Some Web API methods return publicly accessible data and do not require authorization when called. Other methods may require you to use a unique API key. There are also methods that return sensitive data or perform a protected action and require special access permissions. These APIs require a publisher key, which you will need to create before calling any of them. In cases where an API key is required, it can be provided either as a standard parameter or by setting the 'x-webapi-key' request header value.
The standard user keys are available to everyone, all that is required is a Steam account and the domain name that will be associated with this key.
You can create a user Web API key from the registration page on the Steam Community
To securely identify a publisher, and allow access to protected methods, a publisher may request a Web API key which can be passed to the appropriate methods using the key parameter. Each key is associated with a publisher group and can be used to access data for all of the App IDs that are also associated with that group. To receive a publisher Web API key, see Creating a Publisher Key below.
Publisher Web API keys provide access to sensitive user data and protected methods. These keys are intended to be used for Web API requests that originate from secure publisher servers. The keys must be stored securely, and must not be distributed with a game client. All Web API requests that contain Web API keys should be made over HTTPS.
Creating a Publisher Web API Key
To create a publisher Web API key, you will need to have administrator permissions within an existing Steamworks account. If you are not an administrator yourself, you can see a list of administrators for your partner account by visiting your Steamworks Home Page and viewing the list on the right-hand side. Any one of them can create your Publisher Web API Key or can promote you to admin if appropriate.
To create a Publisher Web API key:
- As a user with administrative rights in your Steamworks account, first visit your groups list by going to Users & Permissions, then Manage Groups.
- From the list of groups, select or create a group that contains the App IDs for which you wish to have access with the WebAPI key.
- Then click into that group to view the users and applications in that group.
- If you have administrative permissions, you should then see the option to "Create WebAPI Key" on the right-hand side. Or you should see the key listed if it has already been created.