Recently Instagram has implemented signed requests https://instagram.com/developer/secure-api-requests/. I own a website that has thousands of users making api requests, I currently use signed headers and am getting 100 likes/hour and 60 relationships/hour, which is the highest.
My question is, is it necessary to sign both the header and the request, or is the header enough? And what would be the benefits to signing both, Instagram does not really specify this.
Any help would be great thanks.