Is client_id something you have to register with reddit?
So you can't, for example have a client_id per user?
What if you as the app maker forced all your users who want to use your app to go register for their free personal client_id for their own personal API use, and then you have them give that client_id to the app along with their OAuth with they log in?
I am just trying to understand why a third party app can't just be a "software shell" that individual users can use to access reddit through their own personal free API limits as if they were just some individual accessing reddit through the API.
Isn't that a violation of reddit's trademarks? There is a reason apps for Reddit have to brand themselves as "XYZ for Reddit".
Also, I don't quite understand why the requests have to be proxied through a server. Wouldn't implementing this in javascript to send requests directly client-side to reddit's apis be faster and more private? It's fast because it's rust is a dumb argument when you are adding an additional network hop to the latency which can't possibly be compensated for by the choice of the stack.
Does the API work that way now? The part on your own server used to only be for authentication and clients would then interact with reddit's servers directly. (Haven't done anything recently but used to maintain a moderation bot).
Wouldn't you leave the API key, in the server and proxy thru?
That's what I was taught to do, and you give your own tokens to clients to track which client is making that request and block that client if needed.
It seems very dangerous to pass on the reddit API key to the client.
The alternative is for every single user to register as a developer to get their own OAuth2 client-id, or if Reddit switches to some kind of API token (thus collapsing the distinction between an _application_ and the _user authed through it_)
- Moderators use the poweruser tools in the third party clients
- I'm not sure how niche third party clients really are. Reddit started as a community of tech-savvy users who would not put up with the crap the official site/app is doing. There's probably a reason why reddit kept old.reddit.com online for so long.
> Before shutting down your apps, please consider pushing a simple app update to enable specifying a custom client ID and Reddit API domain, as this would greatly simplify setup for allowing users to connect to real Reddit with a custom client ID or to connect to a custom Reddit server.
I wonder why I haven’t seen mention of this anywhere. It’s not clear how open reddit will be with distributing keys, but can’t hurt to try.
Is there a whitelist? For some reason they're blocking API access to reddit entirely which is annoying as I want to browse certain sites that rely on this API. Why would the reddit API be on these lists?
What prevents people (and Apollo) from simply using the same open APIs the the official reddit site/app?
The requests would be all made from a client, so how would they even know it's not their client? Is it illegal? Because I can make any reddit request with a curl, no?
Can we seriously not come up with a way to make a distributed reddit?
I imagine running a client on sandstorm.io which is pulling content from subreddits that are each hosted in a sandstorm.io instance.
Is the problem with that that it becomes too easy to doxx someone? That we like having a centralized authority that we can "trust" for authentication / authorization / pseudo-anonymity?
They reverse engineered the Reddit API used by the official web client. It's not the same as the public API. Shutting down this API would break the website.
reply