This page is just a reference of all the known Steam APIs, I do not know how they work. Please do not email me with questions.
POSTBeginAuthSessionViaCredentials

start authentication process

https://api.steampowered.com/IAuthenticationService/BeginAuthSessionViaCredentials/v1/
NameValueTypeRequiredDescription
string Yes
string Yes
string Yes password, RSA encrypted client side
uint64 Yes timestamp to map to a key - STime
bool Yes deprecated
{enum} Yes
{enum} Nowhether we are requesting a persistent or an ephemeral session
string No(EMachineAuthWebDomain) identifier of client requesting auth
{message} Yes User-supplied details about the device attempting to sign in
string Yes steam guard data for client login
uint32 Yes
int32 No[ENetQOSLevel] client-specified priority for this auth attempt
POSTBeginAuthSessionViaQR

start authentication process

https://api.steampowered.com/IAuthenticationService/BeginAuthSessionViaQR/v1/
NameValueTypeRequiredDescription
string Yes
{enum} Yes
{message} Yes User-supplied details about the device attempting to sign in
string No(EMachineAuthWebDomain) identifier of client requesting auth
UNDOCUMENTEDPOSTEnumerateTokens

Enumerate durable (refresh) tokens for the given subject account

https://api.steampowered.com/IAuthenticationService/EnumerateTokens/v1/
NameValueTypeRequiredDescription
click to setstring Yes Access key
bool No
UNDOCUMENTEDPOSTGenerateAccessTokenForApp

Given a refresh token for a client app audience (e.g. desktop client / mobile client), generate an access token

https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/
NameValueTypeRequiredDescription
click to setstring Yes Access key
string No
fixed64 No
ETokenRenewalType Noenum
POSTGetAuthSessionInfo

get metadata of specific auth session, this will also implicitly bind the calling account

https://api.steampowered.com/IAuthenticationService/GetAuthSessionInfo/v1/
NameValueTypeRequiredDescription
uint64 Yes client ID from scanned QR Code, used for routing
POSTGetAuthSessionRiskInfo

get risk metadata for a specific auth session that has been deemed risky

https://api.steampowered.com/IAuthenticationService/GetAuthSessionRiskInfo/v1/
NameValueTypeRequiredDescription
uint64 Yes client ID from scanned QR Code, used for routing
uint32 Yes language for optimistic localization of geoloc data
UNDOCUMENTEDGetAuthSessionsForAccount

Gets all active auth sessions for an account for reference by the mobile app

https://api.steampowered.com/IAuthenticationService/GetAuthSessionsForAccount/v1/
NameValueTypeRequiredDescription
click to setstring Yes Access key
GETGetPasswordRSAPublicKey

Fetches RSA public key to use to encrypt passwords for a given account name

https://api.steampowered.com/IAuthenticationService/GetPasswordRSAPublicKey/v1/
NameValueTypeRequiredDescription
string Yes user-provided account name to get an RSA key for
UNDOCUMENTEDPOSTMigrateMobileSession

Migrates a WG token to an access and refresh token using a signature generated with the user's 2FA secret

https://api.steampowered.com/IAuthenticationService/MigrateMobileSession/v1/
NameValueTypeRequiredDescription
click to setstring Yes Access key
fixed64 NoSteam ID of the user to migrate
string NoWG Token to migrate
string NoSignature over the wg token using the user's 2FA token
POSTNotifyRiskQuizResults

notify the server about risk quiz responses for metrics purposes

https://api.steampowered.com/IAuthenticationService/NotifyRiskQuizResults/v1/
NameValueTypeRequiredDescription
uint64 Yes client ID for the auth session, used for routing
{message} Yes Whether or not the user correctly answered each risk quiz question
string Yes The action being taken selected by the user during the quiz
bool Yes Whether or not the user went on to confirm the login or not in the case of a passed quiz
POSTPollAuthSessionStatus

poll during authentication process

https://api.steampowered.com/IAuthenticationService/PollAuthSessionStatus/v1/
NameValueTypeRequiredDescription
uint64 Yes
string Yes
uint64 Yes If this is set to a token owned by this user, that token will be retired
UNDOCUMENTEDPOSTRevokeRefreshToken

Mark the given refresh token as revoked

https://api.steampowered.com/IAuthenticationService/RevokeRefreshToken/v1/
NameValueTypeRequiredDescription
click to setstring Yes Access key
fixed64 No
fixed64 NoToken holder if an admin action on behalf of another user
EAuthTokenRevokeAction NoSelect between logout and logout-and-forget-machine
bytes Norequired signature over token_id
UNDOCUMENTEDPOSTRevokeToken

Revoke a single token immediately, making it unable to renew or generate new access tokens

https://api.steampowered.com/IAuthenticationService/RevokeToken/v1/
NameValueTypeRequiredDescription
click to setstring Yes Access key
string No
EAuthTokenRevokeAction NoSelect between logout and logout-and-forget-machine
POSTUpdateAuthSessionWithMobileConfirmation

approve an authentication session via mobile 2fa

https://api.steampowered.com/IAuthenticationService/UpdateAuthSessionWithMobileConfirmation/v1/
NameValueTypeRequiredDescription
int32 Yes version field
uint64 Yes pending client ID, from scanned QR Code
uint64 Yes user who wants to login
string Yes HMAC digest over {version,client_id,steamid} via user's private key
bool NoWhether to confirm the login (true) or deny the login (false)
{enum} Nowhether we are requesting a persistent or an ephemeral session
POSTUpdateAuthSessionWithSteamGuardCode

approve an authentication session via steam guard code

https://api.steampowered.com/IAuthenticationService/UpdateAuthSessionWithSteamGuardCode/v1/
NameValueTypeRequiredDescription
uint64 Yes pending client ID, from initialized session
uint64 Yes user who wants to login
string Yes confirmation code
{enum} Yes type of confirmation code