I'm learning Ruby on Rails and I'm trying to implement Instagram API.
I'm reading through documentation https://github.com/Instagram/instagram-ruby-gem and in the configuration portion it says to put
Instagram.configure do |config|
config.client_id = YOUR_CLIENT_KEY
config.access_token = YOUR_ACCESS_TOKEN
end
But I'm currently following a sample application which instead of access_token, it has client_secret like this:
Instagram.configure do |config|
config.client_id = 'YOUR_CLIENT_KEY'
config.client_secret = 'CLIENT_SECRET'
end
Now I'm wondering what the difference is between client secret and access token?
Thanks
Both the client secret (required) and the access token (optional) are used to sign the Authorization header. The client secret is the part of the signing secret that is assigned to the client, while the access token is the part of the signing secret that represents an authorized user.
So in general, you'll always need to use the client secret. If you're authorized to act on behalf of a specific user, you'll also be using the access token that represents that user.