Steam WebAPI :: Help and Tips

모든 토론 > Steam 포럼 > Help and Tips > 제목 정보

Ice 2016년 9월 8일 오후 10시 42분

Steam WebAPI

Yo, I'm looking to register for a steam API key for development purposes, and there are a few things I'm having trouble with.

1. When I go to register for an API key(at http://steamcommunity.com/dev/apikey) It asks for a domain name, I'll be using the api to make requests via client side programs, so I have no server / domain, is there a way for me to register for a key without them?

2. The key acts as your unique identifier so steam can track who exactly is making the requests, as such you're supposed to keep this secret(and requiered by the Steam Web API Terms of Use), but in my programs when I want to send steam webAPI requests, I'll have to specify my API key won't I? Normally this would be fine for single user use, but what do I do if I plan to release my program to the public, won't the users be able to disect my code and see my key?

How would I keep the code itself functional while keeping my code hidden? My first thought is that turning the program into a .exe would encrypt it, but it's still possible to get the sourcecode of .exes isn't it?

So do I ask the users to provide their own steamAPI keys, or do I somehow encrypt my own? Let me make it known that I have no previouse experience with encryption of any kind.

I'm also no professional coder, in fact I'm a complete ameatur, I've dabbled in some of the big languages, but most of my experience is in Java and Python, and I'm currently ONLY using Python do to some limitations I had with Java.

My apologies if the above sounds ignorant, but of course it is.

Thanks.

Ice 님이 마지막으로 수정; 2016년 9월 8일 오후 10시 44분

< >

전체 댓글 7개 중 1~7개 표시 중

smash 2016년 9월 8일 오후 10시 52분

1. You can use a placeholder for now, I believe.

2. You'll use OAuth to get keys on a per-user basis.

So you want to make a web app, a desktop app, a mobile app, or what? That will determine how to package your application to obfuscate your code.

smash 님이 마지막으로 수정; 2016년 9월 8일 오후 10시 56분

Ice 2016년 9월 8일 오후 11시 13분

smash님이 먼저 게시:
1. You can use a placeholder for now, I believe.

2. You'll use OAuth to get keys on a per-user basis.

So you want to make a web app, a desktop app, a mobile app, or what? That will determine how to package your application to obfuscate your code.

I'll be making desktop programs, I'll be starting with some small programs that'll only be running on my pc, chatbots and sorts like that, but my end goal is to make a program simular to IdleMaster, that makes trader's(and normal users) lives easier, as well as to release it to the public, once I've gotten used to steam's API and improved my skills as a coder.

It all sounds farfetched at my level of skills, I use steam daily, and I'm a trader (at least I was a year ago, just not currently because I only recently enabled the mobile Authenticator

) so it would be useful to me to learn steam's API even if my goals are beyond my current skill.

Just to clarify, I can put anything I want as the "domain", it won't be needed later?

I'll look into OAuth/OpenId, thanks.

By the way, is there a specific forum for API developers?

Haha, sorry for rambling on, Thanks for the help.

Ice 님이 마지막으로 수정; 2016년 9월 8일 오후 11시 58분

Darren 2016년 9월 9일 오전 12시 22분

I think it still has to be a valid domain owned by you. You just don't have to run the apps through it.

MalikQayum 2016년 9월 9일 오전 12시 23분

first you are never suppose to hardcode any sensitive information into your apps that is just pure bad programming, you thinking you can obfuscate or encrypt it and everything will be ok and dandy is a dream anything can be decrypted it just requires a person willing and having the needed skills to do so.

so what you want to do since this is an web api key is to use a server to make the calls and then have your app get the information from the server.

so that was a bit of info for you, however in your case since you are making an idle bot / farm bot / trade bot, you will need to know that api keys are tied to the account that requested it but it can be used by others aswell but it also have api calls that will only work if the requests comes from that account.

example the trade offer api, so this mean you naturally should not hardcode your api key into your app but create a setting file wherein the user can add their credentials, being username / password / api key etc.

have a look at archie steam farm on github.

Ice 2016년 9월 9일 오전 12시 28분

Yeah I know that It's tied to your account, and it's a bad idea to put the API key in the source code, I was looking for an alternative method, is it possible to make steam API calls if I let the user login instead? I thought it didn't let you make any requests at all if you didn't provide an API key? Or does the user's account act as a key and let the program make API calls?

And how would I go about getting the users to login without first having accese to the API?

As I mentioned I don't own a domain nor a server, so I can't use that method.

Ice 님이 마지막으로 수정; 2016년 9월 9일 오전 12시 48분