I'm working on a .NET app that needs to retrieve a steam user's (public) inventory for a specific app. Steams API documentation is pretty terrible and seems to have several deprecated endpoints for this, like this one:
https://api.steampowered.com/IEconItems_730/GetPlayerItems/v1/?key=[API_KEY]&steamid=[STEAM_ID]
The only API that seems to be left working now is an unauthenticated one (no API key needed) at:
https://steamcommunity.com/profiles/[USERID]/inventory/json/730/2
However, this endpoint results in 403 (forbidden) any time an app or browser attempts to access it, unless it is from a browser that has an active authentication cookie from SteamCommunity (IE logged in with active session).
Does anyone know of some undocumented part of the Steam API that allows for unauthenticated requests for a public user's inventory, or a way in which I can authenticate the .NET application itself so it can send a request with a valid cookie? It seems strange Valve would have an API endpoint that can't be accessed through anything but a browser.
I've tried sending with a variety of default headers via HTTPclient to ensure that the issue is in fact an active steamcommunity session. and that appears to be the issue.