|
|
|
|
|
|
by devrand
1786 days ago
|
|
|
The fact that you need to hand over a Steam API key is really worrisome, and the FAQ entry for it isn't all that reassuring [1]. You're basically just saying "no it's cool trust us". Are you encrypting these API keys? Do you delete them after each transaction? It's kind of a honeypot if you're holding onto the keys. You don't have the ability to revoke them so if they're ever compromised it's on your users to revoke them before misuse. It's worth noting that there's a ton of undocumented (by Valve) Web API methods [2]. If you just look at the official documentation [3] it misleads you into thinking it's a read-only API for fairly basic data. I presume that GamerPay is relying upon some of these undocumented APIs as part of their implementation. [1]: https://intercom.help/gamerpay/en/articles/5313751-is-it-saf... [2]: https://steamapi.xpaw.me/ [3]: https://steamcommunity.com/dev |
|
|