> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cratebytes.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the CrateBytes Game API using Steam or guest authentication.

The CrateBytes Game API provides two authentication methods: **Steam Authentication** and **Guest Authentication**. Both methods require a project public key for identification.

## Base URL

All authentication endpoints are prefixed with `/api/game/auth/`.

## Guest Authentication

Authenticate without requiring a Steam account. This method creates a temporary player session.

### Guest Login

**Endpoint:** `POST /api/game/auth/guest`

**Request Body:**

```json theme={null}
{
  "publicKey": "your-project-public-key",
  "playerId": "optional-custom-player-id"
}
```

**Response:**

```json theme={null}
{
  "statusCode": 200,
  "data": {
    "token": "jwt-token-here",
    "playerId": "generated-or-custom-player-id",
    "sequentialId": 12345
  }
}
```

**Parameters:**

* `publicKey` (required): Your project's public key for identification
* `playerId` (optional): Custom player ID. If not provided, one will be generated

## Steam Authentication

Authenticate using a Steam account for enhanced features and persistent player data.

### Steam Login

**Endpoint:** `POST /api/game/auth/steam`

**Request Body:**

```json theme={null}
{
  "publicKey": "your-project-public-key",
  "steamAuthTicket": "steam-authentication-ticket"
}
```

**Response:**

```json theme={null}
{
  "statusCode": 200,
  "data": {
    "token": "jwt-token-here",
    "playerId": "player-id",
    "sequentialId": 12345,
    "steamId": "steam-64-id"
  }
}
```

**Parameters:**

* `publicKey` (required): Your project's public key for identification
* `steamAuthTicket` (required): Steam authentication ticket from the Steam API

## Using the Authentication Token

After successful authentication, you'll receive a JWT token. Include this token in the Authorization header for all subsequent API calls:

```
Authorization: Bearer <your-jwt-token>
```

## Error Responses

### Invalid Project Key

```json theme={null}
{
  "statusCode": 404,
  "error": {
    "message": "Project not found"
  }
}
```

### Invalid Steam Ticket

```json theme={null}
{
  "statusCode": 400,
  "error": {
    "message": "Invalid Steam authentication ticket"
  }
}
```

### General Authentication Errors

```json theme={null}
{
  "statusCode": 400,
  "error": {
    "message": "Authentication failed"
  }
}
```

## Implementation Notes

1. **Project Public Key**: You must obtain a public key from your CrateBytes project dashboard
2. **Steam Integration**: For Steam authentication, you'll need to integrate with Steam's authentication system
3. **Token Expiration**: JWT tokens expire after 24 hours
4. **Player Identification**: Each player gets a unique `sequentialId` for internal tracking
