This is the data structure of the steam mobile app's protocl
This could be useful for implementing the protcol in another messaging program.
Inside the proxy folder there are commands to record the traffic from the phone.
There seems to be three (maybe more) main groups of functions.
ISteamOAuth2
: Main authentication functionsISteamWebAPIUtil
: Useless stuff but might be useful for testingISteamUserOAuth
: Querying for friends list- ISteamWebUserPresenceOAuth: Used for chatting
Each method is either a get or post method which are used as in http (i.e. get methods just return data and wont update anything)
The path is
https://api.steampowered.com/<main group>/<method>/<version string (always v0001)>
Data is passed for get as a standard query string and for post it is the same (the actual client adds a ? on the front of the post data despite this actually not being required)
All methods return json
- steamid: this is the users account can be retrieved with
ISteamOAuth2/GetTokenWithCredentials
- access_token: authentication token retrieved with
ISteamOAuth2/GetTokenWithCredentials
- umqid: as far as I can tell this is just a random number to
differenciate between clients just pass to
ISteamWebUserPresenceoAuth/Logon
- message: used for polling the server for new messages
- messages: list of messages
type
- "saytext" or "typing". saytext sends a message while typing is just for an indication they are typing (probably more)timestamp
steamid_from
- who sent itsecure_message_id
- as the PollStatus can be accessed over http when a message comes in the client will then fetch the message over https from Polltext
- actual text
To login gets access_token
client_id
- useDE45CD61
grant_type
- use passwordusername
- the usernamepassword
- the passwordx_emailauthcode
- if the user is using two factor authentication you will have to try once without this and then again with this after they receive a code in an emailscope
- use 'read_profile write_profile read_client write_client'
access_token
x_webcookie
- presumably used to access steam webpages without logging in againx_steamid
Gives you the time
none
servertime
servertimestring
Gets your friend list
access_token
steamid
friends
- a list of:steamid
relationship
- "friend"?friend_since
GET
/ISteamUserOAuth/GetFriendList/v0001?access_token=c1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&steamid=XXXXXXXXXXXXXXX79
HTTP/1.1
User-Agent: Steam App / Android / 1.0 / 1297579
Host: api.steampowered.com:443
Connection: Keep-Alive
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 1642
{
"friends": [
{
"steamid": "XXXXXXXXXXXXXXX77",
"relationship": "friend",
"friend_since": 0
},
{
"steamid": "XXXXXXXXXXXXXXX52",
"relationship": "friend",
"friend_since": XXXXXXXX73
}
]
}
Gets extra information on users
access_token
steamids
- comma seperated list of the ids to look up
players
- list ofsteamid
communityvisibilitystate
- always 3?profilestate
- always 1?personaname
- seems to be the name setprofileurl
avatar
avatarmedium
avatarfull
personastate
primaryclanid
timecreated
- some extra attributes sometimes...
GET
/ISteamUserOAuth/GetUserSummaries/v0001?access_token=c1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&steamids=XXXXXXXXXXXXXXX79,XXXXXXXXXXXXXXX55
HTTP/1.1
User-Agent: Steam App / Android / 1.0 / 1297579
Host: api.steampowered.com:443
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 13433
{
"players": [
{
"steamid": "XXXXXXXXXXXXXXX79",
"communityvisibilitystate": 3,
"profilestate": 1,
"personaname": "XXXXXX",
"lastlogoff": XXXXXXXX60,
"profileurl":
"http:\/\/steamcommunity.com\/profiles\/XXXXXXXXXXXXXXX79\/",
"avatar":
"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb.jpg",
"avatarmedium":
"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb_medium.jpg",
"avatarfull":
"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb_full.jpg",
"personastate": 1,
"primaryclanid": "XXXXXXXXXXXXXXXX69",
"timecreated": XXXXXXXX79
},
{
"steamid": "XXXXXXXXXXXXXXX55",
"communityvisibilitystate": 3,
"profilestate": 1,
"personaname": "XXXXXX",
"lastlogoff": XXXXXXXX48,
"profileurl":
"http:\/\/steamcommunity.com\/id\/XXXXXX\/",
"avatar":
"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe.jpg",
"avatarmedium":
"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe_medium.jpg",
"avatarfull":
"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe_full.jpg",
"personastate": 0,
"realname": "XXXXXX",
"primaryclanid": "XXXXXXXXXXXXXXXX87",
"timecreated": XXXXXXXX33,
"loccountrycode": "US",
"locstatecode": "CA",
"loccityid": XXX
}
]
}
Connects to chat
access_token
umqid
- just make up a number for this
steamid
umqid
timestamp
message
- last message use for pollingpush
- ??
To check for new messages (can be used over http and when a message comes in it can be fetched over https)
steamid
umqid
message
- id of last message recieved used to check for newer mesages
-
pollid
- always 0? -
messages
- a list of new messages (only if new messages) -
messagelast
- last message id used to poll for new messages (only if new mesages) -
messagebase
- message id you sent (only if new messages) -
timestamp
- (only if new messages) -
sectimeout
- 20 if no new messages less otherwise -
error
- "OK" for new messages otherwise "Timeout"
POST /ISteamWebUserPresenceOAuth/PollStatus/v0001 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Steam App / Android / 1.0 / 1297579
Content-Length: 64
Host: api.steampowered.com:80
Connection: Keep-Alive
?steamid=XXXXXXXXXXXXXXX79&umqid=XXXXXXXXXXXXXXXXX27&message=334
HTTP/1.1 200 OK
{
"pollid": 0,
"messages": [
{
"type": "typing",
"timestamp": XXXXXXX38,
"steamid_from": "XXXXXXXXXXXXXXX70",
"text": ""
}
]
,
"messagelast": 335,
"timestamp": XXXXXXX38,
"messagebase": 334,
"sectimeout": 11,
"error": "OK"
}
Recieves messages
Same as previous just with access_token and over https
Sends a message
-
access_token
-
umqid
-
type
- see message format -
text
- (optional) see message format -
steamid_dst