I have got a React application and also a backend API server which are hosted separately. I use cognito for authentication. When the user signs in, I receive 3 tokens - id token, access token and refresh token.
I have read that id token is used for authentication while access token is used for authorisation.
I am a bit confused which token (id token or access token) should I use when making API requests to the API server.