Skip to main content
Back to blog

How ManifestHub3 powers steamtools.games

A behind-the-scenes tour of the open-source Steam depot-key cache that makes the steamtools.games generator work — and how to fork it.

Jul 5, 2026SteamTools Team
How ManifestHub3 powers steamtools.games

If you have used steamtools.games to grab a manifest, you have already used ManifestHub3 — you just did not see it. This post is the behind-the-scenes tour of the data layer that makes the generator work.

Two repos, one product

steamtools.games ships as two repositories that work together:

  • ManifestHub3 — the raw data. depotkeys.json and appaccesstokens.json indexed by App ID, MIT licensed, mirrored on GitHub.
  • steamtools.games — the user-facing generator. A Cloudflare Worker that reads the data, looks it up, and serves the .manifest / .lua / key.vdf triple SteamTools expects.

You usually only interact with the second one. The first one is the substrate.

What is in the repo

The repo is intentionally small. Two JSON files, one README, one LICENSE:

  • depotkeys.json — depot decryption keys, keyed by App ID and depot ID.
  • appaccesstokens.json — app access tokens, keyed by App ID.
  • og-home.png — the share card for the ManifestHub3 README.

There is no build step, no server, no database. You can git clone the repo, open depotkeys.json, and grep for any App ID. That is the whole "database".

Why a separate data repo?

Three reasons:

  1. Auditability. Every key in the database has a source. You can grep for an App ID, see exactly what is there, and diff it against the previous commit. The site is doing nothing magical — it is reading the same JSON you can read.
  2. Self-hosting. If the hosted site is down, or you do not trust a third-party CDN, you can run the data yourself. Clone the repo, point the Worker at your fork, and you have a private generator.
  3. Preservation. ManifestHub3 is a preservation mirror of the original ManifestHub database that was taken down from GitHub. The data did not disappear; it lives in a new home, under a permissive license, with a clear lineage.

How the generator uses it

When you search for a game on steamtools.games, the request flow is:

  1. The Worker queries the live Steam store to resolve your search term to an App ID. This uses the same endpoint the Steam storefront uses, so DLC, soundtracks, and free-to-play titles all resolve correctly.
  2. The Worker looks up the App ID in depotkeys.json and appaccesstokens.json.
  3. It assembles the canonical filenames SteamTools expects ({appid}_{depotid}.manifest, {appid}.lua, key.vdf) and serves them as a zip.

The lookup is sub-second because the data is small enough to cache in the Worker's memory. There is no third-party API, no rate-limit token, no auth.

How to contribute

The repo is a GitHub repository under the MIT license. If you find a missing App ID or a stale key, open a pull request — the data is plain JSON, and a maintainer reviews every change. The same data is what steamtools.games serves, so your contribution goes live the next time the Worker rebuilds.

Where to go next


Data source: ManifestHub3 — the open-source, MIT-licensed Steam depot-key cache this generator runs on. Audit it, fork it, or run your own mirror.

Try the generator →