Dr. McKay

Cookies go in the Cookie header. Check that MDN link I posted.

No to both of those. I try to respect some of the more important abuse-prone things to avoid drawing Valve's wrath.

Valve made a change on the server side.

Cookies go in headers, not in the request body. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie

This is likely the same issue as this thread: node-csgo-cdn likely needs to specify the branch name (public).

Yes, a classid should change if a name does, although you won't necessarily get a different classid if an item has a different name but is otherwise the same item, e.g. name tags.

Valve removed the API call to cancel and decline offers. This is fixed in 2.10.5.

No, you can't run the same account under multiple processes without bad things like that happening. You can use steamstore to get your wallet balance: https://github.com/DoctorMcKay/node-steamstore#getwalletbalancecallback

That sounds like your cookies are invalid or expired.

That's pretty much expected. It's not 100% clear what causes Steam to invalidate cookies, but initing a session is known to invalidate old ones.

The post parameters go in the post body, yes. Referer should be the only extra header you need.

You're sending all the post parameters as cookies.

You would need to download the picture from your link and use that.

You have to load inventories separately, but you can mix and match items added to a trade from different games.

You could manually construct an object, like this: let assetIds = [1, 2, 3, 4, 5]; offer.addTheirItems(assetIds.map(id => ({appid: 730, contextid: 2, assetid: id}))); Steam needs to know which game you want to access items for, so the appid and contextid are required.

addTheirItem does not take a number argument. Re-read the docs.

As far as I know, not all content servers require auth tokens anymore and maybe the backend is no longer returning empty auth tokens for servers that don't require one. Or maybe they've fully moved all content servers away from requiring auth tokens. I'll have to do a little research to see which is the case. In the meantime, you could try editing cdn.js and replacing line 230: // Replace this: let {token} = await this.getCDNAuthToken(appID, depotID, vhost); // With this let token = ''; try { token = (await this.getCDNAuthToken(appID, depotID, vhost)).token; } catch (ex) { }

If you print the stack trace from the error, we can see exactly which request failed. There's a few involved in fetching a manifest.

This might have to do with manifest request codes. Try supplying the branch name to getManifest, like so: let result = await client.getManifest(730, 731, latestManifestId, 'public');

addFriend returns a normal eresult. You can see all eresult values at https://steamerrors.com As for which specific codes it's possible to receive, that's not really known.

Because scraping the website to send and receive trade offers is dumb.

You need to spend $5 to access the API, which is necessary for steam-tradeoffer-manager.

I'm assuming you're running multiple instances, so here's a way to keep track of them: let accounts = {}; function loginAccount(accountName, password, twoFactorCode) { if (accounts[accountName]) { throw new Error(`Account ${accountName} is already created`); } let user = new SteamUser(); accounts[accountName] = user; user.logOn({ accountName, password, twoFactorCode }); } function logoutAccount(accountName) { if (!accounts[accountName]) { throw new Error(`No SteamUser for ${accountName}`); } accounts[accountName].logOff(); accounts[accountName] = null; }

You can supply a Steam Guard code to logOn by passing it as twoFactorCode. If you listen for the steamGuard event, the "Steam Guard App Code" prompt is suppressed. You could create your own prompt if you wanted. Probably something like this: user.logOn({ accountName: 'example', password: 'example', twoFactorCode: require('fs').readFileSync('appcode.txt').toString('utf8').trim() }); Just call logOff on the appropriate SteamUser instance.

I dunno, could be just Steam being Steam.