Using the Reddit API securely (HTTPS/SSL)

[JamesGold23]

Simply changed the protocol to HTTPS and the host to ssl.reddit.com. Logging in and new captcha work fine but subreddits new fails with a HTTP 302 redirect error. Could be because Reddit is trying to redirect the request to a HTTP URL, but HttpURLConnection doesn't allow cross-protocol redirects.

[JamesGold23]

"At the time of this writing, reddit does not support API requests over HTTPS when authenticated via cookies (however, the authentication flow should be done over HTTPS). However, if using OAuth, HTTPS is required. The downside is that only API endpoints accessible via OAuth can be used; though the majority of common endpoints are covered, there are a few missing."

http://stackoverflow.com/questions/24153339/how-to-use-the-reddit-api-securely-https/24210196?iemail=1&noredirect=1#24210196

[corydissinger]

It seems like for the time being, the proper changes for us to maximize our usage SSL requests to the Reddit API would be as follows -

1. Non-OAuth based requests (bots would be primary consumers of this functionality
   1. Modify RedditRequestor so that an additional executeSecurePost method is available
   2. Modify Reddit.login() so that it uses the above method
2. OAuth based requests (a third party website making API calls on behalf of a user)
   1. Unfortunately, this would require a major refactor of raw4j. My initial goal was to use this with bots, not websites. The way requests are made would have to support OAuth.

Does this make sense?