Get Started with the Reddit API

Follow step-by-step instructions to configure the Reddit API tokens.


In this lesson, we'll set up the Reddit API tokens. You should sign up and make a new Reddit account to use the API.

Note: Using the API can occasionally result in your account being flagged as a bot. We strongly recommend not using your personal account and continuing the course by creating a new Reddit account.

Once you've logged in to your Reddit account, go to this link and follow the steps below.

Get the API tokens

  1. Click on the "are you a developer? create an app..." button.
  2. In the fields, add the following information.
    1. Add the name of your application.
    2. Select the "web app" option.
    3. Add the "description" (optional).
    4. Skip the "about url".
    5. Add the URL in the widget below in the "redirect uri" field.
  1. Click on the "create app" button.
  2. Once the application has been created, copy the "secret" and the "personal use script" token in the widget below,. These will be called CLIENT_SECRET and CLIENT_ID respectively throughout the course.

Request an access token from Reddit

The access token is a string of characters used to authenticate a user without a password. We can use the token to make API calls on behalf of the user, which in this case is going to be ourselves. To obtain the access token, use the following endpoint:

Furthermore, the received access token will temporarily last for 24 hours. After it expires, we can either refresh the same access token or make a new one by calling the same endpoint. We use the refresh token to renew the access token.

Some important (required) parameters that we'll use to call the endpoint are as follows:








This refers to the way an application gets an access token. Since we want to use OAuth to get the access token, we'll set the value of grant_type as authorization_code.




This is the username you use to log in into Reddit.




This is a one-time use code that may be exchanged for a bearer token.




This is a string of random characters, used to authenticate a user.




This is a string of random characters, used to authenticate a user.




This is used to identify the source of a network request. You need a unique and descriptive user_agent.

The expected output of this endpoint is a JSON response with the following information.

"access_token": Your access token,
"token_type": "bearer",
"expires_in": Unix Epoch Seconds,
"scope": A scope string,
"refresh_token": Your refresh token

Next, add your username and tokens to the widget below and press "Run" to start the flask server.

# Importing necessary python modules
from flask import Flask, request
import requests
import json
import random
import urllib.parse

# Declaring variables

# Making a state variable which is used to generate the URL
state = str(random.randint(0, 65000))

# Encoding the redirect URL to UTF-8
redirect_link = urllib.parse.quote("{{EDUCATIVE_LIVE_VM_URL}}")

# Final URL which takes user to Reddit's permission page
URL = f'{CLIENT_ID}&&state={state}&redirect_uri={redirect_link}&response_type=code&duration=permanent&scope=%2A'

app = Flask(__name__)

# Route which accepts all calls to root URL
@app.route('/', methods=['GET', 'POST'])
def catch_all():
    # If "code" is in the query string, the request is from Reddit.
    args = request.args.to_dict()
    if "code" in args:
        url = "" 

        auth = requests.auth.HTTPBasicAuth(CLIENT_ID, CLIENT_SECRET)

        data = {'grant_type': 'authorization_code',

        headers = {'User-Agent': 'testscript by u/{{USERNAME}}'}
        # Making a request for the access token using the "code" 
        response =, auth=auth, data=data, headers=headers)
        return response.json()
    # Responding with the generated URL.
    return f"Click on this <a href=\"{URL}\" target=\"_blank\">link</a>."

if __name__ == "__main__":'', port=8000, debug=True)
Using OAuth to get the access token

Follow these instructions to get the access and refresh token.

  1. You should see a hyperlink in the "Output" tab of the widget above.
  2. Click the hyperlink to open the Reddit's permission page in a new tab.
  3. After you press the "Allow" button, you will see two tokens on the screen.
  4. Copy the access and refresh tokens to the widget below to continue the course.

Below, we further explain the code that is used to get the access token:

  • Lines 2–6: We import the required Python modules.
  • Line 13: We generate a random number and set it to the variable state.
  • Line 16: We encode the redirect URI to use it in the URL. We make the URL that would take us to the permissions page of Reddit in line 19.
  • Line 24: We declare a route on our Flask server that handles all calls to the server. In line 28, we then check if the parameters of the request contain the key of code.
  • Lines 29–42: We make and send a request to the endpoint with the value of the code in the request's body. We receive a refresh and an access token in response to this request.
  • Line 44: We return the JSON with the access and refresh token.
  • Line 46: We return the generated URL because the request is not from Reddit's permission page.
  • Line 49: We start the Flask server.

Verify your access token

Add the refresh and access tokens in the code widget below. Click "Run" to verify them.

# Using some hidden code to verify the tokens.

Now that we’ve saved our tokens, we can start making API calls.