This module simplifies the process of obtaining an authenticated session for steam websites. After authentication is complete, a requests.Session is created containing the auth cookies. The session can be used to access steamcommunity.com, store.steampowered.com, and help.steampowered.com.


A web session may expire randomly, or when you login from different IP address. Some pages will return status code 401 when that happens. Keep in mind if you are trying to write robust code.


If you are using SteamClient take a look at get_web_session()


If you need to authenticate as a mobile device for things like trading confirmations use MobileWebAuth instead. The login process is identical, and in addition you will get oauth_token.

Example usage:

import steam.webauth as wa

user = wa.WebAuth('username', 'password')

except wa.CaptchaRequired:
    print user.captcha_url
    # ask a human to solve captcha
except wa.EmailCodeRequired:
except wa.TwoFactorCodeRequired:

# OR
session = user.login()

Alternatively, if Steam Guard is not enabled on the account:

    session = wa.WebAuth('username', 'password').login()
except wa.HTTPError:

The WebAuth instance should be discarded once a session is obtained as it is not reusable.

class steam.webauth.WebAuth(username, password)

Bases: object

key = None
complete = False

whether authentication has been completed successfully

session_id = None

str, session id string

captcha_gid = -1
steam_id = None

SteamID (after auth is complete)

session = None

requests.Session (with auth cookies after auth is complete)


If a captch is required this property will return url to the image, or None


Get rsa key for a given username

Parameters:username (str) – username
Returns:json response
Return type:dict
Raises:HTTPError – any problem with http request, timeouts, 5xx, 4xx etc
login(captcha='', email_code='', twofactor_code='', language='english')

Attempts web login and returns on a session with cookies set

  • captcha (str) – text reponse for captcha challenge
  • email_code (str) – email code for steam guard
  • twofactor_code (str) – 2FA code for steam guard
  • language (str) – select language for steam web pages (sets language cookie)

a session on success and None otherwise

Return type:

requests.Session, None

  • HTTPError – any problem with http request, timeouts, 5xx, 4xx etc
  • CaptchaRequired – when captcha is needed
  • EmailCodeRequired – when email is needed
  • TwoFactorCodeRequired – when 2FA is needed
  • LoginIncorrect – wrong username or password
class steam.webauth.MobileWebAuth(username, password)

Bases: steam.webauth.WebAuth

Identical to WebAuth, except it authenticates as a mobile device.

oauth_token = None

holds oauth_token after successful login

exception steam.webauth.WebAuthException

Bases: exceptions.Exception

exception steam.webauth.HTTPError

Bases: steam.webauth.WebAuthException

exception steam.webauth.LoginIncorrect

Bases: steam.webauth.WebAuthException

exception steam.webauth.CaptchaRequired

Bases: steam.webauth.WebAuthException

exception steam.webauth.EmailCodeRequired

Bases: steam.webauth.WebAuthException

exception steam.webauth.TwoFactorCodeRequired

Bases: steam.webauth.WebAuthException