security concern with GenerateSession method of SmartApi class .net


  • HI,
    I found below code which is concerning from security reasons. Smartapi class has function name Generatesession which is used to generate required token. However, below code post userid and password in plain text which is vulnerable from security perspective. Please confirm. Also, please let me know with we encode same string using any encoding technique will serve be able to decrypt information and provide required tokens.

      public OutputBaseClass GenerateSession(string clientcode, string                                                                password)
            {
                OutputBaseClass res = new OutputBaseClass();
                res.status = true;
                res.http_code = "200";
                try
                {
                    AngelTokenResponse agr = new AngelTokenResponse();
    
                    string URL = APIURL + "/rest/auth/angelbroking/user/v1/loginByPassword";
    
                    string **PostData = "{\"clientcode\":\"" + clientcode + "\",\"password\":\"" + password + "\"}";**
    
    

  • HI @fcoder Connect us at api@angelbroking.com