Dr. McKay

Yeah, this is right. gamesPlayed([]) before logOff works best, I'd forgotten about that step.

IEconItems_440/GetPlayerItems will tell you how many backpack slots a player has.

It sounds like you're logging in anonymously, which means that you aren't actually passing your refresh token to the logOn method, it's getting null or undefined instead.

This is a known thing and it's on Valve's side, not the module's side. When you kill your Steam session then reconnect quickly after and launch CS:GO, sometimes the CS:GO GC doesn't fully realize that you actually disconnected so it doesn't realize that you reconnected, and it doesn't send you all the at-launch data. The best way I've found to prevent this from happening is to make sure that you gracefully log off of Steam every time your bot shuts down using the logOff() method.

No official one, no. Some of them have been reverse-engineered, but not all. Flag 8 in TF2 is NotEcon, which indicates that the item isn't actually an economy item. In TF2, I've seen it used for contracts (which are sent in your inventory because why do it a better way?). It likely has the same meaning in CS:GO.

loginKeys are irrelevant if you're using a refresh token. If you have a refresh token, always use it. A refresh token is valid for 200 days, and once it expires you'll need to login again.

I dunno, but this wouldn't be the first time that Valve sends CEconItem "items" that aren't actually items in your inventory. Maybe either flag 8 or 16 indicates that it's not actually an inventory item.

This isn't possible. You'd need to implement VAC flawlessly and nobody has ever been insane enough to try.

No, you can't send trades using an API key. You'd need to ask for the user's username and password. If the app is running fully locally, this isn't really a big trust issue in my opinion. Using node-steam-session you could also offer QR logins using the mobile app.

This is a JavaScript quirk. You need to do var buyer_add = offer.addTheirItem.bind(offer)

Memory usage is normal when you're specifying a language to the TradeOfferManager constructor, which retrieves item descriptions automatically. If you have very limited memory and are processing a lot of trades, then you want to omit your language to opt out of receiving item descriptions.

Available tags are the same ones as in the inventory json output.

steam-tradeoffer-manager already uses the most stable endpoint, and has for years.

None of my libraries are what you're looking for. You just need an OpenID validator. This seems like it might work for you: https://github.com/LeeviHalme/node-steam-openid (I just found this on google, this isn't an endorsement) It's worth mentioning and emphasizing that OpenID and OAuth are not the same thing. You cannot get a bearer token or any other sort of "user token" from Steam. The only thing OpenID allows you to do is get a user's SteamID, and be sure that the SteamID actually belongs to the user. From there, you need to use Steam's public WebAPIs to retrieve data for that SteamID. It won't work if their profile is private, and there's no way around this. There's no mechanism to prompt a user to share private data with you.

You're going to rapidly get Valve mad at you if you continually make 58 requests per second. You need to check the version that's being installed in package.json.

Why are you making an API request every 17 milliseconds? I don't see why you'd be getting an error that editProfile isn't a function unless you're using a really ancient version of steamcommunity, like 3.1.1 or earlier.

Show your full code please.

407 means that your proxy credentials are wrong. https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/407

If your IP was login rate limited, you'd get an error event with the EResult RateLimitExceeded. Is the error event being emitted?

If you're only finding tradable items, I don't think there should be any case where you'd need to look for other string other than "( Not Usable in Crafting )"

Steam.php L31: You don't need to use an API key for this route. Also, requesting a count of items other than 75 or 2000 will run you into strict IP rate limits. L73: You need to match instanceid in addition to classid. Same on L95. L116: You need to check the item's description (the descriptions array) to see if the item is craftable. If it's not, it should contain a description with content matching something like "( Not Usable in Crafting )". Example item Otherwise, seems like it looks fine.

Show your code.

I haven't tested what happens if you try to use getWebCookies on a SteamClient login session. If you're authenticating with steam-user, you should use the cookies from the webSession event instead.

Where are you getting cookies from?

You need to use EAuthTokenPlatformType.SteamClient.