Menu
I am following railscasts 235-devise-and-omniauth-revised. The first step is setting up a twitter app credential. I found that there is
Consumer key/Consumer secret
and also
Access token/Access token secret
My question is simple, Why there are two pairs of credential, What's the right scenario to use them.
I noticed here is another same question, which is not help much.
Okay, Then, As far as I know, consumer_key pair is for server. access_key pair is for client. check below comment. Add your answer if you have other understanding.
932
The main distinction between these two is: API keys identify the calling project — the application or site — making the call to an API. Authentication tokens identify a user — the person — that is using the app or site.
An access token is a tiny piece of code that contains a large amount of data. Information about the user, permissions, groups, and timeframes is embedded within one token that passes from a server to a user's device.
The consumer key is for your application and client tokens are for end users in your application's context.
If you want to call in just the application context, then consumer key is adequate. You'd be rate limited per application and won't be able to access user data that is not public.
With the user token context, you'll be rate limited per token/user, this is desirable if you have several users and need to make more calls than application context rate limiting allows. Your total call capacity (usually per 15 minutes) = number_of_user_tokens X per_user_token_per_api_rate_limit. Also, this way you can access private user data.
Which to use depends on your scenarios.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
