Init Download - Steam Api

import requests import uuid def init_steam_download(app_id, depot_id): # Step 1: Get anonymous token machine_id = str(uuid.uuid4()) auth_url = "https://api.steampowered.com/ICMSService/GetCDNAuthToken/v1/" auth_params = { "appid": app_id, "depot_id": depot_id, "token": machine_id }

To initialize a download, you must first convince Steam’s API that you are a legitimate Steam client. You do not need a user login to download public game content (e.g., dedicated server files). Steam allows "anonymous" CDN access using a special interface.

token_resp = requests.get(auth_url, params=auth_params).json() cdn_token = token_resp['response']['token']

# The download is now initialized response = requests.get(chunk_url, headers=headers, stream=True) steam api init download

If you’ve ever built a game launcher, a server management tool, or a content distribution bot, you’ve likely stared at the Steam Web API documentation wondering: How do I actually trigger a download remotely?

To actually fetch the manifest content, you must use Steam’s internal CMClient protobuf interface (used by SteamKit2 or node-steam-user), or scrape the . For HTTP-only scripts, you query: GET https://steamcdn-a.akamaihd.net/client/manifest/{depot_id}/Manifest_{manifest_id}.bin

But you attach the token from Step 1 as a query parameter. The manifest tells you the file is made of chunks (usually 1MB each). To initialize the download, you request the specific chunk. token_resp = requests

GET https://api.steampowered.com/ISteamApps/UpToDateCheck/v1/

Steam uses a three-step handshake to generate temporary, authenticated URLs. If you try to wget a depot URL directly, you will receive a 403 Forbidden or Access Denied .

# Step 2: Get latest manifest ID manifest_url = "https://api.steampowered.com/ISteamApps/UpToDateCheck/v1/" manifest_params = {"appid": app_id, "version": 0} manifest_resp = requests.get(manifest_url, params=manifest_params).json() manifest_id = manifest_resp['response']['required_version'] The manifest tells you the file is made

GET https://api.steampowered.com/ICMSService/GetCDNAuthToken/v1/

Here is the technical reality of the init_download process. Many new developers assume there is a simple endpoint: GET https://steamcdn.com/download/{appid}

GET https://steamcdn-a.akamaihd.net/depot/{depot_id}/chunk/{chunk_hash}

# Step 3: Initialize download stream chunk_url = f"https://steamcdn-a.akamaihd.net/depot/{depot_id}/manifest/{manifest_id}" headers = {"X-Steam-CDN-Auth-Token": cdn_token}

{ "response": { "token": "ABC123XYZ789...", "expiration": 1704067200 } } This token is your key. It is short-lived (usually 10-30 minutes). Without it, Step 2 fails immediately. You don't download the game files directly; you download a manifest . A manifest is a binary blob (or protobuf) containing the directory tree, file hashes (SHA-1), and chunk sizes.

import requests import uuid def init_steam_download(app_id, depot_id): # Step 1: Get anonymous token machine_id = str(uuid.uuid4()) auth_url = "https://api.steampowered.com/ICMSService/GetCDNAuthToken/v1/" auth_params = { "appid": app_id, "depot_id": depot_id, "token": machine_id }

To initialize a download, you must first convince Steam’s API that you are a legitimate Steam client. You do not need a user login to download public game content (e.g., dedicated server files). Steam allows "anonymous" CDN access using a special interface.

token_resp = requests.get(auth_url, params=auth_params).json() cdn_token = token_resp['response']['token']

# The download is now initialized response = requests.get(chunk_url, headers=headers, stream=True)

If you’ve ever built a game launcher, a server management tool, or a content distribution bot, you’ve likely stared at the Steam Web API documentation wondering: How do I actually trigger a download remotely?

To actually fetch the manifest content, you must use Steam’s internal CMClient protobuf interface (used by SteamKit2 or node-steam-user), or scrape the . For HTTP-only scripts, you query: GET https://steamcdn-a.akamaihd.net/client/manifest/{depot_id}/Manifest_{manifest_id}.bin

But you attach the token from Step 1 as a query parameter. The manifest tells you the file is made of chunks (usually 1MB each). To initialize the download, you request the specific chunk.

GET https://api.steampowered.com/ISteamApps/UpToDateCheck/v1/

Steam uses a three-step handshake to generate temporary, authenticated URLs. If you try to wget a depot URL directly, you will receive a 403 Forbidden or Access Denied .

# Step 2: Get latest manifest ID manifest_url = "https://api.steampowered.com/ISteamApps/UpToDateCheck/v1/" manifest_params = {"appid": app_id, "version": 0} manifest_resp = requests.get(manifest_url, params=manifest_params).json() manifest_id = manifest_resp['response']['required_version']

GET https://api.steampowered.com/ICMSService/GetCDNAuthToken/v1/

Here is the technical reality of the init_download process. Many new developers assume there is a simple endpoint: GET https://steamcdn.com/download/{appid}

GET https://steamcdn-a.akamaihd.net/depot/{depot_id}/chunk/{chunk_hash}

# Step 3: Initialize download stream chunk_url = f"https://steamcdn-a.akamaihd.net/depot/{depot_id}/manifest/{manifest_id}" headers = {"X-Steam-CDN-Auth-Token": cdn_token}

{ "response": { "token": "ABC123XYZ789...", "expiration": 1704067200 } } This token is your key. It is short-lived (usually 10-30 minutes). Without it, Step 2 fails immediately. You don't download the game files directly; you download a manifest . A manifest is a binary blob (or protobuf) containing the directory tree, file hashes (SHA-1), and chunk sizes.