Most requests go to https://www.reddit.com[/path], where paths are either /api/... or /r/subreddit/... or similar, depending on the method. API docs give the details.
Many APIs permit unauthenticated access, but Reddit imposes rate limits and—perhaps more annoyingly—blocks various IP ranges (notably a bunch of AWS). Their support does not respond to tickets unless you embarrass them publicly. I lack both the ability and the desire to do that, so I needed another way.
So anyway, the recommended way to talk to the API is using OAuth, which is annoying if all you wanted to do was grab a few stats about your subreddits. Fortunately, they have a lighter-weight auth flow you can use, described in https://github.com/reddit-archive/reddit/wiki/OAuth2#application-only-oauth
In summary:
POSTtohttps://www.reddit.com/api/v1/access_tokenwithgrant_type=client_credentials.- Set basic auth to the
<app-id>:<app-secret>pair for your application.
This reports a JSON giving the bearer token access_token (a string) and an expiry time in seconds (expires_in). You don't get a refresh token.
To make authenticated requests, call https://oauth.reddit.com/ instead of www.reddit.com, and pass the token as an authorization header:
Authorization: bearer $TOKEN