Dr. McKay

Look at the code for steam-user.

steam-session performs the login over an unauthenticated CM connection, but the refresh request now requires the CM connection to be authenticated (you previously sent CMsgClientLogon). Once you're logged on you can send the Authentication.GenerateAccessTokenForApp#1 unified message.

I believe in both of those cases you would need to use getUserDetails.

It means you need to have an established connection to a CM (the same servers the Steam client logs into) in order to refresh the token. You can use steam-user to do this if you want. What do you mean by "log in using the refresh token"?

If you're trading CS2 items, you'll need to enable the useAccessToken option in the TradeOfferManager constructor.

It wouldn't hurt to clusterize things, but either way things should generally work fine without need for much hardware.

Just request the trade URL once and then cache it somewhere? It doesn't change after the first time you fetch it.

It depends on what you're doing and how you're doing it. If you're using node-steamcommunity for all those accounts, you're going to hit rate limits unless you're performing actions infrequently. And if you're logging in that many accounts from one IP, that'll rate limit you as well.

Why would you need to hit the /tradeoffers/privacy endpoint ever?

https://steamapi.xpaw.me/#IEconService/GetTradeHoldDurations

Seems like a backend change that access token refreshes for SteamClient tokens are authenticated now. I've updated the docs to reflect it: https://github.com/DoctorMcKay/node-steam-session?tab=readme-ov-file#refreshaccesstoken

You've got some problem with your proxy being unable to connect to Steam, it seems.

The string you pass to httpProxy needs to start with http:// createConnection is not a valid option for the SteamUser constructor. To use a SOCKS proxy, you should use the socksProxy option.

It may not be enabled on that phone, but it's enabled somewhere.

Dunno, you're doing something wrong then.

I'd guess your refresh token is probably expired or now invalid.

You clearly already have MFA enabled if it's asking for an MFA code.

What type of refresh token do you have?

Can't be done. You can get a web logon nonce from https://steamcommunity.com/chat/clientjstoken but that's not the same thing as a refresh token for the client; you have to send that as web_logon_nonce in the CMsgClientLogOn message.

You would need to download and parse items_game.txt, look up the sticker by its sticker_id, then fetch your appropriate language file to translate the localization key into an actual name.

It's a Date object. You can use its UTC methods to manipulate the object in UTC/GMT.

Market confirmations have existed for a very long time. You can use node-steamcommunity to accept them.

What are "inventory sales"?

It's fine in this case, don't worry about it.

Those xml endpoints are pretty unreliable and anything that uses them should probably be considered deprecated. Using the WebAPI for anything that it covers is going to be your best bet.