Portfolio API

Manage and value your CS2 skin portfolio by linking your Steam inventory.

These endpoints are part of the upcoming platform features. The API contracts below are finalized but the endpoints are not yet deployed. See the Roadmap for implementation timeline.

Portfolio features require a linked Steam account. See Steam OpenID for setup and Portfolio System for the full vision.

All portfolio endpoints require authentication.

GET /api/v1/portfolio

Get the current portfolio valuation for the authenticated user.

curl http://localhost:8080/api/v1/portfolio -b cookies.txt

Response:

{
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "total_value": 245000,
  "item_count": 15,
  "holdings": [
    {
      "item_id": 1,
      "market_hash_name": "AK-47 | Redline (Field-Tested)",
      "quantity": 2,
      "current_price": 1250,
      "total_value": 2500,
      "imported_at": "2025-01-15T10:00:00Z"
    }
  ],
  "last_imported_at": "2025-01-15T10:00:00Z"
}

Field	Type	Description
`total_value`	`integer`	Total portfolio value in cents
`item_count`	`integer`	Number of unique items
`holdings`	`array`	Individual item holdings with current prices
`last_imported_at`	`string`	Timestamp of last Steam inventory import

Prices are in minor units (cents). total_value: 245000 = $2,450.00

POST /api/v1/portfolio/import

Import the authenticated user’s Steam inventory. Requires a linked Steam account.

curl -X POST http://localhost:8080/api/v1/portfolio/import \
  -b cookies.txt \
  -H "X-CSRF-Token: {token}"

Requirements:

Authenticated user
CSRF token
Steam account linked to the user’s profile
Import cooldown not active

Response:

200 OK
429 Too Many Requests
400 Bad Request

{
  "message": "Inventory imported successfully",
  "imported_assets": 47
}

{
  "error": "Import cooldown active. Try again later."
}

{
  "error": "No Steam account linked. Link your Steam account first."
}

Import Behavior

Fetches the user’s full Steam CS2 inventory
Matches items against the items table by market_hash_name
Upserts holdings (creates new or updates existing)
Records import metadata for cooldown tracking
Per-user cooldown prevents excessive API calls to Steam (enforced via Redis)

Abuse Protection

Cooldown period — enforced via Redis TTL per user ID
Fail-closed — if Redis is unavailable, the import is denied (not allowed by default)
Response body cap — Steam inventory API responses are size-limited
SteamID validation — Steam IDs are validated before making API calls

API Reference

​Portfolio API

​GET /api/v1/portfolio

​POST /api/v1/portfolio/import

​Import Behavior

​Abuse Protection

Portfolio API

GET /api/v1/portfolio

POST /api/v1/portfolio/import

Import Behavior

Abuse Protection