Documentation Index
Fetch the complete documentation index at: https://docs.mannco.store/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
All documented requests use:
Authentication
Programmatic access uses a JWT from your API key (created in your Mannco.store account). See Authentication for POST /user/login and the Authorization header.
- Routes with
connected + api: send Authorization: Bearer <jwt> unless noted otherwise.
GET /user/store/{identifier} only requires the api route filter — no logged-in user.- JWT lifetime is about 31 days; the payload includes
API: true and a bound client IP (see Authentication).
Two-factor authentication (2FA)
Routes that include the server-side 2fa filter do not require a 2FA code when you use a JWT obtained from POST /user/login (API flow). The browser session flow may still prompt for 2FA.
CSRF
For routes that include the api filter, POST requests from API clients do not need the browser CSRF token. JSON bodies are supported (Content-Type: application/json); the router merges JSON into POST parameters.
Rate limiting
When the JWT has API: true, the API may enforce per-user, per-route, per-method limits.
When exceeded:
- HTTP 429
- Headers:
X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After
- JSON body:
content is a short message (retry after N seconds)
Typical defaults (subject to per-user or per-endpoint overrides) are on the order of 600 requests per 60-second window for GET and POST. Exact numbers may change without a docs update.
Scope
Only routes whose definition includes the api filter are documented here, plus POST /user/login (API key exchange — required for authenticated calls).
Website-only flows (browser session, cashout routes without api, etc.) are out of scope for these pages.
Endpoints by area
| Area | Methods and paths |
|---|
| Login | POST /user/login |
| Items | GET /item/details/{item}, GET /item/details/fromid/{backpackid}, GET /item/cs/details/fromid/{backpackid}, GET /item/salesGraph/{item}, GET /item/listing/count/{item}, GET /item/listing/count/{item}/{userid}, GET /item/listing/{item}, GET /item/listing/{item}/{userid}, GET /item/buyorderList/{item}, GET /item/pricing/bulk, GET /item/pricing/external, GET /item/pricing/{item}, POST /item/buyorder, POST /item/buyorder/update, POST /item/buyorder/remove |
| Buy orders (user) | GET /user/buyorder/{item}, GET /user/getBuyorder |
| Inventory | GET /inventory/onSale, GET /inventory/onInventory, POST /inventory/withdraw, POST /inventory/price |
| Trades | GET /trades/active, GET /trades/all, GET /trade/resend |
| Offers | GET /offers/received, GET /offers/my, POST /offers/create, POST /offers/decline, POST /offers/remove, POST /offers/accept |
| Deposit | POST /deposit/trade, POST /deposit/trade/instant, GET /deposit/tradeStatus/{tradeid}, GET /deposit/instantSell/{game}, GET /deposit/{game} |
| Cart | GET /cart/get, POST /cart/add, POST /cart/bulk, POST /cart/remove, POST /cart/update, POST /cart/clear |
| Payment | POST /payment/{provider} |
| User | GET /user/disconnect, GET /user/infos, GET /user/balance, GET /user/notifications, GET /user/store/{identifier}, GET /user/ipList, GET /user/getSalesInfos, GET /user/getSalesChartInfos, GET /user/getBalanceHistory, GET /user/getPurchaseHistory, GET /user/getSalesHistory, GET /user/getCashoutHistory, GET /user/getTransactionHistory, GET /user/getTransactionDetails, GET /user/getBuyorder |
| Partner | POST /webhook/vendor/{provider} |
{userid} path segments) are not detailed here.
All JSON responses share this shape.
Success
{
"err": false,
"success": true,
"content": {}
}
content.
Business error (Response("error", …))
Often HTTP 300 with:
{
"err": true,
"success": false,
"content": "Error message"
}
content may be a string or an object depending on the endpoint.
Common HTTP status codes
| Code | Meaning |
|---|
200 | Success |
300 | Business error (error) |
403 | Forbidden / unauthorized (forbidden, invalid JWT, blocked country, etc.) |
404 | Not found |
429 | Rate limited |
500 | Server error |
Prices
Monetary amounts are integer cents (e.g. 150 = $1.50 where applicable).
Common types
SteamID
64-bit Steam ID as a string, e.g. 76561198000000000.
Game IDs
| Game | ID |
|---|
| Team Fortress 2 | 440 |
| Counter-Strike 2 | 730 |
| Dota 2 | 570 |
| Rust | 252490 |
Backpack / listing states
| State | Meaning |
|---|
0 | In inventory (not listed) |
1 | Listed for sale |
2 | Pending withdrawal |
3 | In active trade |
| Negative | Reserved (e.g. giveaway) |
Offer statuses
| Status | Meaning |
|---|
0 | Active / pending |
1 | Accepted |
2 | Declined |
3 | Removed / cancelled |
-1 | Auto-cancelled: buyer balance |
-2 | Auto-cancelled: expired |
-3 | Auto-cancelled: item unavailable |
Trade statuses
| Status | Meaning |
|---|
0 | Pending |
3 | Completed |
-1 | Failed |
-11 | Hidden |
-12 | Reverted (admin) |
