Dr. McKay

I dunno, but this wouldn't be the first time that Valve sends CEconItem "items" that aren't actually items in your inventory. Maybe either flag 8 or 16 indicates that it's not actually an inventory item.

This isn't possible. You'd need to implement VAC flawlessly and nobody has ever been insane enough to try.

No, you can't send trades using an API key. You'd need to ask for the user's username and password. If the app is running fully locally, this isn't really a big trust issue in my opinion. Using node-steam-session you could also offer QR logins using the mobile app.

This is a JavaScript quirk. You need to do var buyer_add = offer.addTheirItem.bind(offer)

Memory usage is normal when you're specifying a language to the TradeOfferManager constructor, which retrieves item descriptions automatically. If you have very limited memory and are processing a lot of trades, then you want to omit your language to opt out of receiving item descriptions.

Available tags are the same ones as in the inventory json output.

steam-tradeoffer-manager already uses the most stable endpoint, and has for years.

None of my libraries are what you're looking for. You just need an OpenID validator. This seems like it might work for you: https://github.com/LeeviHalme/node-steam-openid (I just found this on google, this isn't an endorsement) It's worth mentioning and emphasizing that OpenID and OAuth are not the same thing. You cannot get a bearer token or any other sort of "user token" from Steam. The only thing OpenID allows you to do is get a user's SteamID, and be sure that the SteamID actually belongs to the user. From there, you need to use Steam's public WebAPIs to retrieve data for that SteamID. It won't work if their profile is private, and there's no way around this. There's no mechanism to prompt a user to share private data with you.

You're going to rapidly get Valve mad at you if you continually make 58 requests per second. You need to check the version that's being installed in package.json.

Why are you making an API request every 17 milliseconds? I don't see why you'd be getting an error that editProfile isn't a function unless you're using a really ancient version of steamcommunity, like 3.1.1 or earlier.

Show your full code please.

407 means that your proxy credentials are wrong. https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/407

If your IP was login rate limited, you'd get an error event with the EResult RateLimitExceeded. Is the error event being emitted?

If you're only finding tradable items, I don't think there should be any case where you'd need to look for other string other than "( Not Usable in Crafting )"

Steam.php L31: You don't need to use an API key for this route. Also, requesting a count of items other than 75 or 2000 will run you into strict IP rate limits. L73: You need to match instanceid in addition to classid. Same on L95. L116: You need to check the item's description (the descriptions array) to see if the item is craftable. If it's not, it should contain a description with content matching something like "( Not Usable in Crafting )". Example item Otherwise, seems like it looks fine.

Show your code.

I haven't tested what happens if you try to use getWebCookies on a SteamClient login session. If you're authenticating with steam-user, you should use the cookies from the webSession event instead.

Where are you getting cookies from?

You need to use EAuthTokenPlatformType.SteamClient.

steam-session should be able to handle all your auth needs for you. It's mostly complete at this point.

As far as I'm aware, if a trade is rolled back after it's successfully committed, the trade offer stays in the "accepted" state. Really the only way to know a rollback happened is to either check your trade history or check your inventory and notice that items are gone/replaced.

No, the API method called by getExchangeDetails is the only place to get the trade status.

Every time you login with your password to an account that has mobile 2FA enabled, you'll need to supply a code. It doesn't matter how long you wait.

https://github.com/DoctorMcKay/node-steam-tradeoffer-manager/wiki/TradeOfferManager#pollinterval

Figure it out, I'm not going to do your job for you. If you're using node-steamcommunity, the requests it's sending are well-formed. If you aren't, then I can't really help you.