CSGORoll now offers faster P2P transactions, even when player inventories are under heavy load. To make this work, we ask you to link your Steam WebAPI Token. We use it to track your trading history through our API so we can update trade status quickly and accurately.
The WebAPI Token is often talked about as “sensitive.” We understand the concerns. It is safe to share your token with CSGORoll, and the answers below explain how it is used and protected.
Key points about WebAPI Tokens
CSGORoll staff will never DM you for your WebAPI Token. If anyone messages you asking for it, ignore them and report it to us.
You might have read claims that a token lets someone control your Steam account. That is not true. We explain the limits of a token below.
Do not revoke your WebAPI Token during an active P2P trade on CSGORoll. Doing so will forfeit the trade. Only revoke it after trades are completed, unless you suspect something suspicious.
Why does CSGORoll ask for your token?
We use your token only to track P2P trades. It lets us check the status of a trade and update progress on our side so your transaction runs smoothly and counter trade reversals. You will only be asked for a token when you choose to use the P2P system.
Why you can trust us with it
Our business depends on trust and transparency. We follow strict secure coding standards, store your token encrypted in our database, and undergo regular security reviews to fix any issues quickly.
How to generate your token
Option 1 – Use the Chrome Extension (fastest)
Install the CSGORoll Chrome Extension
Head over to your Steam Profile while being logged in
Click the Chrome Extension and copy your Token using the clipboard icon
Go to your CSGORoll CS2 inventory page and paste your key into the WebAPI Token field here:
Option 2 – Link it manually
Follow our step-by-step guide here: Steam P2P Solution Guide
Copy your WebAPI Token
Go to your CSGORoll CS2 inventory page and paste your key into the WebAPI Token field here:
What if someone gets my token
Much of what you read online about tokens is inaccurate. A WebAPI Token has limited capabilities. It does not let someone:
Change your password or email
Disable 2FA
View payment information
Send or accept Steam trade offers on your behalf
Those actions require full account access, not an API token.
The real scams to watch for
API scams all though rare nowadays, still do exist. If a scammer does obtain your Api Key, they can monitor your trade activity. Some will cancel a legitimate trade, then impersonate the recipient to trick you into sending the item to them instead.
To reduce risk:
Verify the other user’s level and registration before and when confirming a trade.
On CSGORoll P2P, the seller sends the Steam trade offer. If you sold an item and a buyer sends you an offer, cancel it and report it to us.
How to prevent token scams
Avoid suspicious browser extensions. Do not install extensions that are not well known, not from trusted developers, or that request permission to read or change data on CSGORoll.
Remember that we only ask for your token inside our P2P form. If anyone asks for it elsewhere, report it.
If you try to generate a token and find one already set, and you do not remember creating it, revoke the token immediately, reset your password, and review your browser extensions.
Questions
If you want to talk to someone about WebAPI Tokens or anything in this guide, contact us at support@csgoroll.com or reach out to us over live chat!