Steam mobile app protocol ========================= This is the data structure of the steam mobile app's protocl This could be useful for implementing the protcol in another messaging program. Inside the proxy folder there are commands to record the traffic from the phone. Structure --------- There seems to be three (maybe more) main groups of functions. - `ISteamOAuth2`: Main authentication functions - `ISteamWebAPIUtil`: Useless stuff but might be useful for testing - `ISteamUserOAuth`: Querying for friends list - ISteamWebUserPresenceOAuth: Used for chatting Structure of calls ------------------ Each method is either a get or post method which are used as in http (i.e. get methods just return data and wont update anything) The path is `https://api.steampowered.com/
//` Data is passed for get as a standard query string and for post it is the same (the actual client adds a ? on the front of the post data despite this actually not being required) All methods return json ### Common fields ### - steamid: this is the users account can be retrieved with `ISteamOAuth2/GetTokenWithCredentials` - access_token: authentication token retrieved with `ISteamOAuth2/GetTokenWithCredentials` - umqid: as far as I can tell this is just a random number to differenciate between clients just pass to `ISteamWebUserPresenceoAuth/Logon` - message: used for polling the server for new messages - messages: list of messages ### Message format ### - `type` - "saytext" or "typing". saytext sends a message while typing is just for an indication they are typing (probably more) - `timestamp` - `steamid_from` - who sent it - `secure_message_id` - as the PollStatus can be accessed over http when a message comes in the client will then fetch the message over https from Poll - `text` - actual text Calls ===== ISteamOAuth2 ------------ ### `GET /ISteamOAuth2/GetTokenWithCredentials` ### To login gets access_token #### Parameters #### - `client_id` - use `DE45CD61` - `grant_type` - use password - `username` - the username - `password` - the password - `x_emailauthcode` - if the user is using two factor authentication you will have to try once without this and then again with this after they receive a code in an email - `scope` - use 'read_profile write_profile read_client write_client' #### Returns #### - `access_token` - `x_webcookie` - presumably used to access steam webpages without logging in again - `x_steamid` ISteamWebAPIUtil ---------------- ### `GET /ISteamWebAPIUtil/GetServerInfo/v0001` ### Gives you the time #### Parameters #### none #### Returns #### - `servertime` - `servertimestring` ISteamUserOAuth --------------- ### `GET /ISteamUserOAuth/GetFriendList/v0001` ### Gets your friend list #### Parameters #### - `access_token` - `steamid` #### Returns #### - `friends` - a list of: - `steamid` - `relationship` - "friend"? - `friend_since` #### Example ##### GET /ISteamUserOAuth/GetFriendList/v0001?access_token=c1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&steamid=XXXXXXXXXXXXXXX79 HTTP/1.1 User-Agent: Steam App / Android / 1.0 / 1297579 Host: api.steampowered.com:443 Connection: Keep-Alive HTTP/1.1 200 OK content-type: application/json; charset=UTF-8 content-length: 1642 { "friends": [ { "steamid": "XXXXXXXXXXXXXXX77", "relationship": "friend", "friend_since": 0 }, { "steamid": "XXXXXXXXXXXXXXX52", "relationship": "friend", "friend_since": XXXXXXXX73 } ] } ### `GET /ISteamUserOAuth/GetGroupList/v0001` ### ### `GET /ISteamUserOAuth/GetUserSummaries/v0001` ### Gets extra information on users #### Parameters #### - `access_token` - `steamids` - comma seperated list of the ids to look up #### Returns #### - `players` - list of - `steamid` - `communityvisibilitystate` - always 3? - `profilestate` - always 1? - `personaname` - seems to be the name set - `profileurl` - `avatar` - `avatarmedium` - `avatarfull` - `personastate` - `primaryclanid` - `timecreated` - some extra attributes sometimes... #### Example #### GET /ISteamUserOAuth/GetUserSummaries/v0001?access_token=c1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&steamids=XXXXXXXXXXXXXXX79,XXXXXXXXXXXXXXX55 HTTP/1.1 User-Agent: Steam App / Android / 1.0 / 1297579 Host: api.steampowered.com:443 Connection: Keep-Alive HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 Content-Length: 13433 { "players": [ { "steamid": "XXXXXXXXXXXXXXX79", "communityvisibilitystate": 3, "profilestate": 1, "personaname": "XXXXXX", "lastlogoff": XXXXXXXX60, "profileurl": "http:\/\/steamcommunity.com\/profiles\/XXXXXXXXXXXXXXX79\/", "avatar": "http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb.jpg", "avatarmedium": "http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb_medium.jpg", "avatarfull": "http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb_full.jpg", "personastate": 1, "primaryclanid": "XXXXXXXXXXXXXXXX69", "timecreated": XXXXXXXX79 }, { "steamid": "XXXXXXXXXXXXXXX55", "communityvisibilitystate": 3, "profilestate": 1, "personaname": "XXXXXX", "lastlogoff": XXXXXXXX48, "profileurl": "http:\/\/steamcommunity.com\/id\/XXXXXX\/", "avatar": "http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe.jpg", "avatarmedium": "http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe_medium.jpg", "avatarfull": "http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe_full.jpg", "personastate": 0, "realname": "XXXXXX", "primaryclanid": "XXXXXXXXXXXXXXXX87", "timecreated": XXXXXXXX33, "loccountrycode": "US", "locstatecode": "CA", "loccityid": XXX } ] } ISteamWebUserPresenceOAuth -------------------------- ### `POST /ISteamWebUserPresenceOAuth/Logon/v0001` ### Connects to chat #### Parameters #### - `access_token` - `umqid` - just make up a number for this #### Returns #### - `steamid` - `umqid` - `timestamp` - `message` - last message use for polling - `push` - ?? ### `POST /ISteamWebUserPresenceOAuth/PollStatus/v0001` ### To check for new messages (can be used over http and when a message comes in it can be fetched over https) #### Parameters #### - `steamid` - `umqid` - `message` - id of last message recieved used to check for newer mesages #### Returns #### - `pollid` - always 0? - `messages` - a list of new messages (only if new messages) - `messagelast` - last message id used to poll for new messages (only if new mesages) - `messagebase` - message id you sent (only if new messages) - `timestamp` - (only if new messages) - `sectimeout` - 20 if no new messages less otherwise - `error` - "OK" for new messages otherwise "Timeout" #### Example #### POST /ISteamWebUserPresenceOAuth/PollStatus/v0001 HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Steam App / Android / 1.0 / 1297579 Content-Length: 64 Host: api.steampowered.com:80 Connection: Keep-Alive ?steamid=XXXXXXXXXXXXXXX79&umqid=XXXXXXXXXXXXXXXXX27&message=334 HTTP/1.1 200 OK { "pollid": 0, "messages": [ { "type": "typing", "timestamp": XXXXXXX38, "steamid_from": "XXXXXXXXXXXXXXX70", "text": "" } ] , "messagelast": 335, "timestamp": XXXXXXX38, "messagebase": 334, "sectimeout": 11, "error": "OK" } ### `POST /ISteamWebUserPresenceOAuth/Poll/v0001` ### Recieves messages Same as previous just with access_token and over https ### `POST /ISteamWebUserPresenceOAuth/Message/v0001` ### Sends a message #### Parameters #### - `access_token` - `umqid` - `type` - see message format - `text` - (optional) see message format - `steamid_dst` - https://github.com/canoon/steam_mobile_protocol/blob/master/README.md - cameron@shptech.com