If anybody but you has that key, it's very dangerous. That's basically like a key to your home.

引用自 ReBoot：

If anybody but you has that key, it's very dangerous. That's basically like a key to your home.

Well nobody has it, I just entered it on a legit non scamming csgo gambling site so the trades can be faster and safer. Nobody else has it. I revoked it though. I don't think I have a key now.

引用自 unforgiv3n：

引用自 ReBoot：

If anybody but you has that key, it's very dangerous. That's basically like a key to your home.

Well nobody has it, I just entered it on a legit non scamming csgo gambling site so the trades can be faster and safer. Nobody else has it. I revoked it though. I don't think I have a key now.

You have no way to verify whether the site is trustworthy or not. But yeah, it's still like a key: if you trust someone, you may just as well give them the key. Just make sure your trust isn't wasted.

I personally wouldn't trust any gambling site because with unregulated gambling, they can screw you over as much as they want. There have been several incidents in the past where popular streamers were affiiliated with gambling, of course not disclosing that, and the odds were seriously tilted in favor of those streamers so the gambling site looked better than it was towards everybody else.

引用自 ReBoot：

引用自 unforgiv3n：

Well nobody has it, I just entered it on a legit non scamming csgo gambling site so the trades can be faster and safer. Nobody else has it. I revoked it though. I don't think I have a key now.

You have no way to verify whether the site is trustworthy or not. But yeah, it's still like a key: if you trust someone, you may just as well give them the key. Just make sure your trust isn't wasted.

It's a 100% trusted site, it's been legit for years. But even if it's not, I revoked it and I need to know if a revoke is enough or no. I don't think my account has a key anymore, I want to be sure though.

引用自 unforgiv3n：

引用自 ReBoot：

You have no way to verify whether the site is trustworthy or not. But yeah, it's still like a key: if you trust someone, you may just as well give them the key. Just make sure your trust isn't wasted.

It's a 100% trusted site, it's been legit for years. But even if it's not, I revoked it and I need to know if a revoke is enough or no. I don't think my account has a key anymore, I want to be sure though.

The moment a key is revoked, it's gone, that's the whole point of revoking something. That particular combination of characters becomes a worthless random string of gibberish.

引用自 ReBoot：

引用自 unforgiv3n：

It's a 100% trusted site, it's been legit for years. But even if it's not, I revoked it and I need to know if a revoke is enough or no. I don't think my account has a key anymore, I want to be sure though.

The moment a key is revoked, it's gone, that's the whole point of revoking something. That particular combination of characters becomes a worthless random string of gibberish.

Some people said I need to change my password and disable/enable my steam mobile authenticator again. I wonder if that's even necessary or a revoke is enough.

引用自 unforgiv3n：

引用自 ReBoot：

If anybody but you has that key, it's very dangerous. That's basically like a key to your home.

Well nobody has it, I just entered it on a legit non scamming csgo gambling site so the trades can be faster and safer. Nobody else has it. I revoked it though. I don't think I have a key now.

There is no legit sites of this nature and an API key can be created at any time. If you credential set has been captured along with the auth code, hijackers have control of your account and can do as they wish at any time.

The amount of users I've seen who have sworn blind a site is 'legit' on for them to come back crying that they got scammed is so big, I'd say it's near the thousands and that's just from these forums. You wont know until it's too late.

It's even possible for a site to detect if a user is instigating a trade which allows them to create an instant API key once this action is in motion. So you may think your account is clean only for the botters to make a split-second move.

If I were you, I'd deauthorize all other devices and walk away. For all the money you think you'll save, you may lose a lot more in getting scammed just like everyone else.

引用自 unforgiv3n：

引用自 ReBoot：

The moment a key is revoked, it's gone, that's the whole point of revoking something. That particular combination of characters becomes a worthless random string of gibberish.

Some people said I need to change my password and disable/enable my steam mobile authenticator again. I wonder if that's even necessary or a revoke is enough.

Did you give that gambling site your password? If no, then no need to change it. Did you give them a Steam guard token? If no, no need to deauthorizing devices or disabling the mobile auth.

引用自 unforgiv3n：

Some people said I need to change my password and disable/enable my steam mobile authenticator again. I wonder if that's even necessary or a revoke is enough.

You do not need to disable mobile authenticator.
About the password, it depends on whether you ever put it on fake login page or not. I suggest to change it, just in case.

引用自 J4MESOX4D：

引用自 unforgiv3n：

Well nobody has it, I just entered it on a legit non scamming csgo gambling site so the trades can be faster and safer. Nobody else has it. I revoked it though. I don't think I have a key now.

There is no legit sites of this nature and an API key can be created at any time. If you credential set has been captured along with the auth code, hijackers have control of your account and can do as they wish at any time.

The amount of users I've seen who have sworn blind a site is 'legit' on for them to come back crying that they got scammed is so big, I'd say it's near the thousands and that's just from these forums. You wont know until it's too late.

It's even possible for a site to detect if a user is instigating a trade which allows them to create an instant API key once this action is in motion. So you may think your account is clean only for the botters to make a split-second move.

If I were you, I'd deauthorize all other devices and walk away. For all the money you think you'll save, you may lose a lot more in getting scammed just like everyone else.

I am completely aware that there are scamming sites.

But this one is one of the most famous ones and it is really legit. Millions of people are using it and profiting from it.

I don't worry about my username or password. All I wanted to know is about the API key, what it can do, who has access to it and if a revoke is enough for protection.

I guess I got all my answers, so thank you and everyone else. Peace.

引用自 unforgiv3n：

I am completely aware that there are scamming sites.

But this one is one of the most famous ones and it is really legit. Millions of people are using it and profiting from it.

Post the website link to the site you claim is legit. Steam will not block or remove it if it is legit.

引用自 Kusa：

引用自 unforgiv3n：

I am completely aware that there are scamming sites.

But this one is one of the most famous ones and it is really legit. Millions of people are using it and profiting from it.

Post the website link to the site you claim is legit. Steam will not block or remove it if it is legit.

Drop it all right. The OP got what they wanted and, more importantly, the OP revoked their key. Conclusion: all what's going on from now on is about being right rather than a constructive discussion.

引用自 unforgiv3n：

引用自 J4MESOX4D：

There is no legit sites of this nature and an API key can be created at any time. If you credential set has been captured along with the auth code, hijackers have control of your account and can do as they wish at any time.

The amount of users I've seen who have sworn blind a site is 'legit' on for them to come back crying that they got scammed is so big, I'd say it's near the thousands and that's just from these forums. You wont know until it's too late.

It's even possible for a site to detect if a user is instigating a trade which allows them to create an instant API key once this action is in motion. So you may think your account is clean only for the botters to make a split-second move.

If I were you, I'd deauthorize all other devices and walk away. For all the money you think you'll save, you may lose a lot more in getting scammed just like everyone else.

But this one is one of the most famous ones and it is really legit. Millions of people are using it and profiting from it.

There are no 'legit' ones because gambling licences are not issued for this purpose and Valve has desist orders against many sites that are involved in this activity.

You also put your account at dire risk if you obtain an item which has been stolen/laundered and as you use 3rd party sites, you have no protection like you would if you traded within the Steam platform. These sites are created for the purpose of laundering and turning items (many scammed) into cash.

Always use these at your own risk.

引用自 ReBoot：

Drop it all right. The OP got what they wanted and, more importantly, the OP revoked their key. Conclusion: all what's going on from now on is about being right rather than a constructive discussion.

Not your decision whether I make a post. I politely suggest you refrain from doing so.

引用自 Kusa：

引用自 ReBoot：

Drop it all right. The OP got what they wanted and, more importantly, the OP revoked their key. Conclusion: all what's going on from now on is about being right rather than a constructive discussion.

Not your decision whether I make a post. I politely suggest you refrain from doing so.

I politely suggest you report posts instead of starting a personal feud as you're doing now.