The CrateBytes Game API provides two authentication methods: Steam Authentication and Guest Authentication. Both methods require a project public key for identification.

Base URL

All authentication endpoints are prefixed with /api/game/auth/.

Guest Authentication

Authenticate without requiring a Steam account. This method creates a temporary player session.

Guest Login

Endpoint: POST /api/game/auth/guest Request Body: 
{
  "publicKey": "your-project-public-key",
  "playerId": "optional-custom-player-id"
}
Response: 
{
  "statusCode": 200,
  "data": {
    "token": "jwt-token-here",
    "playerId": "generated-or-custom-player-id",
    "sequentialId": 12345
  }
}
Parameters:
  • publicKey (required): Your project’s public key for identification
  • playerId (optional): Custom player ID. If not provided, one will be generated

Steam Authentication

Authenticate using a Steam account for enhanced features and persistent player data.

Steam Login

Endpoint: POST /api/game/auth/steam Request Body: 
{
  "publicKey": "your-project-public-key",
  "steamAuthTicket": "steam-authentication-ticket"
}
Response: 
{
  "statusCode": 200,
  "data": {
    "token": "jwt-token-here",
    "playerId": "player-id",
    "sequentialId": 12345,
    "steamId": "steam-64-id"
  }
}
Parameters:
  • publicKey (required): Your project’s public key for identification
  • steamAuthTicket (required): Steam authentication ticket from the Steam API

Using the Authentication Token

After successful authentication, you’ll receive a JWT token. Include this token in the Authorization header for all subsequent API calls: 
Authorization: Bearer <your-jwt-token>

Error Responses

Invalid Project Key

{
  "statusCode": 404,
  "error": {
    "message": "Project not found"
  }
}

Invalid Steam Ticket

{
  "statusCode": 400,
  "error": {
    "message": "Invalid Steam authentication ticket"
  }
}

General Authentication Errors

{
  "statusCode": 400,
  "error": {
    "message": "Authentication failed"
  }
}

Implementation Notes

  1. Project Public Key: You must obtain a public key from your CrateBytes project dashboard
  2. Steam Integration: For Steam authentication, you’ll need to integrate with Steam’s authentication system
  3. Token Expiration: JWT tokens expire after 24 hours
  4. Player Identification: Each player gets a unique sequentialId for internal tracking