Skip to main content

Quick Start

This guide takes you from zero to a working deposit in four steps. You’ll need your API key and API secret from the AssetPay dashboard before you start.

Prerequisites

  • An AssetPay merchant account (contact our team to get onboarded)
  • Your API key (format: ap_...) from the dashboard
  • Your API secret (used for signing client tokens and verifying callbacks)
  • A callback URL configured in your dashboard settings

Base URL

https://api.assetpay.co
For staging/testing: 
https://staging-api.assetpay.co

Step 1: Authenticate a Client

Every user who trades on your platform needs a client token. Your backend generates this by calling the authenticate endpoint with your API key. 
POST https://api.assetpay.co/auth/authenticate-client
Content-Type: application/json
api-key: YOUR_API_KEY

{
  "clientSteamId": "76561198012345678",
  "clientTradeUrl": "https://steamcommunity.com/tradeoffer/new/?partner=12345678&token=AbCdEfGh"
}
Response: 
{
  "requestId": "550e8400-e29b-41d4-a716-446655440000",
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs..."
  }
}
You can pass this token to your frontend. The client token is safe to expose to users because AssetPay protects your balance through callbacks, not through token restrictions. For withdrawals, we always check with your backend (via callback) before purchasing anything.
Your API key (ap_...) should stay on your backend. The client token is the one that can be used from the frontend.

Step 2: Fetch the User’s Inventory

With the client token, fetch the user’s CS2 inventory: 
GET https://api.assetpay.co/client/inventory?game=730&refresh=true
Authorization: CLIENT_TOKEN
Response: 
{
  "requestId": "...",
  "success": true,
  "data": {
    "inventory": [
      {
        "id": "a1b2c3d4-...",
        "name": "AK-47 | Redline",
        "marketHashName": "AK-47 | Redline (Field-Tested)",
        "iconUrl": "IzMF03bk9WpSBq-S-ekoE33L-iLqGFHVaU25ZzQNQcXdA3g5gMEPvUZZEfSMJ6dESN8p_2SVTY7V2N4MxGVIwXpaL3_a3Hh...",
        "tradable": true,
        "marketPrice": 12.50,
        "offer": {
          "price": 10.75,
          "reference": "ref_abc123"
        },
        "exterior": "Field-Tested",
        "wear": "0.25432",
        "appid": 730,
        "contextid": 2
      }
    ],
    "count": 42,
    "updatedAt": "2026-03-04T10:00:00.000Z",
    "collateral": 150.00
  }
}
Key fields:
  • offer.price is the price the user will receive (in USD) if they deposit this item
  • offer.reference must be passed back when initiating the deposit
  • marketPrice is the BUFF163 market reference price (not the trade price)

Step 3: Initiate a Deposit

When the user selects items to deposit, send a deposit request (from frontend or backend): 
POST https://api.assetpay.co/client/trading/deposit
Content-Type: application/json
Authorization: CLIENT_TOKEN

{
  "items": [
    {
      "itemId": "a1b2c3d4-...",
      "offer": {
        "price": 10.75,
        "reference": "ref_abc123"
      }
    }
  ],
  "game": "730",
  "externalId": "your-unique-tracking-id"
}
Response: 
{
  "requestId": "...",
  "success": true,
  "data": {
    "id": "trade-uuid-here",
    "type": "DEPOSIT",
    "status": "INITIATED",
    "game": "730",
    "items": [...],
    "totalPrice": 10.75,
    "createdAt": "2026-03-04T10:05:00.000Z",
    "updatedAt": "2026-03-04T10:05:00.000Z"
  }
}
The trade is now in progress. A Steam trade offer will be sent to the user automatically.

Step 4: Handle Callbacks

As the trade progresses, AssetPay sends POST requests to your callback URL. Each callback contains the trade object, the event name, and an HMAC signature. 
{
  "payload": {
    "trade": {
      "id": "trade-uuid-here",
      "type": "DEPOSIT",
      "status": "COMPLETED",
      "totalPrice": 10.75,
      "items": [...]
    },
    "event": "COMPLETED",
    "timestamp": "2026-03-11T10:05:00.000Z",
    "key": "hmac_signature_hex"
  }
}
Your callback handler should:
  1. Verify the HMAC signature (see Callbacks)
  2. Credit the user’s balance when status is COMPLETED
  3. Respond with HTTP 200
app.post('/assetpay/callback', (req, res) => {
  const { trade, event, key } = req.body.payload;

  // Verify signature first
  if (!verifySignature(trade, key, YOUR_API_SECRET)) {
    return res.status(401).send('Invalid signature');
  }

  if (trade.type === 'DEPOSIT' && event === 'COMPLETED') {
    // Credit the user's balance
    creditBalance(trade.clientSteamID, trade.totalPrice);
  }

  res.status(200).send('OK');
});
That’s it. You now have a working deposit flow. Head to the individual guides for full details on each part of the integration:

Authentication

Token generation, local signing, and security best practices.

Deposits

Single and multi-item deposits, instant credit, and hold periods.

Withdrawals

Market purchases and the withdrawal callback flow.

Callbacks

Signature verification, event handling, and retry behavior.