For some reasons, I analyze the redeem protocol again.
Last time I looked into it about 18 months ago, there were two requests after entering code and pressing Redeem button on its landing page.
Code can be found here: /sskaje/code/itunes/auto_redeemer.php
1 Submit an html form to an address like ‘/WebObjects/MZFinance.woa/wo/18.104.22.168’ with the redeem code.
2 If the redeem code is not usable, error message will be displayed; otherwise iTunes would prompt a login dialog to ask your password.
3 After being re-authenticated, a second request would be sent, which performed a real redeem action.