From what I understand, Valve uses OpenID authentication. It’s an open standard and it’s deliberately available for just about any use case. They could revoke API keys but the process of getting a new one is easy and completely automated. Also, there is nothing in any of their user agreements or terms of service that…