All the 3rd party APIs we use (Clarifai & 500PX) use OAuth to authenticate the api calls. Currently, we just hardcoded the access_token which is not the best practice. Since when the token expired, our endpoint will fail by 401 Unauthenticated errors. A better way to do it is using client_id and client_secret (which won't change) to let the API servers create access_token for us each time we make a call.
For security, the client_id and client_secret should be hidden. See issue #30
All the 3rd party APIs we use (Clarifai & 500PX) use OAuth to authenticate the api calls. Currently, we just hardcoded the access_token which is not the best practice. Since when the token expired, our endpoint will fail by 401 Unauthenticated errors. A better way to do it is using client_id and client_secret (which won't change) to let the API servers create access_token for us each time we make a call.
For security, the client_id and client_secret should be hidden. See issue #30