Fetching an Access Token requires your App Key and App Secret. If you request it from the client, your code could be decompiled, exposing your App Key and App Secret.
- Always get Access Token from the server in production. Your client app should call the Server API through your app’s server to request the Access Token. For details, see the Server API docs Register a user.