> ## Documentation Index
> Fetch the complete documentation index at: https://assetpay.gg/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Quick Start

> Get your first trade working with AssetPay in minutes.

# Quick Start

This guide takes you from zero to a working deposit in four steps. You'll need your API key and API secret from the AssetPay dashboard before you start.

## Prerequisites

* An AssetPay merchant account (contact our team to get onboarded)
* Your **API key** (format: `ap_...`) from the dashboard
* Your **API secret** (used for signing client tokens and verifying callbacks)
* A callback URL configured in your dashboard settings

## Base URL

```
https://api.assetpay.gg
```

For staging/testing:

```
https://api-staging.assetpay.gg
```

## Step 1: Authenticate a Client

Every user who trades on your platform needs a client token. Your backend generates this by calling the authenticate endpoint with your API key.

```http theme={null}
POST https://api.assetpay.gg/auth/authenticate-client
Content-Type: application/json
api-key: YOUR_API_KEY

{
  "clientSteamId": "76561198012345678",
  "clientTradeUrl": "https://steamcommunity.com/tradeoffer/new/?partner=12345678&token=AbCdEfGh"
}
```

Response:

```json theme={null}
{
  "requestId": "550e8400-e29b-41d4-a716-446655440000",
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs..."
  }
}
```

You can pass this token to your frontend. The client token is safe to expose to users because AssetPay protects your balance through callbacks, not through token restrictions. For withdrawals, we always check with your backend (via callback) before purchasing anything.

<Info>
  Your **API key** (`ap_...`) should stay on your backend. The **client token** is the one that can be used from the frontend.
</Info>

## Step 2: Fetch the User's Inventory

With the client token, fetch the user's CS2 inventory:

```http theme={null}
GET https://api.assetpay.gg/client/inventory?game=730&refresh=true
Authorization: CLIENT_TOKEN
```

Response:

```json theme={null}
{
  "requestId": "...",
  "success": true,
  "data": {
    "inventory": [
      {
        "id": "a1b2c3d4-...",
        "name": "AK-47 | Redline",
        "marketHashName": "AK-47 | Redline (Field-Tested)",
        "iconUrl": "IzMF03bk9WpSBq-S-ekoE33L-iLqGFHVaU25ZzQNQcXdA3g5gMEPvUZZEfSMJ6dESN8p_2SVTY7V2N4MxGVIwXpaL3_a3Hh...",
        "tradable": true,
        "marketPrice": 12.50,
        "offer": {
          "price": 10.75,
          "reference": "ref_abc123"
        },
        "exterior": "Field-Tested",
        "wear": "0.25432",
        "appid": 730
      }
    ],
    "count": 42,
    "updatedAt": "2026-03-04T10:00:00.000Z",
    "collateral": 150.00
  }
}
```

Key fields:

* `offer.price` is the price the user will receive (in USD) if they deposit this item
* `marketPrice` is the market reference price (not the trade price)

## Step 3: Initiate a Deposit

When the user selects items to deposit, send a deposit request (from frontend or backend):

```http theme={null}
POST https://api.assetpay.gg/client/trading/deposit
Content-Type: application/json
Authorization: CLIENT_TOKEN

{
  "items": [
    { "itemId": "a1b2c3d4-...", "price": 10.75 }
  ],
  "game": "730",
  "externalId": "your-unique-tracking-id"
}
```

Response:

```json theme={null}
{
  "requestId": "...",
  "success": true,
  "data": {
    "id": "trade-uuid-here",
    "type": "deposit",
    "source": "client",
    "status": "initiated",
    "game": "730",
    "items": [...],
    "totalPrice": 10.75,
    "createdAt": "2026-03-04T10:05:00.000Z",
    "updatedAt": "2026-03-04T10:05:00.000Z"
  }
}
```

The trade is now in progress. A Steam trade offer will be sent to the user automatically.

## Step 4: Handle Callbacks

As the trade progresses, AssetPay sends POST requests to your callback URL. The body is the trade object directly:

```json theme={null}
{
  "trade": {
    "id": "trade-uuid-here",
    "type": "deposit",
    "source": "client",
    "status": "completed",
    "totalPrice": 10.75,
    "items": [...]
  }
}
```

The signature is delivered in the `X-AssetPay-Signature` header (not in the body) and is computed over `<deliveryId>.<timestamp>.<rawBody>` with HMAC-SHA256.

Your callback handler should:

1. Verify the HMAC signature (see [Callbacks](/guides/callbacks))
2. Credit the user's balance when `trade.status === 'completed'`
3. Respond with HTTP `200`

```javascript theme={null}
app.post(
  '/assetpay/callback',
  express.raw({ type: 'application/json' }),
  (req, res) => {
    const rawBody = req.body.toString('utf8');
    if (!verifyAssetPaySignature(req.header('X-AssetPay-Signature'), rawBody, [YOUR_API_SECRET])) {
      return res.status(401).send('Invalid signature');
    }
    const { trade } = JSON.parse(rawBody);

    if (trade.type === 'deposit' && trade.status === 'completed') {
      creditBalance(trade.clientSteamID, trade.totalPrice);
    }

    res.status(200).send('OK');
  },
);
```

See [Callbacks](/guides/callbacks) for the full `verifyAssetPaySignature` implementation.

That's it. You now have a working deposit flow. Head to the individual guides for full details on each part of the integration:

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/guides/authentication">
    Token generation, local signing, and security best practices.
  </Card>

  <Card title="Deposits" icon="arrow-down-to-line" href="/guides/deposits">
    Single and multi-item deposits, instant credit, and hold periods.
  </Card>

  <Card title="Withdrawals" icon="arrow-up-from-line" href="/guides/withdrawals">
    Market purchases and the withdrawal callback flow.
  </Card>

  <Card title="Callbacks" icon="webhook" href="/guides/callbacks">
    Signature verification, event handling, and retry behavior.
  </Card>
</CardGroup>