Skip to main content
All CollectionsTrading
Steam API key
Steam API key
Nootiih avatar
Written by Nootiih
Updated over a week ago

The API Key System

We now offer a feature on CSGORoll that allows for faster transactions - i.e. deposits and withdrawals - for our users, even when player inventories are at a critical status. To enjoy this feature to its fullest, we require your API Key, which we then use to track your trading history using our API tool.

The API Key is commonly seen as sensitive information, and we can understand that you may have read some myths and misconceptions online that might stop you from giving it to us. However, you can rest assured that it’s absolutely safe to give CSGORoll your API Key - and to put your mind at ease, you can read some commonly asked questions below to learn more about API Keys and how your information is kept secure.

What are the main things to know about API Keys?

First and foremost, CSGORoll staff members will never ask you for your API Key! If anyone at all messages you asking for it, ignore them and report them to us immediately. You might have read online that if someone has your API Key they can control your account, change your password, or accept or send trade offers from your account. While this is absolutely not the case (and we’ll discuss this further down), your API Key is private information that should only be shared with us should you want to speed up your transactions.

Another thing to note is that you should never revoke your API Key during a P2P trade on CSGORoll. By doing so, the trade will be forfeited… so it’s best to wait until after any trades are completed (unless there’s something suspicious going on).

Why does CSGORoll need my API Key anyway?

An API Key can be used for a myriad of actions… but CSGORoll strictly uses it for tracking P2P trades. We do this so we can ensure all P2P trades run as smoothly as possible; the API Key allows us to look at the status of any trade created, and update the trade’s progress on our end throughout the transaction. Using the P2P system is the only time you’ll ever be asked to supply your API Key.

Why should I trust CSGORoll with my API Key?

Firstly, you should know that CSGORoll’s success depends on our reputation of being trustworthy and transparent. Without that, we wouldn’t have so many users. When it comes to security, we take things very seriously… and we adhere to strict and secure programming standards to protect your API Keys and maintain a high level of security. Your CSGORoll API Key is stored securely and encrypted within our database. We’re also regularly audited to make sure any security issues are resolved immediately.

How do I generate my API Key to send to CSGORoll?

When you attempt to use the P2P system for the first time for a faster transaction, CSGORoll will send you a form asking for your API Key. This form will also provide a link that will take you directly to the page to generate your Key. You’ll be asked for a ‘domain’, which can be anything, but we recommend just setting this as ‘localhost’. You’ll then be able to generate your Key, which you can easily copy and paste into the respective field on the CSGORoll form. Provided your trade URL and API Key are both valid, you’ll then be able to use our P2P system.

I’ve read some scary stuff online. What can actually happen if someone has my API Key?

It’s always good to be aware of potential security threats, but you should also know that much of the information online about API Keys isn’t quite true. One of the biggest myths out there is that if someone has your Key they can do absolutely anything they like from your Steam account. But this isn’t true at all, as your API Key is confined to a very specific set of actions. The Key doesn’t allow a user to do much at all actually. For example, if someone had your Key, they would never be able to meddle with your account like reset your password, change the email address, send or accept trade offers, disable 2-factor authentication, or view sensitive payment information. None of these actions would be affected whatsoever.

So what kind of scams do I need to watch out for?

It’s unfortunate, but API scams do exist within the CS:GO community - and if you provide the wrong party with your API Key, it is possible to fall victim to one. A typical scam would compromise your API Key, where the criminal party would use it to monitor your trade history. They could then intercept any trades that involve you sending an item to another user by cancelling it… only to impersonate the rightful recipient of the trade to trick you into sending the item to the criminal party instead. It’s for this reason that CSGORoll strongly recommends verifying another user’s level and registration before initiating and when confirming a trade offer with them. It’s also important to note that the depositor should always make the trade offer, and not the other way around. If you deposit an item to CSGORoll and a buyer sends you a trade offer, please cancel it immediately and report it to the CSGORoll team.

How can I prevent API Key scams?

It’s a pretty simple one, but malicious browser extensions are actually one of the most common ways for a scammer to steal your API Key. Make sure you don’t install browser extensions that aren’t popular, haven’t been developed by a trustworthy party, or that request permission to specifically read or change data on CSGORoll - that would be your first indicator.

It’s also worth remembering that CSGORoll will only ever ask you for your API Key via our form when you request to use the P2P system - other than that, we’ll never ask. If you are asked for it outside of this, please report it to us straight away. Furthermore, if you go to generate your API Key and find that it’s already been set (and you don’t remember doing that yourself), you should immediately revoke the API Key, reset your password, and have a look at your browser extensions for any malice. This could be suspicious activity, so it’s always better to act fast. More details about API Scams: https://blog.csgoroll.com/what-is-an-api-scam-and-how-to-prevent-it/

I want to learn more about API Keys, who can I ask?

The more safe and secure you feel about your API Key, the better. We’re always happy to answer your questions - just give us a shout at support@csgoroll.com.

Did this answer your question?