I have a security question which I find hard to believe that there is no option for it.
When performing various API Calls to the Orchestrator platform (on premise) how can I make sure that the username & password I have to provide in the POST request can be encrypted / hashed?
What I’d like to do is hash+salt the credentials in my application / plugin or whatever (C#/.Net/VBA doesnt matter) and get a Bearer token with these hashed or encrypted credentials.
So far I can only authenticate with providing the credentials as plain text which is pretty bad. Automatic AD authentication is similarly awful.
Is it not possible for the MSSQL database to compare credentials against a hashed value? If that is possible I could hash my credentials, provide the hashed value in a JSON String with the POST request to the platform and authenticate this way.
Can I encrypt my credentials via AES_CBC_256 and provide them this way in my HTTPRequest?
There must be a security option to avoid security plain text in code I am not seeing.
Does anyone have a clue on this?
Thanks in advance.