Join us at Minneapolis API Security Summit 2025!
Join us at Minneapolis API Security Summit 2025!
Join us at Minneapolis API Security Summit 2025!
Join us at Minneapolis API Security Summit 2025!
Join us at Minneapolis API Security Summit 2025!
Join us at Minneapolis API Security Summit 2025!
Close
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Case study

Xsolla Case Study

Scaling API Security for the payment processing platform

Thanks for filling out the form!
The resource link will open in the new tab. If its not, please follow this link
Oops! Something went wrong while submitting the form.
Xsolla Case Study

Xsolla and Its Millions of Microtransactions

Scaling API Security for the payment processing platform

  • Industry: Fintech
  • Products purchased: API Threat Protection & API Security Testing
  • Google Cloud Platform
  • Protected sites: Xsolla.com

Have you ever paid to change your eye color? Would you pay for an amazing cybernetic weaponized arm or turbo engines? Evidently, millions of ordinary people will. Sometimes something niche revolutionizes a much bigger industry. Enter Xsolla, the video game business engine that helps developers operate and sell more games globally. Nothing has done more for e-commerce and the growth of in-app purchases than video games, exchanging virtual bounties for real-world currency. In-game purchases are filled with tough challenges around surges in traffic, international players, multiple currencies, and high-volume micropayments. At the heart of that is Xsolla.

Life in 2005 witnessed the unveiling of Xbox 360 and Playstation 3, over $10.5B of US sales for the video game industry, and the newly born MMORPG World of Warcraft ranked #1 as top-grossing video game. By 2020, it’s expected that over $32B will be spent on in-game purchases alone—three times the total of the 2005 sales across the industry, from accessories to hardware.

Monetization of gaming was a fresh concept, growing in tandem with larger builds, open worlds, and sequences.

Now, the market continues to grow. In-game purchases are a niche form of in-app purchases. And, Xsolla has grown as well into a global company working with more than 2,000 game projects worldwide.

Xsolla operates as the Merchant and Seller of Record for major gaming entities like Valve, Twitch, Ubisoft, Epic Games, PUBG and more.

Strong Security Measures

As a fintech company in the gaming space, one of Xsolla’s most important priorities is protecting its customers’ data. The complexity of that challenge grew as Xsolla grew from a local company to a worldwide service. Their clients depend on global players to pay in whatever way is most convenient for them. Compliance with PCI DSS was crucial.

In 2015, Xsolla was looking for something that would protect from the broader range of threats and at the same time would be easy to use and grow with the company. And, they wanted it to be as continuous and thorough as they are in their own CI/CD. There is no time for slowdowns when the global gamer is always online.

"We started using Wallarm in 2015. For more than five years of a successful partnership, we’ve used their solution in the blocking mode across our entire infrastructure. It has shown high efficiency in detecting attacks, with an insignificant rate of false-positives. We recommend this solution as a proven and effective WAF and API protection to anyone who wants to increase the security for their business."

Konstantin Golubitsky, Xsolla CTO

Wallarm Finishes the Competition

Wallarm helped Xsolla to up their security game without reinventing the wheel. It provided the ease of use they needed and intelligent threat detection.

As Xsolla grew, the importance of compliance grew. Working with international payment and banking systems all over the world, they were required to be certified under PCI DSS, specifically where requirement 6.1 called for a WAF.

Results: More Than a Technical Win

“The key things we were looking for in a security solution are effectiveness, ease of use, ease of deployment, and good technical support. Wallarm met all of these requirements.”

The biggest takeaway for Xsolla is that Wallarm is an incredibly easy-to-use product. They love the machine learning aspect, which allows them to focus on growth. The interface is clear and intuitive, and there were no problems training anyone at their company. Switching to Wallarm’s enterprise solution with support meant minimal resource allocation from Xsolla. Once tuned initially, it just worked. Instant security upgrade.

Here’s how Wallarm helped

  • Set it up, let it run

“Unlike ModSecurity, Wallarm is an Enterprise solution with full support and doesn’t require continuous attention. Once the system is turned on, all we do is look at the reports, and from time to time, review the rare false positives and feed the information back into the system.”

  • Compliance

“Security and compliance are critical in protecting users’ personal data. As a company, you protect your customers at all costs.”

  • Plug-and-play deployment

“We didn’t need to change anything in the application deployment infrastructure. The installation itself is easy and straightforward.”

  • Technology powered by ML learns while we grow

“Each of our custom self-written applications had their own loads and their own traffic profiles. Wallarm is a self-learning system, so it was initially in the learning mode to understand each of the context and learn each of the applications.”

  • Excellent customer service

“We’ve had a great experience with Wallarm technical support. We have a direct communication channel where response time is almost immediate.”

Trusted by the world’s most innovative companies:

15 min

To unboard and view secutity results
“I needed cloud security tooling that could get me visibility fast. Wallarm answers all my visibility needs within minutes — across multiple clouds.”
Miro Logo

500K

per year in const savings
“With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure as a code approach.”
Rappi Logo

100%

visibility into multi-cloud environments
“With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure as a code approach.”
Dropbox Logo
Panasonic Logo
Victoria's Secret Logo
Miro Logo
Gannet Logo
Dropbox Logo
Rappi Logo
Wargaming Logo
Semrush Logo
Tipalti Logo
UZ Leuven Logo

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.