Log in a user with a valid Steam session ticket.
POST /api/v1/auth/steam/ticket-login HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"ticket": "123...890"
}
----------------------------------------
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 2854
ETag: W/"b26-E2sveLW1Sz4x2l/Va2odtklRGLs"
{
"newAccount": false,
"idToken": "eyJra...q0w",
"accessToken": "eyJhb...Qjg",
"refreshToken": "eyJhb...MgQ"
}API authentication is not required, because this is the method you use to get it.
NONE
NONE
| Name | Description | Value |
|---|---|---|
| ticket | the Steam session ticket | string |
There are two possible successful responses: 1) if the Steam identity corresponds to an active user account, and 2) if such an account needs to be created. Both are code 200. In both cases, appropriate JWTs are returned in the response body; the shape of the response is the same between cases.
Besides the standard error responses, 400 is returned if the assertion does not contain sufficient information, and 403 if the assertion cannot be verified with the Steam servers.
| Name | Description | Value |
|---|---|---|
| newAccount | true if this is a new account | boolean |
| mayVerify | true if this is a new account, but the user may skip to the email verification step optional | boolean |
| accessToken | the access JWT; if this is a new account, this is the sign-up token | string |
| idToken | the id JWT; not sent for new accounts optional | string |
| refreshToken | the refresh JWT; not sent for new accounts optional | string |