Suppose I'm going to create a sdk of my own service. On my experience, most sdks have two things to auth the app which are api_key & api_secret. As I known, the api_key used for identify the app, and the api_secret used for access control and verify something what you said is true. Without those two things, you can't use anything of the sdk.
For example if I need to integrate a sdk into my android app, first I should go to the sdk's console website to register my app, and it will give me the key and secret. While I'm using the sdk, generally I need to call a init method on Appliation.onCreate() passing the api_key and api_secret.
My question is how does such a sdk leverage those two things? I guess it works as username & password pair for token exchanging with server by using some protocals like OAuth, and then the other quests just passing the token is enough.
So what should I do if I'm going to create my own sdk, I can't find any articles of that on the internet. Do we already have such things open source? The explanination is also important because I still don't kown how they working. I'm very interested in the theory behind that.
Please notice I don't need any solution, I just want to known how's it working.
I also find this and this in stackoverflow but they are totally not the same things what I talked.