Yesterday evening i took a deeper look at the Steam Api, especially the authentiaction system.
To query user information you need besides an App-ID a PublisherKey. This key is a secret account bound key and has to be treated like a password. With that in mind a TeamSpeak Client or Server will never have access to this key.
Even if we just query public info from the api there is a 100k request limit per ip per day, which should be more then enough. But keep in mind that a person could extract the information from the client/server and spam request to the api and get our App-ID or even worse our App-Group banned.
Well every one can get a api key for steam ( Sign In ) and yea, the limit is 100k requests per api key per day which is enough for one server.
Example: Server owner “A” get a own api key for his server only (from his main steam account or a smurf (need to spend at least 5€ in Steam to get the api unlocked)) and save it for his server / virtual server. So he got 100k requests per day for his users.
About the api call: http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=XXXXXXXXXXXXXXXXXXXXXXX&steamids=76561197960435530
“profileurl”: “Steam Community :: Robin”,
“realname”: “Robin Walker”,
You can fetch up to 100 steam ids per call so you can query 10.000.000 users per day with one api key.
About the Steam OpenID: This is also possible with a privat api key, no Paid AppID / Publisher Key is needed for this and 100k requests is enough for a server to handle this. Source: Steam Community :: Steam Web API Documentation & GitHub - SmItH197/SteamAuthentication: A simple PHP Authentication that enables steam users to log into their steam account to access content!
So for a integration of Steam OpenID, the server owner just need a privat api key. The server can count all requests and cache the results if needed (no need to refresh a user profile every time). I don’t see any problem with that.
About the Spam: Whats the problem with spam? Sure, a user can spam login on the OpenID but the server can cache the results and block the user ip if needed. Even if the 100k request limit is reached, you only get a api key ban (and only for that server/virtual server with that personal key, not global!). Many sites uses the OpenID System and don’t have any problems with spam or a banned key.
I got a working Steam ↔ TeamSpeak ↔ Riot Games connection. Works without any problems. You only need to setup the connection between Steam and TeamSpeak (and Riot Games) one time. The server just save this: TeamSpeak Database ID: xxx, SteamID: YYY, RiotGames ID: ZZZ. No more login needed after that. All Bots can now fetch the user profile with the Public SteamID and do stuff with it (100 SteamIDs per Call to get the current steam profile).
@Hubert If you want i can show you more about that connection and how it works.