Setting up authentication via deep link
Deep links allow the user to authenticate in the Web Shop through the game in one click, instead of going through the authentication process via user ID or Xsolla Login.
If the game is installed on the user’s mobile device, they will be redirected to the game via deep link to get an authorization token.
User flow
In the mobile app
- An unauthorized user in the Web Shop clicks the login button or the buy button. A modal window for entering the user ID or logging in through the mobile game opens.
- The user clicks the login button through the game.
- The user is redirected to the game where they are automatically redirected to Web Shop as an authorized user.
In the desktop version
- An unauthorized user in the Web Shop clicks the login button or the buy button. A modal window for entering the user ID or logging into the mobile version of the game using a QR code opens.
- The user scans the QR code using their mobile device, after which the Web Shop opens on their mobile device.
- The mobile version of the game opens on the user's mobile device.
- The user is automatically redirected to Web Shop on the mobile device as an authorized user.
Services interaction flow
How to set up
On the game side
- In your game’s mobile app settings, register a URL scheme to open the game via deep link:
- in Android applications — in the
AndroidManifest.xmlfile - in iOS applications — in the
Info.plistfile
- in Android applications — in the
gamename://authorize, where:gamename— the name of your game that should open on a mobile device for user authentication.authorize— an example of an action name that should be performed after the gamename game opens. Use the action name that matches the actions in your application’s operating system.
Copy
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLSchemes</key>
<array>
<string>gamename</string>
</array>
</dict>
</array>
Example of registering a URL scheme in Android applications:
Copy
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="gamename" android:host="authorize" />
</intent-filter>
- Implement the generation of an authorization token in JWT format using the user ID from the game.
| Parameter | Type | Description |
|---|---|---|
loginId | string | ID of the authorization method from the Publisher Account. Required. |
webhookUrl | string | URL for receiving the User validation in Web Shop webhook. The URL should match the address specified when setting up authentication via user ID. Xsolla expects a 200 HTTP code in response to the webhook to authorize the Web Shop user. If Xsolla receives a response with a 404 HTTP code or does not receive a response, the user will not be authorized.You can specify the value "webhookUrl": "https://nowebhook.com" to disable webhooks when authenticating via deep link. In this case, Xsolla does not check for the existence of the user, so make sure that in the user.id parameter you pass the user ID that exists in the game.Required. |
settings.projectId | string | Project ID found in Publisher Account, which is specified next to the name of your project in browser address bar. The URL has the following format: https://publisher.xsolla.com/merchant ID/Publisher Account section. Required. |
user.id | string | User ID in the game. Required. |
user.name | string | User name. Required. |
Example of calling the user token generation API method using curl:
Copy
- curl
curl --location 'https://sb-user-id-service.xsolla.com/api/v1/user-id' \
--header 'Content-Type: application/json' \
--data '{
"loginId": "000001aa-001a-0ab0-00001-01a01a01a01a",
"webhookUrl": "https://nowebhook.com",
"settings": {
"projectId": 123456,
"merchantId": 123456
},
"user": {
"id": "123",
"name": "a-user-name"
}
}'
You will get a response like {token=“JWT_TOKEN”}.
- Add a pop-up window with a notification of successful authorization (optional).
- Implement the opening of the Web Shop in the browser using the obtained user token.
Example of creating a URL for opening the Web Shop in the browser for an authorized user:
https://example.com/?token={token}, if you are using a custom domainhttps://example.xsollasitebuilder.com/?token={token}, if you are using an Xsolla domain
{token} is the user’s authorization token.Within Site Builder
You can perform the settings on the Site Builder side yourself, using the code examples provided below.For setup assistance, contact your Customer Success Manager or email to csm@xsolla.com.
Note
First set up authentication via User ID. This is necessary so that users have an alternative way of authentication if deep link authentication is not available. For example, if the game is not installed on a user’s mobile device.
- Open the project in the Publisher Account.
- In the side menu, click Site Builder.
- Click Configure on the card of your Web Shop site with authentication via User ID.
- Go to the Login Settings and select the User ID section.
- Set Deeplink authorization toggle to On.
- In the Deeplink URL field enter the link for user authentication.
- If you are using the Fast Login block on the site:
- Go to the Fast Login block.
- In the Layout section, set the QR code toggle to On.
- To check the authentication, click on Preview.
- To publish the website, click on Publish.
Was this article helpful?
Thank you for your feedback!
We’ll review your message and use it to help us improve your experience.Rate this page
Rate this page
Don’t want to answer
Thank you for your feedback!
Found a typo or other text error? Select the text and press Ctrl+Enter.
