Skip to main content

​
Base URL

All API requests are made to: 
https://mannco.store

​
Authentication

The API uses JWT-based authentication via API keys. You must include the JWT token in your requests.

​
API Key Login Flow

  1. Obtain an API key from your Mannco.store account settings
  2. Call POST /user/login with your API key to receive a JWT token
  3. Include the JWT token in subsequent requests (typically via cookies or Authorization header)
JWT tokens expire after 31 days. You’ll need to re-authenticate after expiration.

​
CSRF protection

All POST requests may require CSRF validation depending on the endpoint configuration.
POST requests accept both application/json and application/x-www-form-urlencoded content types. JSON payloads are automatically decoded.

​
Permission levels

Endpoints require specific permission levels:
PermissionDescription
PublicNo authentication required
APIValid JWT token required (obtained via API key login)
ConnectedUser must be authenticated
2FAUser must have validated 2FA for the current session
AdminUser must have admin privileges
Many endpoints have an admin variant that accepts a {userid} path parameter to operate on behalf of another user.

​
Response format

All API responses return JSON with a standardized structure:

​
Success responses

{
  "err": false,
  "success": true,
  "content": {
    /* Response data here */
  }
}

​
Error responses

{
  "err": true,
  "success": false,
  "content": "Error message description"
}

​
Response fields

FieldTypeDescription
errbooleanfalse for success, true for errors
successbooleantrue for success, false for errors
contentobject/stringResponse data (object) for success, error message (string) for errors

​
Error codes

HTTP CodeResponse TypeDescription
200SuccessRequest completed successfully
300ErrorGeneral error (business logic error)
403Forbidden/UnauthorizedInsufficient permissions, invalid CSRF, or invalid API key
404Not FoundEndpoint or resource not found
500Server ErrorInternal server error

​
Specific error responses

StatusMessage
errorMissing required parameter: apiKey
forbiddenInvalid API key
forbiddenCountry blocked

​
Prices

All prices in the API are stored as integers in cents. For example, $1.50 is represented as 150.

​
Common types

​
SteamID

User identifiers are Steam 64-bit IDs (e.g., 76561198000000000), passed as strings.

​
Game IDs

GameID
Team Fortress 2440
Counter-Strike 2730
Dota 2570
Rust252490

​
Item states (backpack)

StateDescription
0In user inventory (not listed)
1Listed for sale
2Pending withdrawal
3In active trade
NegativeReserved for giveaway

​
Offer statuses

StatusDescription
0Active / Pending
1Accepted
2Declined
3Removed / Cancelled
-1Auto-cancelled: buyer insufficient balance
-2Auto-cancelled: offer expired
-3Auto-cancelled: item no longer available

​
Trade statuses

StatusDescription
0Pending
3Completed
-1Failed
-11Hidden
-12Reverted (admin)