ITwoFactorService – Steam Web API Documentation

This page is just a reference of all the known Steam APIs, I do not know how they work. Please do not email me with questions.

UNDOCUMENTEDPOSTAddAuthenticator

Add two-factor authenticator to the logged-in account

https://api.steampowered.com/ITwoFactorService/AddAuthenticator/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
steamid		fixed64	No	steamid to use
authenticator_time		uint64	No	Current authenticator time
serial_number		fixed64	No	locally computed serial (deprecated)
authenticator_type		uint32	No	Authenticator type
device_identifier		string	No	Authenticator identifier
sms_phone_id		string	No	ID of phone to use for SMS verification
http_headers[0]		string[]	No	HTTP headers alternating by K/V
version		uint32	No	What the version of our token should be

UNDOCUMENTEDPOSTCreateEmergencyCodes

Generate emergency authenticator codes

https://api.steampowered.com/ITwoFactorService/CreateEmergencyCodes/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
code		string	No

UNDOCUMENTEDPOSTDestroyEmergencyCodes

Destroy emergency authenticator codes for the account

https://api.steampowered.com/ITwoFactorService/DestroyEmergencyCodes/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
steamid		fixed64	No	steamid to use

UNDOCUMENTEDPOSTFinalizeAddAuthenticator

Finalize two-factor authentication addition to the logged-in account

https://api.steampowered.com/ITwoFactorService/FinalizeAddAuthenticator/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
steamid		fixed64	No	steamid to use
authenticator_code		string	No	Current auth code
authenticator_time		uint64	No	Current authenticator time
activation_code		string	No	Activation code from out-of-band message
http_headers[0]		string[]	No	HTTP headers alternating by K/V
validate_sms_code		bool	No	When finalizing with an SMS code, pass the request on to the PhoneService to update its state too.

UNDOCUMENTEDPOSTQueryStatus

Get two-factor authentication settings for the logged-in account

https://api.steampowered.com/ITwoFactorService/QueryStatus/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
steamid		fixed64	No	steamid to use
include		int32	No	enum

UNDOCUMENTEDPOSTQueryTime

Get server's idea of the current time

https://api.steampowered.com/ITwoFactorService/QueryTime/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
sender_time		uint64	No	Current time on the sender (for stats, don't trust this)

UNDOCUMENTEDPOSTRemoveAuthenticator

Remove two-factor authentication addition from the logged-in account

https://api.steampowered.com/ITwoFactorService/RemoveAuthenticator/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
revocation_code		string	No	Password needed to remove token
revocation_reason		uint32	No	Reason the authenticator is being removed
steamguard_scheme		uint32	No	Type of Steam Guard to use once token is removed
remove_all_steamguard_cookies		bool	No	Remove all steamguard cookies

UNDOCUMENTEDPOSTRemoveAuthenticatorViaChallengeContinue

Continue challenge-based authenticator removal

https://api.steampowered.com/ITwoFactorService/RemoveAuthenticatorViaChallengeContinue/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
sms_code		string	No	Code from SMS
generate_new_token		bool	No	Generate new token (instead of removing old one)
version		uint32	No	What the version of our token should be

UNDOCUMENTEDPOSTRemoveAuthenticatorViaChallengeStart

Start challenge-based authenticator removal

https://api.steampowered.com/ITwoFactorService/RemoveAuthenticatorViaChallengeStart/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key

UNDOCUMENTEDPOSTSendEmail

Send email to the account

https://api.steampowered.com/ITwoFactorService/SendEmail/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
steamid		fixed64	No	Steamid to use
email_type		uint32	No	Type of email to send (ETwoFactorEmailType::*)
include_activation_code		bool	No	Include activation code in email parameters

UNDOCUMENTEDPOSTUpdateTokenVersion

Update the version for my token

https://api.steampowered.com/ITwoFactorService/UpdateTokenVersion/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
steamid		fixed64	No
version		uint32	No	What the version of our token should be
signature		bytes	No	HMAC digest over user's private key

UNDOCUMENTEDPOSTValidateToken

Validate (and consume) a token

https://api.steampowered.com/ITwoFactorService/ValidateToken/v1/

Name	Value	Type	Required	Description
key	click to set	string	Yes	Access key
code		string	No	code to validate