Using API for login - concerns about passwords

Here’s my use case:

I want users to be able to create an account on my website and then be able to log in from an Android app.

I’ve built the site in Bubble and started hooking up the API. I was following the Dropsource example.

Here’s my concern.

In the Dropsource article, they suggest that I “add two text parameters, one for the email address and one for the password.”. These are passed by the POST to the Bubble app.

Does this mean that passwords are being sent in plain text during login? If so, that’s a security concern. Is there a way to make sure the password is not easily readable?

All suggestions welcome.

-Nick

One thought: is the data in the POST automatically encrypted if it’s over https instead of http?

Yes, that is what HTTPS is … SSL over the internet. So encrypted.

Ahh. So I’m worrying about nothing.

Just saw “password as text” in the API setup and had a “moment”. All better now, thank you :slight_smile: