Skip to content

gofurry/steam-go

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

176 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

steam-go

License    Go Version    Go Report Card    Weekend Project    Made with Love

Wiki  |  Steam Keys and Access Tokens |  中文 README  |  Steam Key 与 Access Token

				____ ____ ____ _  _ ____ ____ _   _   / ____ ___ ____ ____ _  _    ____ ____ 
				| __ |  | |___ |  | |__/ |__/  \_/   /  [__   |  |___ |__| |\/| __ | __ |  | 
				|__] |__| |    |__| |  \ |  \   |   /   ___]  |  |___ |  | |  |    |__] |__| 
                                                                             

steam-go is a stable Go SDK for the official Steam Web API, with practical request controls and carefully scoped read-only Steam Web helpers.

Why Use It

  • Stable root Client with grouped official API access under client.API.*
  • Read-only client.Web.* helpers for Storefront, Community inventory, and Market JSON endpoints
  • Functional options for API key, access token, timeout, retry, rate limit, proxy, cookies, and traffic policy
  • Safe defaults for external traffic with bounded response bodies and URL redaction helpers
  • Typed responses for stable payloads, with raw methods and json.RawMessage for volatile subtrees
  • Rotating and health-checked API key providers for resilient 401/429 handling
  • Addons for OpenID, web sessions, assets, markup, VDF, free-claim workflows, and A2S without bloating the core SDK

Installation

go get github.com/gofurry/steam-go@latest

steam-go currently requires Go 1.25+.

Quick Start: Official API

package main

import (
	"context"
	"fmt"
	"time"

	steam "github.com/gofurry/steam-go"
)

func main() {
	client, err := steam.NewClient(
		steam.WithAPIKey("your-key"),
		steam.WithTimeout(10*time.Second),
		steam.WithRetry(2),
	)
	if err != nil {
		panic(err)
	}
	defer client.Close()

	resp, err := client.API.SteamUser.GetPlayerSummaries(
		context.Background(),
		[]string{"76561198370695025"},
	)
	if err != nil {
		panic(err)
	}

	for _, player := range resp.Response.Players {
		fmt.Printf("%s: %s\n", player.SteamID, player.PersonaName)
	}
}

More official API examples: docs/cookbook/basic-api.md.

Quick Start: Steam OpenID

verifier, err := openid.NewVerifier(openid.Config{
	Realm:    "https://example.com/",
	ReturnTo: "https://example.com/auth/steam/callback",
})
if err != nil {
	panic(err)
}

loginURL, err := verifier.LoginURL("csrf-state")
if err != nil {
	panic(err)
}

fmt.Println(loginURL)

In a real app, store the state in a secure cookie or server-side session before redirecting the user. Cookbook: docs/cookbook/auth-openid.md.

Quick Start: Read-Only Web Query

client, err := steam.NewClient(steam.WithSafeDefaults())
if err != nil {
	panic(err)
}
defer client.Close()

reviews, err := client.Web.Storefront.GetAppReviews(context.Background(), 440, &storefront.GetAppReviewsOptions{
	Language:   "english",
	NumPerPage: 20,
})
if err != nil {
	panic(err)
}

fmt.Println(reviews.QuerySummary.TotalReviews)

client.Web.* is read-only and never injects Steam Web API key or access_token. Cookbook: docs/cookbook/web-readonly.md.

Production Notes

  • Start with WithSafeDefaults() for real external traffic, then tune timeout, retry, and rate limit per workload.
  • Use WithProxySelector(...) or WithTrafficPolicy(...) when region, host, or session behavior needs different network paths.
  • Keep official API traffic and Storefront page-like traffic on separate traffic policies. In a 2026-06-07 Storefront appdetails experiment, repeated runs started returning 429 around 220-230 requests and then 403; a conservative Store budget such as 1 request / 2 seconds with burst=1 is a safer starting point.
  • Do not log raw URLs that may contain key, access_token, cookies, or proxy credentials. Use steam.RedactSensitiveURL(...).
  • Use WithMaxResponseBodyBytes(...) when callers need a stricter response body cap.
  • Keep live smoke credentials and web cookies out of Git; examples use environment variables or hidden terminal prompts for sensitive values.

Stability Boundary

  • client.API.* is the official Steam Web API surface and the main stable v1 contract.
  • client.Web.* exposes stable Go method signatures, but the upstream Store / Community / Market payloads are unofficial and may drift.
  • Volatile nested payloads may remain json.RawMessage instead of being forced into brittle typed structs.
  • The core package does not include browser fallback, purchase, sell, trade, or bulk account automation.

Addons

Addon Use it for
addons/openid Steam OpenID login verification
addons/websession Manual Steam web-login session flow
addons/freeclaim Read-only free promotion discovery plus explicit single-package claim
addons/assets Store / Library asset URL construction, official asset discovery, verification, reading, and downloading
addons/markup Steam BBCode / HTML conversion, sanitizing, and plain-text summaries
addons/vdf Valve VDF / KeyValues text parsing via github.com/gofurry/vdf-go
addons/a2s A2S server queries through github.com/gofurry/a2s-go

Detailed addon notes: docs/addons/reference.md.

Documentation

About

A clean and extensible Go SDK for Steam Web API, with built-in support for retries, rate limiting, and pluggable transports.

Topics

Resources

License

Contributing

Security policy

Stars

55 stars

Watchers

0 watching

Forks

Contributors

Languages