I have doubts about the api key and api secret? I’m working with the rest of the server to server, so I’m using the token generated for a week, my question is to serve the key of the api and the secret of the api if it is not used in any request, or am I doing something wrong?