跳转到内容
/
获取虚拟物品列表

Catalog API (2.0.0)

Overview

  • Version: 2.0.0
  • Servers: https://store.xsolla.com/api
  • Contact Us by Email
  • Contact URL: https://xsolla.com/
  • Required TLS version: 1.2

The Catalog API allows you to configure a catalog of in-game items on the Xsolla side and display the catalog to users in your store.

The API allows you to manage the following catalog entities:

  • Virtual items — in-game items such as weapons, skins, boosters.
  • Virtual currency — virtual money used to purchase virtual goods.
  • Virtual currency packages — predefined bundles of virtual currency.
  • Bundles — combined packages of virtual items, currency, or game keys sold as a single SKU.
  • Game keys — keys for games and DLCs distributed via platforms like Steam or other DRM providers.
  • Groups — logical groupings for organizing and sorting items within the catalog.

API calls

The API is divided into the following groups:

  • Admin — calls for creating, updating, deleting, and configuring catalog items and groups. Authenticated via basic access authentication with your merchant or project credentials. Not intended for storefront use.
  • Catalog — calls for retrieving items and building custom storefronts for end users. Designed to handle high-load scenarios. Support optional user JWT authorization to return personalized data such as user-specific limits and active promotions.

Authentication

API calls require authentication either on behalf of a user or on behalf of a project. The authentication scheme used is specified in the Security section in the description of each call.

Authentication using user's JWT

User's JWT authentication is used when a request is sent from a browser, mobile application, or game. In this case, a user's JWT is used. By default, the XsollaLoginUserJWT scheme is applied. For details on how to create a token, see the Xsolla Login API documentation.

The token is passed in the Authorization header in the following format: Authorization: Bearer <user_JWT>, where <user_JWT> is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI

Alternatively, you can use a token for opening the payment UI.

Basic HTTP authentication

Basic HTTP authentication is used for server-to-server interactions, when an API call is sent directly from your server rather than from a user's browser or mobile application. HTTP Basic authentication with an API key is typically used.

Note

The API key is confidential and must not be stored or used in client applications.

With basic server-side authentication, all API requests must include the following header:

  • for basicAuthAuthorization: Basic <your_authorization_basic_key>, where your_authorization_basic_key is the project_id:api_key pair encoded in Base64
  • for basicMerchantAuthAuthorization: Basic <your_authorization_basic_key>, where your_authorization_basic_key is the merchant_id:api_key pair encoded in Base64

You can find the parameter values in Publisher Account:

  • merchant_id is displayed:
    • In Company settings > Company.
    • In the URL in the browser address bar on any Publisher Account page. The URL has the following format: https://publisher.xsolla.com/<merchant_id>.
  • project_id is displayed:
    • Next to the project name in Publisher Account.
    • In the URL in the browser address bar when working on a project in Publisher Account. The URL has the following format: https://publisher.xsolla.com/<merchant_id>/projects/<project_id>.
  • api_key is shown in Publisher Account only at the time of creation and must be stored securely on your side. You can create an API key in the following sections:
Notice

If a required API call doesn't include the project_id path parameter, use an API key that is valid across all company projects for authorization.

For more information about working with API keys, see the API references.

Authentication with guest access support

The AuthForCart authentication scheme is used for cart purchases and supports two modes:

  1. Authentication with a user's JWT. The token is passed in the Authorization header in the following format: Authorization: Bearer <user_JWT>, where <user_JWT> is the user token. The token identifies the user and provides access to personalized data. You can try this call using the following test token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE5NjIyMzQwNDgsImlzcyI6Imh0dHBzOi8vbG9naW4ueHNvbGxhLmNvbSIsImlhdCI6MTU2MjE0NzY0OCwidXNlcm5hbWUiOiJ4c29sbGEiLCJ4c29sbGFfbG9naW5fYWNjZXNzX2tleSI6IjA2SWF2ZHpDeEVHbm5aMTlpLUc5TmMxVWFfTWFZOXhTR3ZEVEY4OFE3RnMiLCJzdWIiOiJkMzQyZGFkMi05ZDU5LTExZTktYTM4NC00MjAxMGFhODAwM2YiLCJlbWFpbCI6InN1cHBvcnRAeHNvbGxhLmNvbSIsInR5cGUiOiJ4c29sbGFfbG9naW4iLCJ4c29sbGFfbG9naW5fcHJvamVjdF9pZCI6ImU2ZGZhYWM2LTc4YTgtMTFlOS05MjQ0LTQyMDEwYWE4MDAwNCIsInB1Ymxpc2hlcl9pZCI6MTU5MjR9.GCrW42OguZbLZTaoixCZgAeNLGH2xCeJHxl8u8Xn2aI

Alternatively, you can use a token for opening the payment UI.

  1. Simplified mode without Authorization header. This mode is used only for unauthorized users and can be applied only for game key sales. Instead of a token, the request must include the following headers:
    • x-unauthorized-id with a request ID
    • x-user with the user's email address encoded in Base64

Core entity structure

Items of all types (virtual items, bundles, virtual currency, and keys) use a similar data structure. Understanding the basic structure simplifies working with the API and helps you navigate the documentation more easily.

Note

Some calls may include additional fields but they don't change the basic structure.

Identification

  • merchant_id — company ID in Publisher Account
  • project_id — project ID in Publisher Account
  • sku — item SKU, unique within the project

Store display

  • name — item name
  • description — item description
  • image_url — image URL
  • is_enabled — item availability
  • is_show_in_store — whether the item is displayed in the catalog

For more information about managing item availability in the catalog, see the documentation.

Organization

  • type — item type, for example, a virtual item (virtual_item) or bundle (bundle)
  • groups — groups the item belongs to
  • order — display order in the catalog

Sale conditions

  • prices — prices in real or virtual currency
  • limits — purchase limits
  • periods — availability periods
  • regions — regional restrictions

Example of core entity structure:

{
  "attributes": [],
  "bundle_type": "virtual_currency_package",
  "content": [
    {
      "description": {
        "en": "Main in-game currency"
      },
      "image_url": "https://.../image.png",
      "name": {
        "en": "Crystals",
        "ru": "Crystals"
      },
      "quantity": 500,
      "sku": "com.xsolla.crystal_2",
      "type": "virtual_currency"
    }
  ],
  "description": {
    "en": "Crystals x500"
  },
  "groups": [],
  "image_url": "https://.../image.png",
  "is_enabled": true,
  "is_free": false,
  "is_show_in_store": true,
  "limits": {
    "per_item": null,
    "per_user": null,
    "recurrent_schedule": null
  },
  "long_description": null,
  "media_list": [],
  "name": {
    "en": "Medium crystal pack"
  },
  "order": 1,
  "periods": [
    {
      "date_from": null,
      "date_until": "2020-08-11T20:00:00+03:00"
    }
  ],
  "prices": [
    {
      "amount": 20,
      "country_iso": "US",
      "currency": "USD",
      "is_default": true,
      "is_enabled": true
    }
  ],
  "regions": [],
  "sku": "com.xsolla.crystal_pack_2",
  "type": "bundle",
  "vc_prices": []
}

Pagination

API calls that return large sets of records (for example, when building a catalog) return data in pages. Pagination is a mechanism that limits the number of items returned in a single API response and allows you to retrieve subsequent pages sequentially.

Use the following parameters to control the number of returned items:

  • limit — number of items per page
  • offset — index of the first item on the page (numbering starts from 0)
  • has_more — indicates whether another page is available
  • total_items_count — total number of items

Example request:

GET /items?limit=20&offset=40

Response example:

{
  "items": [...],
  "has_more": true,
  "total_items_count": 135
}

It is recommended to send subsequent requests until the response returns has_more = false.

Date and time format

Dates and time values are passed in the ISO 8601 format.

The following are supported:

  • UTC offset
  • null value when there is no time restriction for displaying an item
  • Unix timestamp (in seconds) used in some fields

Format: YYYY-MM-DDTHH:MM:SS±HH:MM

Example: 2026-03-16T10:00:00+03:00

Localization

Xsolla supports localization of user-facing fields such as item name and description. Localized values are passed as an object where the language code is used as the key. The full list of supported languages is available in the documentation.

Supported fields

Localization can be specified for the following parameters:

  • name
  • description
  • long_description

Locale format

The locale key can be specified in one of the following formats:

  • Two-letter language code: en, ru
  • Five-letter language code: en-US, ru-RU, de-DE

Examples

Example with a two-letter language code:

{
  "name": {
    "en": "Starter Pack",
    "ru": "Стартовый набор"
  }
}

Example with a five-letter language code:

{
  "description": {
    "en-US": "Premium bundle",
    "de-DE": "Premium-Paket"
  }
}

Error response format

If an error occurs, the API returns an HTTP status and a JSON response body. The full list of store-related errors is available in the documentation.

Response example:

{
  "errorCode": 1102,
  "errorMessage": "Validation error",
  "statusCode": 422,
  "transactionId": "c9e1a..."
}
  • errorCode — error code.
  • errorMessage — short error description.
  • statusCode — HTTP response status.
  • transactionId — request ID. Returned only in some cases.
  • errorMessageExtended — additional error details, such as request parameters. Returned only in some cases.

Extended response example:

{
  "errorCode": 7001,
  "errorMessage": "Chain not found",
  "errorMessageExtended": {
    "chain_id": "test_chain_id",
    "project_id": "test_project_id",
    "step_number": 2
  },
  "statusCode": 404
}

Common HTTP status codes

  • 400 — invalid request
  • 401 — authentication error
  • 403 — insufficient permissions
  • 404 — resource not found
  • 422 — validation error
  • 429 — rate limit exceeded

Recommendations

  • Handle the HTTP status and the response body together.
  • Use errorCode to process errors related to application logic.
  • Use transactionId to identify requests more quickly when analyzing errors.
下载 OpenAPI 描述
index.json
index.yaml
语言
服务器
https://store.xsolla.com/api/
Mock server
https://xsolla.redocly.app/_mock/zh/api/catalog/

管理

操作

目录

操作

按SKU获取虚拟货币Client-side

请求

按SKU获取用于构建目录的虚拟货币。

注:

此端点无需授权即可访问,返回通用数据。但是授权后可以通过用户详细信息来丰富响应,获得个性化结果,例如适用的用户限制和促销活动等。
安全
XsollaLoginUserJWT
路径
project_idinteger必需

项目ID。您可以在您的发布商帐户项目名称旁边找到。

示例: 44056
virtual_currency_skustring必需

虚拟货币SKU。

示例: crystal
查询
localestring

响应语言。按照ISO 639-1规定使用两个小写字母的语言代码。

默认值 "en"
countrystring

ISO 3166-1 alpha-2标准下的两个大写字母的国家/地区代码。 请查看文档详细了解艾克索拉支持的国家/地区国家/地区的判断流程

示例: country=US
show_inactive_time_limited_itemsinteger

显示用户不可用的时效性商品。此类商品的有效期尚未开始或已过期。

默认值 0
示例: show_inactive_time_limited_items=1
additional_fields[]Array of strings

附加字段列表。如果在请求中发送这些字段,则它们将包含在响应中。

枚举"media_list""order""long_description""custom_attributes""item_order_in_group"
curl -i -X GET \
  'https://store.xsolla.com/api/v2/project/44056/items/virtual_currency/sku/crystal?locale=en&country=US&show_inactive_time_limited_items=1&additional_fields%5B%5D=media_list' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

响应

已成功收到虚拟货币。

正文application/json
attributesArray of objects(Virtual-Items-Currency_client-attributes)

与商品对应的属性及其值的列表。可用于目录筛选。

默认值 []
示例: {"value":{"external_id":"genre","name":"Жанр","values":[{"external_id":"genre_e3364991f92e751689a68b96598a5a5a84010b85","value":"Casual"},{"external_id":"genre_eba07bfd0f982940773cba3744d97264dd58acd7","value":"Strategy"},{"external_id":"genre_b8d0c6d8f0524c2b2d79ebb93aa3cd0e8b5199a8","value":"Mobile"}]}}
can_be_boughtboolean(Can_be_bought)

如为true,则用户可以购买商品。

示例: true
custom_attributesobject(json)(item-custom-attributes-response)

包含商品属性和值的JSON对象。

descriptionstring

商品描述。

示例: "Crystals - description"
groupsArray of objects(items_client_groups_response)

商品所属分组。

默认值 []
示例: [{"external_id":"exclusive","name":"Exclusive"}]
image_urlstring

图像URL。

示例: "https://popmedia.blob.core.windows.net/popyourself/male/outfit/male_armor_white_a-01.png"
is_freeboolean(value-is_free)

如果为true,则该商品为免费。

默认值 false
示例: false
item_idinteger
limitsobject or null(Catalog_item_limits)

商品限制。

namestring

商品名称。

示例: "Big Rocket"
periodsArray of objects(item-periods-response)

商品促销时间段。

priceobject or null

商品价格。

promotionsArray of objects(Catalog_item_promotions)

应用于购物车中指定商品的促销活动。仅在以下情况下返回该数组:

  • 为某商品配置了折扣促销活动。

  • 应用了对所选商品提供折扣设置的促销码。

如果未应用任何商品级促销活动,则返回空数组。

skustring

唯一商品ID。 SKU只能包含大小写英文字母和数字字符、句点、破折号和下划线。

示例: "big_rocket"
typestring

商品类型:virtual_good/virtual_currency/bundle

示例: "virtual_currency"
virtual_pricesArray of objects

虚拟价格。

示例: [{"amount":100,"amount_without_discount":100,"image_url":"http://image.png","is_default":true,"sku":"com.xsolla.crystals_1"}]
vp_rewardsArray of arrays
响应
application/json
{
  "attributes": [
    {}
  ],
  "can_be_bought": true,
  "custom_attributes": {
    "attr": "value",
    "purchased": 0
  },
  "description": "Crystals - short description",
  "groups": [],
  "image_url": "https://cdn3.xsolla.com/img/misc/images/da33ab6cc1d7e5899cfdc5b6b6180fad.png",
  "is_free": false,
  "item_id": 451414,
  "limits": null,
  "name": "Crystals",
  "periods": [
    {}
  ],
  "price": {
    "amount": "100",
    "amount_without_discount": "100",
    "currency": "USD"
  },
  "promotions": [],
  "sku": "com.xsolla.crystal_1",
  "type": "virtual_currency",
  "virtual_prices": []
}

获取虚拟物品列表Client-side

请求

获取用于构建目录的虚拟物品列表。

注意:

所有项目对于可以在响应中获得的商品数量均都限制。默认值和最大值是每个响应50项。要逐页获取更多数据,请使用limitoffset字段。

注:

使用商品目录API调用无需授权,但若需获取个性化目录,必须在Authorization头中传入用户JWT。
安全
XsollaLoginUserJWT
路径
project_idinteger必需

项目ID。您可以在您的发布商帐户项目名称旁边找到。

示例: 44056
查询
limitinteger>= 1

页面上元素数量的限制。

示例: limit=50
offsetinteger>= 0

元素编号,从该元素开始生成列表(从0开始数)。

示例: offset=0
localestring

响应语言。按照ISO 639-1规定使用两个小写字母的语言代码。

默认值 "en"
additional_fields[]Array of strings

附加字段列表。如果在请求中发送这些字段,则它们将包含在响应中。

枚举"media_list""order""long_description""custom_attributes""item_order_in_group"
countrystring

ISO 3166-1 alpha-2标准下的两个大写字母的国家/地区代码。 请查看文档详细了解艾克索拉支持的国家/地区国家/地区的判断流程

示例: country=US
promo_codestring[ 1 .. 128 ] characters

区分大小写的唯一券码。包含字母和数字。

示例: promo_code=WINTER2021
show_inactive_time_limited_itemsinteger

显示用户不可用的时效性商品。此类商品的有效期尚未开始或已过期。

默认值 0
示例: show_inactive_time_limited_items=1
curl -i -X GET \
  'https://store.xsolla.com/api/v2/project/44056/items/virtual_items?limit=50&offset=0&locale=en&additional_fields%5B%5D=media_list&country=US&promo_code=WINTER2021&show_inactive_time_limited_items=1' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

响应

已成功收到虚拟物品列表。

正文application/json
has_moreboolean(Pagination_has-more)

用作指示还有更多页面。

示例: true
itemsArray of objects(Virtual-Items-Currency_item)
响应
application/json
{
  "has_more": true,
  "items": [
    {},
    {},
    {}
  ]
}

获取所有虚拟物品列表Client-side

请求

获取用于客户端搜索的所有虚拟物品的列表。

注意:

仅返回物品SKU、名称、组和描述

注:

使用商品目录API调用无需授权,但若需获取个性化目录,必须在Authorization头中传入用户JWT。
安全
XsollaLoginUserJWT
路径
project_idinteger必需

项目ID。您可以在您的发布商帐户项目名称旁边找到。

示例: 44056
查询
localestring

响应语言。按照ISO 639-1规定使用两个小写字母的语言代码。

默认值 "en"
promo_codestring[ 1 .. 128 ] characters

区分大小写的唯一券码。包含字母和数字。

示例: promo_code=WINTER2021
curl -i -X GET \
  'https://store.xsolla.com/api/v2/project/44056/items/virtual_items/all?locale=en&promo_code=WINTER2021' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

响应

已成功接收所有虚拟物品列表。

正文application/json
itemsArray of objects
示例: [{"description":"Big Rocket - description","groups":[{"external_id":"accessory","name":{"en":"accessory"}}],"name":"Big Rocket","sku":"com.xsolla.big_rocket_1"},{"description":"description","groups":[{"external_id":"hair","name":{"en":"Hair"}}],"name":"SHOTGUN FOR TRUE RAIDERS","sku":"com.xsolla.shotgun_raider_1"},{"description":"description","groups":[],"name":"SHOTGUN FOR TRUE RAIDERS","sku":"com.xsolla.shotgun_raider_2"}]
响应
application/json
{
  "items": [
    {},
    {},
    {}
  ]
}

虚拟支付

操作

目录

操作

权利

操作

管理

操作

管理

操作

目录

操作

购物车(客户端侧)

操作

购物车(服务器侧)

操作

支付(客户端)

操作

支付(服务器端)

操作

订单

操作

免费商品

操作

管理

操作

管理

操作

Webhook

操作

预订

操作

商户

操作

目录

本API允许获取任意类型的可售商品或指定商品。

操作

通用区域

操作

管理

操作