Authentication
Last updated
Last updated
Steam Authentication allows your game to verify the identity of a user via Steam's backend services. It is commonly used for multiplayer games, server access control, and web API integration. The system issues authentication tickets that can be validated by other clients, game servers, or your own backend.
You should use Steam Authentication when:
You need to verify a player's identity in multiplayer sessions.
You want to authenticate users with your backend or web services.
You're integrating with Steam Web API endpoints that require proof of identity.
You don’t need to use Steam Authentication when:
Your game is entirely single-player and doesn’t rely on server-side identity checks.
You're using Steam only for basic platform features like achievements or cloud saves.
Authentication is handled entirely via Steamworks API and does not require any setup in the Steamworks Developer Portal.
When requesting an authentication ticket, you must specify the intended recipient of the ticket—this is referred to as the "identity." The identity is who the ticket is for, not who is generating it. This means you should provide the Steam ID of the server, user, or Web API key that will receive and validate the ticket, not your own ID.
When you receive a ticket from a user, you use it by calling Begin Auth Session. This function first checks the ticket’s structure for validity. If the structure is valid, Steam processes the ticket on the backend, performs authentication, and returns the result to you.
When you are done playing with a user or otherwise wish to end the authenticated session with them, you need to call End Session on that user.