client-secretdue to security considerations - frontend application source code is available in a browser. Instead, user authorizes the application and gets redirected back to it with a temporary access code in the URL. Application exchanges that code for the access token. For more detailed information read OAuth 2.0 specification.
redirect_uri, as well
DELETE /Sessionwith the token in Authorization header:
GET /Sessionto get all sessions.