Auth thru API without showing password

We are using /api/Account/Authenticate to auth using postman or any other scheduler, but doing that we need to expose the userid and password as part of the Json body.
Is there any other way like config files to manager auth?

Sorry, it was not clear to me if your question is related to postman or API related.

In the case of the postman, you can create an Environment, within this environment you can create variables, and in the Test tab of your postman you can use the script:
pm.test (“YourFunction”, function () {
var jsonData = pm.response.json ();
pm.globals.set (“YourVariable”, jsonData.token);

This lets you develop and test using private credentials or experimental values, without risk of exposing these details or affecting others on your team.

Its more related to api. If i try thru control m o tidal scheduler i need to detail the password in the jason body