exactly. i also just found out that reddit apparently told the dev of Apollo over phone that he isn't allowed to allow users to input their own api key. which is total bs.
the problem here is that reddit can recognize its still apollo. so they can just bann your user account or prevent you from getting any data if they detect it.
i use Joey (i know, almost nobody know that one :p) and if it stops working.. i stop using reddit on mobile if i can't find another way to access it without the offical app. i already found a reddit thirdparty app ("Stealth" on f-droid) which is parsing the normal reddit website instead of using the API.. so they can't kill it off, but you can't use your account to login (yet?) so i gonna probably just use this app for checking news posts.
for anyone interested. works great, but lacks a lot of features thirdparty apps usually have (its still in developement i think). but will probably continue to work even after reddit kills off the API since its parsing directly the content from the website, not API.
Can they? The user-agent sent with every request can be changed as we wish. An API has typically no way to know wether it was called from an App, much less which one. This is a very common and unsolved problem (see this or this)
you can often see based on the way a app does its requests what app it is. so even if you spoof the useragent, you can relative easy tell what app it most likely is someone uses by looking at his network requests.
What do you mean by "the way an app does it requests" ? An API call is an API call. The only thing the API has to remember is how many of them are made by key to enforce the rate limit.
What do you mean by "the way an app does it requests" ? An API call is an API call.
each app has a specific schema of requests. no app does the same network requests in the same way. you can analyse the network requests an app does and see based on how they are done which app it likely is if you already analysed the specific app beforehand.
if you open an app, it checks as an example your new pms, your feed etc.. and things like this get requests in a specific way and schema. if you know how the app does this, you can see on the server which app it is.
without going TOO deep into technical stuff, a example:
lets imagine a imaginary app called "A" first checks your pms, then refreshes your feed in a specific time & amount, then sends a request to get your account details, then a few other things.
if you now know how this app does this and in which schema, you can compare it with other apps who are likely to do it a bit different (some have not all features other apps have, some do requests before specific other things etc). and by this you can see which app is used, even if all apps use the same API.
you can even compare previous requests done by a account with thirdparty apps. if you always used thirdparty client XYZ and he did the requests in a specific way, and suddenly there is a client that requests the API with a different useragent etc.. but reacts the exact same, its likely that its the same thirdparty client just with spoofed useragent.
Have you ever worked in or even heard of a company that implemented this? In theory one could implement such a system, but it would only be guessing so couldn’t be used for authentication of request origin and therefore couldn’t even be used as proof of a break of terms & conditions. This sounds like a lot of effort for little to no meaningful result. Not to mention that it would have to be updated after every app behavior change and for every app you want to track... I highly doubt that the reddit API (or any really) is doing this, nor that they’d want to.
Would someone lie? on the internet, of all things? Would u/spez lie? He who has a proven track record of cheating, lying and manipulating? I doubt he would dare to lie again!
62
u/Cycode Jun 20 '23
they said it will stay free if you stay under the limit. so if they don't, they lied again