1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

How do Scammers Use API Keys?

Discussion in 'SteamRep General Discussion' started by KONS7ANCE, Nov 15, 2019.


    KONS7ANCE New User

    So I got scammed last year like this, and I was wondering how the scammers actually use the API key to decline trades. They didn't have access to my account as I didn't log in to any site, only the real bitskins and I have deauthorized all devices, so I was wondering how they still could use my API key to decline trades. Don't they need my mobile authenticator? What does the API key do?
  2. Archi

    Archi ArchiSteamFarm developer Notable Affiliate - Identity Verified

    API key on Steam allows people using it to make various service-related requests in your name, including declining your trade offers. The only difference between API key and full access to the account is the fact that API has limited scope and you can't do everything, but you most certainly can do enough to cause damage.

    If you suspect that other people have gained access to your API key, you should revoke it immediately as it doesn't automatically get revoked when you change your password or deauthorize all other devices. You should treat your API key the same as your account, since it allows people to do limited, but still authorized actions in your name.

    API is not used exclusively by scammers, in fact it has various legitimate usage, but just the same how a good app can fetch your pending trades and decline those that do not pass some sort of your trading rules automatically, scammers can do the same to decline legitimate trades from various third-party sites, e.g. to quickly send one of their own, hoping you'll accept it believing it's the one you wanted to.
    [M&C] TheBluekr and Lava like this.
  3. Ultimate PC Master

    Ultimate PC Master Banned on SteamRep

    most likely you have logged in to a site some time ago, I do suggest changing passwords. Works everytime
  4. schmed

    schmed r/globaloffensivetrade moderator Partner Community

    Hello @KONS7ANCE,

    Sorry to hear about your loss. I highly recommend reading this guide by @Shubbler for more information on the scam method and how to secure your account.