Skip to main content

Steam OpenID Login

GET /user/login

Initiates or completes a Steam OpenID authentication flow. On first call (no mode), returns a Steam OpenID auth URL. On callback, validates the Steam identity, performs fraud checks (SEON), and returns a JWT token.

First Call — Get Auth URL

GET /user/login
Authentication: None Response
status
string
success
data
object
Example Response
{
  "status": "success",
  "data": {
    "url": "https://steamcommunity.com/openid/login?..."
  }
}

Callback — Validate & Login

On successful Steam callback, the endpoint validates the user, checks for proxies, blocked countries, and email validation status. Possible Responses:
StatusCodeDescription
successLogin successful, returns JWT
error0x00000001Email not validated — returns userId, hashUser, encrypted jwt
error0x00000002Missing SEON parameter
forbiddenProxy detected or country blocked
Success Response
{
  "status": "success",
  "data": {
    "jwt": "eyJhbGciOiJI..."
  }
}
Email Not Validated Response
{
  "status": "error",
  "data": {
    "code": 1,
    "userId": "76561198000000000",
    "hashUser": "abc123...",
    "message": "Email not validated",
    "jwt": "encrypted_jwt_token..."
  }
}

JWT Token Structure

The JWT token contains the following claims:
ClaimTypeDescription
issstringIssuer — always "API"
substringSteam ID of the user
expintegerExpiration timestamp (31 days from creation)
iatintegerIssued at timestamp
jtistringUnique token identifier (UUID)
ipstringClient IP address
countrystringISO country code
steamidintegerNumeric Steam ID

API Key Login

POST /user/login

Authenticates using an API key instead of Steam OpenID. Returns a JWT token for subsequent API calls.
POST /user/login
Authentication: None Body Parameters
apiKey
string
required
The API key associated with the user account.
Response
Success Response
{
  "status": "success",
  "data": {
    "jwt": "eyJhbGciOiJI..."
  }
}
Errors
StatusMessage
errorMissing required parameter: apiKey
forbiddenInvalid API key
forbiddenCountry blocked

Check Connection Status

GET /user/isConnected

Checks whether the current user is authenticated.
GET /user/isConnected
Authentication: None Response 
{
  "status": "success",
  "data": {
    "connected": true
  }
}
data.connected
boolean
true if the user is currently authenticated, false otherwise.

Disconnect (Logout)

GET /user/disconnect

Terminates the current user session.
GET /user/disconnect
Authentication: connected Response 
{
  "status": "success",
  "data": {
    "disconnect": true
  }
}

Disconnect All Sessions

GET /user/disconnectSession/all

Terminates all active sessions for the current user.
GET /user/disconnectSession/all
Authentication: connected Response 
{
  "status": "success",
  "data": {
    "message": "All sessions have been disconnected successfully"
  }
}

Disconnect Session by ID

GET /user/disconnectSession/:id

Terminates a specific session by its ID.
GET /user/disconnectSession/{id}
Authentication: connected Path Parameters
id
integer
required
The session ID to disconnect.
Response 
{
  "status": "success",
  "data": {
    "message": "Session disconnected successfully"
  }
}

Get IP / Session List

GET /user/ipList

Retrieves a paginated list of login sessions with IP information, location, and ISP details. Admin users can query other users.
GET /user/ipList
GET /user/ipList/{userid}   (admin)
Authentication: connected (admin for other users) Query Parameters
page
integer
default:"0"
Page number for pagination.
perpage
integer
default:"10"
Number of results per page (max 50).
expire
string
Set to "true" to include expired sessions.
Response 
{
  "status": "success",
  "data": {
    "values": [
      {
        "ip": "192.168.1.1",
        "location": "US: New York",
        "isp": "Provider Name",
        "current": true,
        "userAgent": "Mozilla/5.0...",
        "timestamp": "1706745600"
      }
    ],
    "count": 25
  }
}
data.values[].current
boolean
true if this is the current active session.