Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/nestrilabs/nestri/llms.txt

Use this file to discover all available pages before exploring further.

The Steam endpoints let you manage Steam accounts associated with a Nestri user. GET /steam returns all currently linked accounts. The popup and callback routes implement the Steam OpenID 2.0 flow for connecting a new Steam account — these are browser-redirect endpoints, not JSON API calls.

GET /steam

List all Steam accounts linked to the authenticated user. 
GET https://api.nestri.io/steam

Request headers

Authorization
string
required
Bearer token in the format Bearer <your-jwt-token>.
x-nestri-steam
string
Optional. The Steam ID to scope the request to when the user has multiple linked accounts. If omitted, the endpoint returns all linked accounts regardless.

Response

Returns a data array of Steam objects.
data
Steam[]
required

Example

curl https://api.nestri.io/steam \
  --header "Authorization: Bearer <your-jwt-token>"

Steam OpenID login flow

Linking a new Steam account to a Nestri user is a two-step browser redirect flow. Your application opens a popup window to GET /steam/popup/:id, which redirects the user to Steam’s OpenID login page. After the user authenticates on Steam, Steam redirects back to GET /steam/callback/:id, which verifies the response, creates or updates the Steam account record, and closes the popup window.
The popup and callback endpoints are browser-redirect flows. Do not call them directly from server-side code or with fetch. Open GET /steam/popup/:id in a popup window using window.open().

GET /steam/popup/:id

Initiates the Steam OpenID login flow by setting a session cookie and redirecting to the Steam login page. 
GET https://api.nestri.io/steam/popup/:id
This endpoint does not require an Authorization header. It uses a short-lived user_id browser cookie to track the session.

Path parameters

id
string
required
The Nestri user ID to link the Steam account to. Example: "user_XXXXXXXXXXXXXXXXXXXXXXXXX".

Behavior

  1. Looks up the Nestri user by id. Returns 404 if not found.
  2. Sets a user_id cookie on the response.
  3. Constructs a Steam OpenID 2.0 authorization URL with openid.return_to pointing to /steam/callback/:id.
  4. Redirects the browser (302) to https://steamcommunity.com/openid/login.

GET /steam/callback/:id

Receives the Steam OpenID redirect, verifies the authentication response, and stores the linked Steam account. 
GET https://api.nestri.io/steam/callback/:id
This endpoint is called automatically by Steam after the user completes login. You do not need to call it directly.

Path parameters

id
string
required
The Nestri user ID, matching the value set during the popup step. Example: "user_XXXXXXXXXXXXXXXXXXXXXXXXX".

Behavior

  1. Validates that the user_id cookie matches the :id path parameter. Returns 401 if they differ.
  2. Looks up the Nestri user by id. Returns 404 if not found.
  3. Verifies the OpenID query parameters returned by Steam. Returns 401 if verification fails.
  4. Fetches the authenticated Steam user’s profile data.
  5. Creates a new Steam account record linked to the Nestri user, or updates the owner of an existing Steam account.
  6. Returns an HTML snippet that closes the popup window.

Error responses

StatusCodeDescription
400INVALID_PARAMETERMalformed request parameters
401UNAUTHORIZEDCookie mismatch or invalid OpenID response
404RESOURCE_NOT_FOUNDUser not found for the given ID
429Rate limit exceeded

Build docs developers (and LLMs) love

Get started for freeTalk to us