If you’re trying use just what’s in the Dev console, then it sounds like you’re trying to use the Client Secret as an OAuth token, which it’s not.
Make sure to follow the Authentication Docs to get an OAuth token. If you’re building a public webpage you’ll need to use the Implicit or Auth Code flows for the user to log in to the site and generate a token that can be used for API requests.