← Back to Home
EN VI

Steam Auth API - Documentation

Guide to setup and use the API to get Steam Guard codes.

1. Introduction

Steam Auth API allows you to:

2. API Key

All API endpoints require an API Key in the header.

Get API Key

Login and create your API Key:

Login / Register to Get API Key

Don't have an account? Sign up for free - takes only 1 minute!

Using API Key

Add the API Key to the X-API-Key header of every request:

X-API-Key: YOUR_API_KEY

Example with cURL:

curl -X GET "http://localhost:5179/api/token/code?token=ABC123" \
  -H "X-API-Key: YOUR_API_KEY"
NOTE:
  • Do not share API Key publicly on Git or forums
  • Store API Key in environment variables or private config files
  • Change API Key in appsettings.json if needed

3. Main Endpoints

3.1. Get Steam Guard Code

GET /api/token/code?token=YOUR_TOKEN

Get Steam Guard authentication code using token.

Request:

GET /api/token/code?token=ABC123
X-API-Key: YOUR_API_KEY

Response:

{
  "code": "87MYB",
  "accountName": "username",
  "usageRemaining": 99,
  "expiresAt": "2025-10-20T05:14:18Z",
  "timestamp": "2025-10-20T04:45:30Z"
}
NOTE: Steam Guard codes change every 30 seconds.

3.2. Import maFile

POST /api/token/import

Import maFile into the system to create tokens.

Request:

POST /api/token/import
X-API-Key: YOUR_API_KEY
Content-Type: multipart/form-data

file: [FILE_DATA]

Response:

{
  "accountId": "abc123",
  "accountName": "username",
  "ownerToken": "OWNERTOKEN123",
  "encrypted": true,
  "message": "Import successful!"
}

3.3. Create Token

POST /api/token/create

Create token to get codes with usage limits.

Request:

POST /api/token/create
X-API-Key: YOUR_API_KEY
Content-Type: application/json

{
  "accountId": "abc123",
  "maxUsage": 100,
  "expiryMinutes": 60
}

Parameters:

Name Type Required Description
accountId string Yes Account ID from import
maxUsage number No Maximum usage count (default: unlimited)
expiryMinutes number No Expiration time in minutes (default: unlimited)

Response:

{
  "token": "XYZ789ABC123",
  "accountName": "username",
  "maxUsage": 100,
  "expiresAt": "2025-10-20T06:00:00Z",
  "createdAt": "2025-10-20T05:00:00Z"
}

4. Setup New Account (Create maFile)

Create a new maFile for Steam accounts without an authenticator.

4.1. Start Session

POST /api/setup/login

Login to Steam to begin the setup process.

Request:

POST /api/setup/login
X-API-Key: YOUR_API_KEY
Content-Type: application/json

{
  "username": "your_steam_username",
  "password": "your_steam_password"
}

Response:

{
  "sessionId": "abc123",
  "status": "waiting",
  "message": "Waiting for authentication...",
  "requiresEmailCode": true
}

4.2. Verify Email (if required)

POST /api/setup/verify-email

Enter verification code from Steam email.

Request:

POST /api/setup/verify-email
X-API-Key: YOUR_API_KEY
Content-Type: application/json

{
  "sessionId": "abc123",
  "emailCode": "AB123"
}

4.3. Add Authenticator

POST /api/setup/add-authenticator

Start adding Steam Mobile Authenticator.

Response:

{
  "status": "awaiting_sms",
  "message": "Check EMAIL (subject: 'add an authenticator') for code",
  "codeSource": "email_or_sms",
  "revocationCode": "R12345"
}

4.4. Finalize

POST /api/setup/finalize

Enter code from email/SMS to complete.

Request:

POST /api/setup/finalize
X-API-Key: YOUR_API_KEY
Content-Type: application/json

{
  "sessionId": "abc123",
  "smsCode": "GQP7D"
}

Response:

{
  "status": "success",
  "accountName": "username",
  "revocationCode": "R12345",
  "downloadToken": "xyz789",
  "downloadUrl": "/api/setup/download?token=xyz789",
  "expiresIn": "10 minutes"
}

4.5. Download maFile

GET /api/setup/download?token=DOWNLOAD_TOKEN

Download the newly created maFile (token expires in 10 minutes).

NOTE:
  • The "SMS" code is often sent via EMAIL with subject "add an authenticator"
  • Download token can only be used once and expires after 10 minutes
  • Save the revocation code to remove authenticator later

5. Usage Flow

Step 1: Import maFile

  1. Prepare your maFile
  2. Call POST /api/token/import
  3. Save accountId and ownerToken

Step 2: Create Token

  1. Use accountId from step 1
  2. Call POST /api/token/create
  3. Receive token to get codes

Step 3: Get Code

  1. Use token from step 2
  2. Call GET /api/token/code?token=YOUR_TOKEN
  3. Receive 5-character Steam Guard code

6. Code Examples

JavaScript / Fetch

const API_BASE = 'http://localhost:5179';
const API_KEY = 'YOUR_API_KEY';

// Get code
async function getCode(token) {
  const response = await fetch(
    `${API_BASE}/api/token/code?token=${token}`,
    {
      headers: { 'X-API-Key': API_KEY }
    }
  );
  
  const data = await response.json();
  console.log('Code:', data.code);
  return data.code;
}

// Usage
const code = await getCode('YOUR_TOKEN_HERE');

cURL

curl -X GET "http://localhost:5179/api/token/code?token=YOUR_TOKEN" \
  -H "X-API-Key: YOUR_API_KEY"

Python

import requests

API_BASE = 'http://localhost:5179'
API_KEY = 'YOUR_API_KEY'

def get_code(token):
    response = requests.get(
        f'{API_BASE}/api/token/code',
        params={'token': token},
        headers={'X-API-Key': API_KEY}
    )
    return response.json()['code']

# Usage
code = get_code('YOUR_TOKEN_HERE')
print(f'Code: {code}')

PHP

<?php
$apiBase = 'http://localhost:5179';
$apiKey = 'YOUR_API_KEY';
$token = 'YOUR_TOKEN_HERE';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$apiBase/api/token/code?token=$token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "X-API-Key: $apiKey"
]);

$response = curl_exec($ch);
$data = json_decode($response, true);
$code = $data['code'];

echo "Code: $code";
?>

7. Common Errors

401 Unauthorized

API Key is incorrect or missing X-API-Key header.

Solution: Check API Key in appsettings.json.

404 Not Found

Token does not exist or has been deleted.

Solution: Create a new token.

Token out of usage

Token has exhausted its maxUsage.

Solution: Create a new token with higher maxUsage.

← Back to Home
EN VI