⭐ Wiki | Steam Keys and Access Tokens | 中文 README | Steam Key 与 Access Token ⭐
____ ____ ____ _ _ ____ ____ _ _ / ____ ___ ____ ____ _ _ ____ ____
| __ | | |___ | | |__/ |__/ \_/ / [__ | |___ |__| |\/| __ | __ | |
|__] |__| | |__| | \ | \ | / ___] | |___ | | | | |__] |__|
steam-go is a stable Go SDK for the official Steam Web API, with practical request controls and carefully scoped read-only Steam Web helpers.
- Stable root
Clientwith grouped official API access underclient.API.* - Read-only
client.Web.*helpers for Storefront, Community inventory, and Market JSON endpoints - Functional options for API key, access token, timeout, retry, rate limit, proxy, cookies, and traffic policy
- Safe defaults for external traffic with bounded response bodies and URL redaction helpers
- Typed responses for stable payloads, with raw methods and
json.RawMessagefor volatile subtrees - Rotating and health-checked API key providers for resilient
401/429handling - Addons for OpenID, web sessions, assets, markup, VDF, free-claim workflows, and A2S without bloating the core SDK
go get github.com/gofurry/steam-go@lateststeam-go currently requires Go 1.25+.
package main
import (
"context"
"fmt"
"time"
steam "github.com/gofurry/steam-go"
)
func main() {
client, err := steam.NewClient(
steam.WithAPIKey("your-key"),
steam.WithTimeout(10*time.Second),
steam.WithRetry(2),
)
if err != nil {
panic(err)
}
defer client.Close()
resp, err := client.API.SteamUser.GetPlayerSummaries(
context.Background(),
[]string{"76561198370695025"},
)
if err != nil {
panic(err)
}
for _, player := range resp.Response.Players {
fmt.Printf("%s: %s\n", player.SteamID, player.PersonaName)
}
}More official API examples: docs/cookbook/basic-api.md.
verifier, err := openid.NewVerifier(openid.Config{
Realm: "https://example.com/",
ReturnTo: "https://example.com/auth/steam/callback",
})
if err != nil {
panic(err)
}
loginURL, err := verifier.LoginURL("csrf-state")
if err != nil {
panic(err)
}
fmt.Println(loginURL)In a real app, store the state in a secure cookie or server-side session before redirecting the user. Cookbook: docs/cookbook/auth-openid.md.
client, err := steam.NewClient(steam.WithSafeDefaults())
if err != nil {
panic(err)
}
defer client.Close()
reviews, err := client.Web.Storefront.GetAppReviews(context.Background(), 440, &storefront.GetAppReviewsOptions{
Language: "english",
NumPerPage: 20,
})
if err != nil {
panic(err)
}
fmt.Println(reviews.QuerySummary.TotalReviews)client.Web.* is read-only and never injects Steam Web API key or access_token. Cookbook: docs/cookbook/web-readonly.md.
- Start with
WithSafeDefaults()for real external traffic, then tune timeout, retry, and rate limit per workload. - Use
WithProxySelector(...)orWithTrafficPolicy(...)when region, host, or session behavior needs different network paths. - Keep official API traffic and Storefront page-like traffic on separate traffic policies. In a 2026-06-07 Storefront appdetails experiment, repeated runs started returning
429around 220-230 requests and then403; a conservative Store budget such as1 request / 2 secondswithburst=1is a safer starting point. - Do not log raw URLs that may contain
key,access_token, cookies, or proxy credentials. Usesteam.RedactSensitiveURL(...). - Use
WithMaxResponseBodyBytes(...)when callers need a stricter response body cap. - Keep live smoke credentials and web cookies out of Git; examples use environment variables or hidden terminal prompts for sensitive values.
client.API.*is the official Steam Web API surface and the main stablev1contract.client.Web.*exposes stable Go method signatures, but the upstream Store / Community / Market payloads are unofficial and may drift.- Volatile nested payloads may remain
json.RawMessageinstead of being forced into brittle typed structs. - The core package does not include browser fallback, purchase, sell, trade, or bulk account automation.
| Addon | Use it for |
|---|---|
addons/openid |
Steam OpenID login verification |
addons/websession |
Manual Steam web-login session flow |
addons/freeclaim |
Read-only free promotion discovery plus explicit single-package claim |
addons/assets |
Store / Library asset URL construction, official asset discovery, verification, reading, and downloading |
addons/markup |
Steam BBCode / HTML conversion, sanitizing, and plain-text summaries |
addons/vdf |
Valve VDF / KeyValues text parsing via github.com/gofurry/vdf-go |
addons/a2s |
A2S server queries through github.com/gofurry/a2s-go |
Detailed addon notes: docs/addons/reference.md.