Dr. McKay

That code looks right. You're probably being rate-limited by the GC. Valve is big on making it only possible to get data one way, then rate-limiting that one way to hell. What happens if you delay 10 seconds between items?

I can't reproduce this: const SteamUser = require('./index.js'); const SteamTotp = require('steam-totp'); const TradeOfferManager = require('steam-tradeoffer-manager'); const SHARED_SECRET = "redacted"; let user = new SteamUser(); let manager = new TradeOfferManager({ "domain": "doctormckay.com", "steam": user }); user.logOn({ "accountName": "redacted", "password": "redacted", "twoFactorCode": SteamTotp.generateAuthCode(SHARED_SECRET) }); user.on('loggedOn', () => { console.log("Logged on"); }); user.on('webSession', (sessionID, cookies) => { console.log("Web session id " + sessionID); console.log(cookies); manager.setCookies(cookies, (err) => { console.log(err); console.log(manager.apiKey); }); }); I don't think you ever needed it to send trades as long as steamLoginSecure has existed... if you're on a secure connection it ignored steamLogin. You don't need to run your website over HTTPS (although you really should); all connections to Steam have to be done over HTTPS (which my modules have done as long as they could).

steamLogin probably went away because Steam can only be accessed over HTTPS now. browserid is unnecessary.

How are you calling the function?

Seems like you're doing it right. Valve probably disabled it.

Not at the moment. If it doesn't work for you, assuming you're trying to use it correctly, then it's probably disabled. If you paste your code I can tell you if I see any glaring issues with your implementation.

It wouldn't surprise me if they've disabled that.

The answer to both your questions is "who knows, it's Valve".

When you're using a loginKey, you shouldn't send a password. That might have something to do with it.

Use a ?count=x parameter to specify how many items you want it to return. I think the limit might be 2000. If you still get more_items: 1 in the response then you need to make another request with a parameter in the URL start_assetid=.

I'm not going to help you bypass Steam bans.

Not presently, if it's actually been disabled.

It's likely that Valve disabled the message used to change your email via the CM since it goes through the help site now.

Use shared_secret, not secret_1.

bot.steamID

Determining from node-tf2 if an item is tradable is a task. There are like 4 different ways something can be untradable. There could be a flag, there could be one of several attributes, there could be a specific origin (achievement item). You're probably better off just getting your inventory from Community.

Get your inventory contents.

That's generally true, but you'll probably come across some item someday with a different classid and it will break all your stuff.

Classids can change whenever they want.

If Steam doesn't report and licenses for the app, I see no reason why it would appear to be owned.

Can you please log into that account in the Steam client, open the Steam console (Win+R -> steam://nav/console), and type this: licenses_for_app 578080 Then paste the output here.

Not via any of my modules, you'd have to do it yourself.

Your best bet is to just write a bot in Node.js and call to it from PHP.

No new features really (yet), just added support for using the new-chat protocol for player-to-player chats. Hopefully I'll be able to get v4 finished up and pushed out this week, at which point I can start adding features.

Update steam-user to 3.28.2 please.