As of right now, you cannot retrieve a permanent access token. You have 2 options that come close.
The first is to request a "refresh" token when using the standard OAuth flow. That's what you're doing by sending "duration" as "permanent" in your code. The refresh token can be used to automatically retrieve new 1 hour access tokens without user intervention; the only manual steps are on the initial retrieval of the refresh token.
The second alternative, which applies only when writing a script for personal use, is to use the password grant type. The steps are described in more detail on reddit's "OAuth Quick Start" wiki page, but I'll summarize here:
- Create an OAuth client (under https://www.reddit.com/prefs/apps) with type = "script"
- Make a request to
https://www.reddit.com/api/v1/access_tokenwith POST parametersgrant_type=password&username=<USERNAME>&password=<PASSWORD>. Send your client ID and secret as HTTP basic authentication.<USERNAME>must be registered as a developer of the OAuth 2 client ID you send.
Hey folks, this is baffling me - how do I create a new app/get API credentials?
When I go to /pref/apps I just get a "You are already logged in and will be redirected"
But when I get redirected I end up on the same screen.
Any insights? :-)
Thanks!
Videos
Hello all Ive been looking around the docs and cannot find how to get an api key. thanks
You'll need to clarify. We don't have "API keys." If you're writing your reddit client fresh, we recommend using OAuth and that comes with client IDs/secrets.
Remember the human. When you communicate online, all you see is a computer screen. When talking to someone you might want to ask yourself "Would I say it to the person's face?" or "Would I get jumped if I said this to a buddy?"
Adhere to the same standards of behavior online that you follow in real life.
Read the rules of a community before making a submission. These are usually found in the sidebar.
Read the reddiquette. Read it again every once in a while. Reddiquette is a living, breathing, working document which may change over time as the community faces new problems in its growth.
Moderate based on quality, not opinion. Well written and interesting content can be worthwhile, even if you disagree with it.
Use proper grammar and spelling. Intelligent discourse requires a standard system of communication. Be open for gentle corrections.
Keep your submission titles factual and opinion free. If it is an outrageous topic, share your crazy outrage in the comment section.
Look for the original source of content, and submit that. Often, a blog will reference another blog, which references another, and so on with everyone displaying ads along the way. Dig through those references and submit a link to the creator, who actually deserves the traffic.
Post to the most appropriate community possible. Also, consider cross posting if the contents fits more communities.
Vote. If you think something contributes to conversation, upvote it. If you think it does not contribute to the subreddit it is posted in or is off-topic in a particular community, downvote it.
Search for duplicates before posting. Redundancy posts add nothing new to previous conversations. That said, sometimes bad timing, a bad title, or just plain bad luck can cause an interesting story to fail to get noticed. Feel free to post something again if you feel that the earlier posting didn't get the attention it deserved and you think you can do better.
Link to the direct version of a media file when the page it was found on doesn't add any value.
Link to canonical and persistent URLs where possible, not temporary pages that might disappear. In particular, use the "permalink" for blog entries, not the blog's index page.
Consider posting constructive criticism / an explanation when you downvote something, and do so carefully and tactfully.
Report any spam you find.
Browse the new submissions page and vote on it. Regard it, perhaps, as a public service.
Actually read an article before you vote on it (as opposed to just basing your vote on the title).
Feel free to post links to your own content (within reason). But if that's all you ever post, or it always seems to get voted down, take a good hard look in the mirror — you just might be a spammer. A widely used rule of thumb is the 9:1 ratio, i.e. only 1 out of every 10 of your submissions should be your own content.
Posts containing explicit material such as nudity, horrible injury etc, add NSFW (Not Safe For Work) for nudity, and tag. However, if something IS safe for work, but has a risqué title, tag as SFW (Safe for Work). Additionally, use your best judgement when adding these tags, in order for everything to go swimmingly.
State your reason for any editing of posts. Edited submissions are marked by an asterisk (*) at the end of the timestamp after three minutes. For example; a simple "Edit: spelling" will help explain. This avoids confusion when a post is edited after a conversation breaks off from it. If you have another thing to add to your original comment, say "Edit: And I also think..." or something along those lines.
Use an "Innocent until proven guilty" mentality. Unless there is obvious proof that a submission is fake, or is whoring karma, please don't say it is. It ruins the experience for not only you, but the millions of people that browse reddit every day.
Read over your submission for mistakes before submitting, especially the title of the submission. Comments and the content of self posts can be edited after being submitted, however, the title of a post can't be. Make sure the facts you provide are accurate to avoid any confusion down the line.
As of right now, you cannot retrieve a permanent access token. You have 2 options that come close.
The first is to request a "refresh" token when using the standard OAuth flow. That's what you're doing by sending "duration" as "permanent" in your code. The refresh token can be used to automatically retrieve new 1 hour access tokens without user intervention; the only manual steps are on the initial retrieval of the refresh token.
The second alternative, which applies only when writing a script for personal use, is to use the password grant type. The steps are described in more detail on reddit's "OAuth Quick Start" wiki page, but I'll summarize here:
- Create an OAuth client (under https://www.reddit.com/prefs/apps) with type = "script"
- Make a request to
https://www.reddit.com/api/v1/access_tokenwith POST parametersgrant_type=password&username=<USERNAME>&password=<PASSWORD>. Send your client ID and secret as HTTP basic authentication.<USERNAME>must be registered as a developer of the OAuth 2 client ID you send.
A client_id and client_secret can be generated for a reddit account by going to https://www.reddit.com/prefs/apps and creating an app:
The part I have hidden is my client_id.
Then you can use a client like praw to access reddit e.g. with Python:
import praw
r = praw.Reddit(client_id='insert id here',
client_secret='insert secret here',
user_agent='insert user agent')
page = r.subreddit('aww')
top_posts = page.hot(limit=None)
for post in top_posts:
print(post.title, post.ups)
You could use your current browser's user agent, which can be easily found by google searching "what is my user agent" (among other ways).
Please change ALL of the following:
API key
Redirect URL
User-Agent (in Infinity)
Please don't just change the API key!!!!!!!!! And please use another app name without infinity in it 🥺.
I found many users had made some tutorials about how to use your own API key, like this post, but none of them mentioned the other two things. If you don't change all of them, reddit still knows you are using Infinity, but with your own key.
You can see more info here.
I submitted that API application form (via Google Docs) weeks ago, but I haven't heard anything from Reddit.
You don't need approval for anything. You just use the form at /prefs/apps to obtain a key. I believe registering with the google form is a useful if you're planning to make an app or something that lots of people will use, and you're planning on monetising it somehow, and you want to give them a way to contact you. They aren't going to send you a response just for filling out the form.
I believe current policy is that the API app form is informative only (gives the reddit employees contact info in case they need to talk to you about your bot and can't reach you on reddit).
You can immediately start working with the client ID/secret you generate on the app creation page
I need to add authentication so that when a user makes a request to the API the API will check if they are able to make requests. I’m not sure how API keys are created or how to make them useable though. Are there any good articles or videos I should watch to learn more about API keys?
Made a simple site. Yes this is a self promotion.
It costs nothing.
https://www.unsecuredapikeys.com/
Do I need to be a developer to use an API key? No
Do I need some special knowledge? No, anyone can use it, either through the OpenAI playground (https://platform.openai.com/playground) or other 3rd party apps that allow you to use your key.
Where can I get my own API key? You need to register and log in here: https://platform.openai.com/account/api-keys you also need to set up your payment details with OpenAI to activate your API key.
What's an API key, and why do I need it? ChatGPT is great, but the app has only a limited set of features. OpenAI provides programmatic access to their models via the APIs so devs can use it to build other apps for any use case. An API key is like a personal password. When you use apps with your key, the usage will be billed to your account. The reason why it's become a popular model nowadays is because you only get to pay for what you use and avoid subscriptions.
How and when can I use it? An example could be getbeam.ai, a native ChatGPT app for Mac. This app provides an alternative ChatGPT UI and lets you use your API key. This means you only pay for what you use instead of paying some subscription or monthly fee.
How much does it cost? Is it expensive to use APIs? GPT-3.5 is very cheap; you can use it all day, every day, and your monthly bill will most likely stay under $5
- GPT-4 is more expensive (input: $0.03 / 1K tokens, output: $0.06 / 1K tokens), but it still depends on your usage.
I mostly use GPT-4 as a Google replacement for programming; my prompts are usually quite short, and I don't need 5000-word essays. So, my monthly bill has constantly stayed around $5. But I know some power users who spend $100+/mo
Is it safe to share my API key with 3rd party apps? Yes and No. If some bad actor gets access to your API key two things can happen: they'll use it, and you'll end up paying the bill. They misuse it, and your account can be banned.
The first can be mitigated by setting the spending limit so it will never exceed $20, for example.
If you're using apps from credible sources and have a spending limit on your account, you should be OK.
Can I have multiple API keys? Yes, you can generate multiple API keys. This can be useful if you want to track usage across different applications.
Can APIs replace ChatGPT? Not entirely. When OpenAI rolls out new features to ChatGPT, they're usually unavailable via the APIs immediately. They're not always in sync.
In summary, if you see 3rd party apps saying "Requires OpenAI API Key," it only takes a few clicks to set up. Be careful with how you manage your key to avoid potential misuse. Never share it with random people. Make sure to set the spending limit and only use apps that you can trust.
I m having an issue getting an API key for google maps. I just want a map integrated in my Application so a user can search the highlighted places but google seems to ask for a credit card which I dont have. If there are any other open source maps which give API keys. what can I do?