This service allows you to report cheating incidents and ban players from your game using the Game Bans system. It enables two similar workflows for detecting and managing cheating in your game:

• Gather community reports of cheating and issue bans/suspensions based upon this information.
  
• Immediately ban a player with a 2 step process of reporting the cheating and then issuing a ban.

To use this interface you must first opt in to anti-cheat support. When enabling anti-cheat support you may choose a 3rd party to grant access to the ICheatReportingService interface for your application. This can be done from the Anti-Cheat Configuration page in the App Admin panel.

NOTE: This is a Service interface, methods in this interface should be called with the input_json parameter.

For more info on how to use the Steamworks Web API please see the Web API Overview.

ReportPlayerCheating

Name	Type	Required	Description
key	string	✔	Steamworks Web API publisher authentication key.
steamid	uint64	✔	The Steam ID of the user who is being reported for cheating.
appid	uint32	✔	The App ID for the game.
steamidreporter	uint64		(Optional) The Steam ID of the user or game server who is reporting the cheating.
appdata	uint64		(Optional) App specific data about the type of cheating set by developer. (ex 1 = Aimbot, 2 = Wallhack, 3 = Griefing)
heuristic	bool		(Optional) Extra information about the source of the cheating - was it a heuristic.
detection	bool		(Optional) Extra information about the source of the cheating - was it a detection.
playerreport	bool		(Optional) Extra information about the source of the cheating - was it a player report.
noreportid	bool		(Optional) Don't return reportid. This should only be passed if you don't intend to issue a ban based on this report.
gamemode	uint32		(Optional) Extra information about state of game - was it a specific type of game play or game mode. (0 = generic)
suspicionstarttime	uint32		(Optional) Extra information indicating how far back the game thinks is interesting for this user. Unix epoch time (time since Jan 1st, 1970).
severity	uint32		(Optional) Level of severity of bad action being reported. Scale set by developer.

ReportPlayerCheating is designed to gather community reports of cheating, where one player reports another player within the game.

It is intended for unreliable data from peers in the game ( semi-trusted sources ). The back-end that reports the data should ensure that both parties are authenticated, but the data in itself is treated as hearsay. Optional parameters may be used to encode the type of cheating that is suspected or additional evidence ( an identifier pointing to the match/demo for further review )

NOTE: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients!

RequestPlayerGameBan

Name	Type	Required	Description
key	string	✔	Steamworks Web API publisher authentication key.
steamid	uint64	✔	Steam ID of the user who is reported as cheating.
appid	uint32	✔	The appid of the game.
reportid	uint64	✔	The reportid originally used to report cheating.
cheatdescription	string	✔	Text describing cheating infraction.
duration	uint32	✔	Ban duration requested in seconds. (duration 0 will issue infinite - less than a year is a suspension and not visible on profile)
delayban	bool	✔	Delay the ban according to default ban delay rules.
flags	uint32	✔	Additional information about the ban request. (Unused)

Requests a game ban on a specific player.

This is designed to be used after the incidents from ReportPlayerCheating have been reviewed and cheating has been confirmed.

NOTE: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients!

RemovePlayerGameBan

Name	Type	Required	Description
key	string	✔	Steamworks Web API publisher authentication key.
steamid	uint64	✔	The Steam ID of the user to remove the game ban on.
appid	uint32	✔	The App ID of the game.

Remove a game ban on a player.

This is used if a Game ban is determined to be a false positive.

NOTE: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients!

GetCheatingReports

Name	Type	Required	Description
key	string	✔	Steamworks Web API publisher authentication key.
appid	uint32	✔	The App ID for the game.
timeend	uint32	✔	The end of the time range. Formatted as Unix epoch time (time since Jan 1st, 1970).
timebegin	uint32	✔	The beginning of the time range. Formatted as Unix epoch time (time since Jan 1st, 1970).
reportidmin	uint64	✔	Minimum reportID to include. (can pass 0 - end of previous report range)
includereports	bool	✔	(Optional) Include reports. If false includebans must be true.
includebans	bool	✔	(Optional) Include ban requests? If false includereports must be true.
steamid	uint64	✔	(Optional) Query just for this Steam ID.

Get a list of cheating reports submitted for this app.

Used to gather the cheating reports so that they may be reviewed and a determination made.

NOTE: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients!

RequestVacStatusForUser

Name	Type	Required	Description
key	string	✔	Steamworks Web API publisher authentication key.
steamid	uint64	✔	The Steam ID of the user.
appid	uint32	✔	The App ID of the game the user is playing.
session_id	uint64		The Session ID that was obtained from the call to StartSecureMultiplayerSession.

Checks a user's VAC ban status and verifies a user's VAC session status. If verification fails, then do not let the user matchmake into a secure game.

This is used before a user enters matchmaking or joins a game. If the player is blocking VAC in some way and VAC can not scan the computer for cheats, it will report success = true and session_verified = false. Checking this webapi will allow you to prevent the user from matchmaking or joining a server and then just getting kicked by VAC a short time later ( with a k_EAuthSessionResponseVACCheckTimedOut result from an authentication callback ). The VAC system may not always have had time to fully determine if the client's system is cooperating, and if so it will report success = false. It is also possible for the player's system to pass the initial check but then fail to respond later, in that case verification will succeed, but a k_EAuthSessionResponseVACCheckTimedOut may follow later.


NOTE: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients!

Web API Sessions

StartSecureMultiplayerSession

Name	Type	Required	Description
key	string	✔	Steamworks Web API publisher authentication key.
steamid	uint64	✔	steamid of the user.
appid	uint32	✔	The App ID of the game.

Tell the VAC servers that a secure multiplayer session has started.

NOTE: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients!

EndSecureMultiplayerSession

Name	Type	Required	Description
key	string	✔	Steamworks Web API publisher authentication key.
steamid	uint64	✔	steamid of the user.
appid	uint32	✔	The App ID of the game.
session_id	uint64	✔	The Session ID that was obtained from the call to StartSecureMultiplayerSession.

Tell the VAC servers that a secure multiplayer session has ended.

NOTE: This call requires a publisher API key to use this method. As such this API MUST be called from a secure server, and can never be used directly by clients!

Response:
[
{
"name": "success",
"type": "bool",
"description": ""
}
]