CS:GO
No land without stones, or meat without bones, it’s how the game rolls. When Valve first introduced the revolutionary “Arms Deal” update, it allowed players to acquire skins and eventually trade them, resulting in attracting a breed of sharks, preying on unsuspecting victims.
At a time when there was no trade hold, it was the perfect opportunity for these sharks to steal and scam other players' skins. A problem that players still face today despite Valve’s attempts to solve it. After all, every path has its puddle, and for the CS:GO community it is the unethical scum of the earth that finds new ways to trick, manipulate and shark skins.
Regardless of the lost value, being scammed hurts, and with most methods being known these days, the API scam remains the most dangerous and effective.
What is an API
An Application Programming Interface (API) is a computing interface that allows different software programs to communicate. It is used by online businesses to interact between software systems. APIs can be used by these organizations to enhance customer experiences or for internal operations.
By checking a website, the web page is stored on a remote server which sends a request to the website server, then the server responds with the necessary code to display the webpage.
Buying or selling CSGO skins on third-party marketplaces requires you to connect your Steam account to the platform by using the "Login with Steam" button. This connection is facilitated through the Steam Web API, which links your Steam inventory to the marketplace's platform.
Hacked API key exampleHow does the API Scam work?
Trading is done in three easy steps:
1 - Send the trade offer
2 - Confirm the offer via mobile phone
3 - Wait for the other person to accept.
The scam happens during the second step when confirming the offer. Through access to your API key, it automatically cancels the original trade offer and creates a duplicate from a different account with the same name and profile picture, which is hard to distinguish at first glance.
Please keep in mind that once you confirm the offer on your mobile phone, it’s already too late.
So how do you prevent scammers from accessing your API key?
How to prevent API scams?
- Change your Steam account password
- Revoke any API key that may have been generated by scammers, by going here
(If your API key page shows anything different than the picture below, you are infected)
Image of the API key- Create a new trading URL for your Steam account
By following these easy steps, you ensure the safety of your account and avoid any scam attempts.
Important notes on the API scam
- Do not log in to any suspicious links or websites that could target your account.
- Make sure the browser extensions you’re using are safe and legitimate.
- Double-check the Steam level and the date of account creation before accepting a trade.
- Pay attention to any comments from Steam on the trade as it might say that a trade containing the items has been recently canceled.
- API scam will not give scammers access to your account but rather your activity log and the ability to view and cancel trades.
- Remember, if you click “Accept trade” then it’s too late.
- Use trusted third-party skin websites.
It’s better to be safe than sorry, so be sure to follow the mentioned steps to prevent being a victim of an API scam and ensure your account remains secure. If you’re dealing with a known trader, adding a cheap item to either side of the trade will also help prevent the scam.
Feel free to regularly check your Steam account API key page to ensure your account is safe before trading.
