To use the Plan API OAuth 2.0 a developer has to register an application. An organization has to register as a user by creating a Smart App, validating it in Sandbox and send Production Request for review. A registered application is given a client ID and a client secret. The secret should only be used if it can be kept confidential, such as communication between your server and the respective Plan API.