Dr. McKay

The post parameters go in the post body, yes. Referer should be the only extra header you need.

You're sending all the post parameters as cookies.

You would need to download the picture from your link and use that.

You have to load inventories separately, but you can mix and match items added to a trade from different games.

You could manually construct an object, like this: let assetIds = [1, 2, 3, 4, 5]; offer.addTheirItems(assetIds.map(id => ({appid: 730, contextid: 2, assetid: id}))); Steam needs to know which game you want to access items for, so the appid and contextid are required.

addTheirItem does not take a number argument. Re-read the docs.

As far as I know, not all content servers require auth tokens anymore and maybe the backend is no longer returning empty auth tokens for servers that don't require one. Or maybe they've fully moved all content servers away from requiring auth tokens. I'll have to do a little research to see which is the case. In the meantime, you could try editing cdn.js and replacing line 230: // Replace this: let {token} = await this.getCDNAuthToken(appID, depotID, vhost); // With this let token = ''; try { token = (await this.getCDNAuthToken(appID, depotID, vhost)).token; } catch (ex) { }

If you print the stack trace from the error, we can see exactly which request failed. There's a few involved in fetching a manifest.

This might have to do with manifest request codes. Try supplying the branch name to getManifest, like so: let result = await client.getManifest(730, 731, latestManifestId, 'public');

addFriend returns a normal eresult. You can see all eresult values at https://steamerrors.com As for which specific codes it's possible to receive, that's not really known.

Because scraping the website to send and receive trade offers is dumb.

You need to spend $5 to access the API, which is necessary for steam-tradeoffer-manager.

I'm assuming you're running multiple instances, so here's a way to keep track of them: let accounts = {}; function loginAccount(accountName, password, twoFactorCode) { if (accounts[accountName]) { throw new Error(`Account ${accountName} is already created`); } let user = new SteamUser(); accounts[accountName] = user; user.logOn({ accountName, password, twoFactorCode }); } function logoutAccount(accountName) { if (!accounts[accountName]) { throw new Error(`No SteamUser for ${accountName}`); } accounts[accountName].logOff(); accounts[accountName] = null; }

You can supply a Steam Guard code to logOn by passing it as twoFactorCode. If you listen for the steamGuard event, the "Steam Guard App Code" prompt is suppressed. You could create your own prompt if you wanted. Probably something like this: user.logOn({ accountName: 'example', password: 'example', twoFactorCode: require('fs').readFileSync('appcode.txt').toString('utf8').trim() }); Just call logOff on the appropriate SteamUser instance.

I dunno, could be just Steam being Steam.

I don't understand the question.

Steam sucks. You should either wait a little while before crediting/deducting user balances, or ignore offers that go into state 3 twice.

That's just par for the course when it comes to Steam, unfortunately.

https://github.com/DoctorMcKay/node-steamcommunity/wiki/SteamCommunity#disabletwofactorrevocationcode-callback

Not as far as I'm aware. The Steam Mobile app uses the R code to disable mobile authentication.

The first argument to updatePrice is which currency you want to get prices in. It seems that the docs are wrong on this, so I've updated them.

I'm not aware of any way to share cookies between multiple IPs.

No, steam-user doesn't run in browsers and it's not possible to make it run in a browser.

The only way to avoid rate limits is to make requests from multiple IP addresses.

Correct.