHH:MM:SS±HH:MM
Example: 2026-03-16T10:00:00+03:00
Xsolla supports localization of user-facing fields such as item name and description. Localized values are passed as an object where the language code is used as the key. The full list of supported languages is available in the documentation.
Supported fields
Localization can be specified for the following parameters:
namedescriptionlong_description
Locale format
The locale key can be specified in one of the following formats:
- Two-letter language code:
en,ru - Five-letter language code:
en-US,ru-RU,de-DE
Examples
Example with a two-letter language code:
{
"name": {
"en": "Starter Pack",
"ru": "Стартовый набор"
}
}Example with a five-letter language code:
{
"description": {
"en-US": "Premium bundle",
"de-DE": "Premium-Paket"
}
}If an error occurs, the API returns an HTTP status and a JSON response body. The full list of store-related errors is available in the documentation.
Response example:
{
"errorCode": 1102,
"errorMessage": "Validation error",
"statusCode": 422,
"transactionId": "c9e1a..."
}errorCode— error code.errorMessage— short error description.statusCode— HTTP response status.transactionId— request ID. Returned only in some cases.errorMessageExtended— additional error details, such as request parameters. Returned only in some cases.
Extended response example:
{
"errorCode": 7001,
"errorMessage": "Chain not found",
"errorMessageExtended": {
"chain_id": "test_chain_id",
"project_id": "test_project_id",
"step_number": 2
},
"statusCode": 404
}Common HTTP status codes
400— invalid request401— authentication error403— insufficient permissions404— resource not found422— validation error429— rate limit exceeded
Recommendations
- Handle the HTTP status and the response body together.
- Use
errorCodeto process errors related to application logic. - Use
transactionIdto identify requests more quickly when analyzing errors.
- https://store.xsolla.com/api/v2/project/{project_id}/admin/items/bundle/sku/{sku}
- Mock serverhttps://xsolla.redocly.app/_mock/zh/api/catalog/v2/project/{project_id}/admin/items/bundle/sku/{sku}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X DELETE \
-u <username>:<password> \
https://store.xsolla.com/api/v2/project/44056/admin/items/bundle/sku/kg_1- https://store.xsolla.com/api/v2/project/{project_id}/admin/items/bundle/sku/{sku}
- Mock serverhttps://xsolla.redocly.app/_mock/zh/api/catalog/v2/project/{project_id}/admin/items/bundle/sku/{sku}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
-u <username>:<password> \
https://store.xsolla.com/api/v2/project/44056/admin/items/bundle/sku/kg_1指定的捆绑包已成功接收。
属性列表。
捆绑类型。商品类型是捆绑包时返回。
包含本地化商品描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
包含本地化商品描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
商品所属分组。
该商品是否为随机付费奖励,例如宝箱。
包含商品详细本地化描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
包含商品详细本地化描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
捆绑包的附加资源。
包含商品本地化名称的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的语言代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
包含商品本地化名称的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的语言代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
唯一商品ID。 SKU只能包含大小写英文字母和数字字符、句点、破折号和下划线。
{ "attributes": [], "bundle_type": "standard", "content": [ { … }, { … }, { … } ], "custom_attributes": { "purchased": 0, "type": "lootbox" }, "description": { "en": "Empire bundle with items" }, "groups": [ { … } ], "image_url": "https://cdn.xsolla.net/img/misc/images/685b21f9d9dca4aa0c953e8816b4eb4b.png", "is_enabled": true, "is_free": false, "is_paid_randomized_reward": true, "is_show_in_store": true, "item_id": 610316, "limits": { "per_item": null, "per_user": { … }, "recurrent_schedule": null }, "long_description": { "en": "Empire bundle with some goods" }, "media_list": [], "name": { "en": "Empire bundle" }, "order": 1, "periods": [ { … } ], "prices": [], "regions": [], "sku": "com.xsolla.EmpireBundle_1", "type": "bundle", "virtual_prices": [ { … } ] }
包含捆绑包数据的对象。
属性列表。
捆绑包类型。使用standard创建包含商品的捆绑包,并指定捆绑包中所含商品的SKU。 使用partner_side_content创建一个空的捆绑包,并使用Webhook在己侧添加商品。此类型仅用于合作伙伴侧的目录个性化。
包含商品属性和值的JSON对象。属性允许您向商品添加更多信息,例如玩家使用该商品所需的等级。属性可丰富游戏的内部逻辑,并且可以通过专用的GET方法和webhook进行访问。
包含本地化商品描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
包含本地化商品描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
该商品是否为随机付费奖励,例如宝箱。
包含商品详细本地化描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
包含商品详细本地化描述的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的区域设置代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
捆绑包的附加资源。
包含商品本地化名称的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的语言代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
包含商品本地化名称的对象。值接受以下两种格式之一:两个小写字母的语言代码(例如,en)或五个字符的语言代码(例如,en-US)。虽然两种格式都可作为输入接受,但响应会返回两个小写字母的语言代码。当为同一种语言提供了两种输入时(例如:en和en-US),将存储最后提供的值。您可以在文档中找到支持语言的完整列表。
唯一商品ID。 SKU只能包含大小写英文字母和数字字符、句点、破折号和下划线。
- https://store.xsolla.com/api/v2/project/{project_id}/admin/items/bundle/sku/{sku}
- Mock serverhttps://xsolla.redocly.app/_mock/zh/api/catalog/v2/project/{project_id}/admin/items/bundle/sku/{sku}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X PUT \
-u <username>:<password> \
https://store.xsolla.com/api/v2/project/44056/admin/items/bundle/sku/kg_1 \
-H 'Content-Type: application/json' \
-d '{
"attributes": [
{
"external_id": "class",
"name": {
"en": "Class"
},
"values": [
{
"external_id": "soldier",
"value": {
"en": "Soldier"
}
},
{
"external_id": "officer",
"value": {
"en": "Officer"
}
}
]
}
],
"content": [
{
"quantity": 1,
"sku": "com.xsolla.iron_gloves_1"
},
{
"quantity": 1,
"sku": "com.xsolla.iron_boots_1"
},
{
"quantity": 1,
"sku": "com.xsolla.iron_shield_1"
},
{
"quantity": 1,
"sku": "com.xsolla.iron_armour_1"
},
{
"quantity": 1,
"sku": "com.xsolla.iron_helmet_1"
}
],
"custom_attributes": {
"purchased": 0,
"type": "lootbox"
},
"description": {
"de": "Brustpanzer für Soldaten",
"en": "Chest of armour for soldiers"
},
"groups": [
"chests"
],
"image_url": "https://picture.bundle-with-many-stuff.png",
"is_enabled": true,
"is_free": true,
"is_paid_randomized_reward": true,
"limits": {
"per_item": null,
"per_user": null
},
"long_description": {
"de": "Brustpanzer für Soldaten",
"en": "Chest of armour for soldiers"
},
"media_list": [
{
"type": "image",
"url": "https://test.com/image0"
},
{
"type": "image",
"url": "https://test.com/image1"
}
],
"name": {
"de": "Brustpanzer",
"en": "Chest of armour"
},
"order": 1,
"periods": [
{
"date_from": "2020-08-11T10:00:00+03:00",
"date_until": "2020-08-11T20:00:00+03:00"
}
],
"prices": [
{
"amount": "9.99",
"currency": "USD",
"is_default": true,
"is_enabled": true
},
{
"amount": "9.99",
"currency": "EUR",
"is_default": false,
"is_enabled": true
}
],
"sku": "com.xsolla.armour_chest_1",
"vc_prices": []
}'