Reddit API Key
Service Name: Reddit
Service Description: Reddit is a social news aggregation, content rating, and discussion website where registered users can submit content such as text posts, images, and links to external content. The Reddit API allows developers to access Reddit data and build applications that interact with the platform.
Service Address: https://www.reddit.com/
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but rate limiting is applied based on client ID.
Secret Access Scope: Grants programmatic access to Reddit's API endpoints, allowing applications to read public data, post content, manage subscriptions, and interact with Reddit's features based on the authorized scopes.
Secret Revokement URL: https://www.reddit.com/prefs/apps
Secret Example: pX-xSqDX9zKlm5eVmPnTgXFhMnHQtA
Suspicious Activity Investigation Instructions:
-
Review the Reddit developer dashboard for unusual API usage patterns or spikes.
-
Check application logs for unauthorized requests or unexpected behavior.
-
Monitor for content being posted or accessed through your application that you didn't authorize.
-
Review OAuth token usage and refresh patterns for anomalies.
-
Check if your application is experiencing rate limiting, which could indicate abuse.
Mitigation Instructions:
-
Navigate to your Reddit account preferences at
https://www.reddit.com/prefs/apps -
Locate the application associated with the compromised API key.
-
Click "revoke" or "delete" to immediately invalidate the credentials.
-
Generate a new client ID and client secret for your application if needed.
-
Update your application with the new credentials.
-
Review and restrict the OAuth scopes to only what is necessary for your application.
-
Consider implementing additional authentication measures in your application.
-
Monitor API usage after replacing the credentials to ensure no unauthorized access continues.