Goals and methodology

The goal of anti-cheat is to discourage users from using cheat software to negatively impact other players in multiplayer games. The ICheatReportingService allows you to ban the users account from playing your game for the duration you choose. Once a user ban is in effect, the user will no longer be able to connect to multi-player game servers that are marked as secure.

When a user has been banned by the RequestPlayerGameBan API in the ICheatReportingService, the following happens:

• The account cannot join secure servers for the AppIDs that are banned
  
• The ban is publicly displayed on their Steam Community profile
  
• The account can no longer share the game via family sharing
  
• If the user is accessing the game via Family Library Sharing, the ban is also applied to the actual owner of the game

Requirements

Multi-player
Banning depends on the game server to exclude banned users from games. Thus it only works for multi-player games and does nothing for single player games.

Steamworks authentication APIs will inform the server of players that are banned.
Authentication must be enforced in the game client and server via the Steam Authentication APIs.

Enable Anti-Cheat APIs
This can be done from the Anti-Cheat Configuration page in the App Admin panel. These APIs must be enabled to apply Game bans.

Secure game servers

A "secure" game is one that doesn't allow convicted cheaters to play on it. Individual instances of your game can choose at run-time whether or not they are secure or insecure. It's up to your game to choose the policy on this, but typically games default to being secure with an option to let the user start the game as insecure. This separates the cheaters from the rest of your community while still letting them play the game.

Integration

Cheat detection is performed by you or your agents and reported via the ICheatReportingService. The game should use best practices and protect its assets and internal state. The game can use the Steamworks API to find out whether or not a user is banned. There following result returned in the ISteamUser::ValidateAuthTicketResponse_t callback from ISteamUser::BeginAuthSession will tell your game server if the user has been banned:

• k_EAuthSessionResponsePublisherIssuedBan - Returned when the user is banned via the RequestPlayerGameBan webapi.

The game server should disconnect the player from the session upon receiving a callback with that result.

Related Web APIs

See the Web API documentation for more information on how to use the following Web APIs.

• ICheatReportingService/ReportPlayerCheating
  
• ICheatReportingService/GetCheatingReports
  
• ICheatReportingService/RequestPlayerGameBan
  
• ICheatReportingService/RemovePlayerGameBan