Steam API Key Scam: How It Works and How to Check
The Steam API key scam silently steals your items. Here's how to detect and prevent it.
One of the most insidious Steam scams doesn't even need your password. The API key scam silently monitors your trades and steals your items.
How the Steam API Key Scam Works
- You click a malicious link (often "vote for my team" or similar)
- You log into what looks like Steam (but it's a fake site)
- The attackers create an API key on your account
- The API key lets them see and auto-accept trades
The scary part: You won't know anything is wrong until your items are gone.
How to Check for Unauthorized API Keys
- Go to https://steamcommunity.com/dev/apikey
- If you see a key you didn't create, revoke it immediately
- If it says "Your Steam account is limited" or shows no key, you're safe
What to Do If You Find One
- Revoke the API key immediately
- Change your Steam password
- Deauthorize all other devices
- Enable Steam Guard Mobile Authenticator
- Check your recent trade history
Prevention Tips
- Never click "vote for my team" links
- Always verify you're on steamcommunity.com
- Don't log into Steam through external links
- Check your API key regularly
See What's Exposed About You
Run a Warden to find out exactly what attackers can piece together. Free first scan, no credit card.
Try Warden — no-subscription cleanup →