I have a process which uses an API and does not support any of the options under the authentication in the connector e.g. Basic, OAuth, etc.
Instead it relies on the username and password being transmitted over HTTPS to the API in the URI e.g. http://api.myapi.com/security/signon/user=admin&pass=pass
And the session token is returned in the response from the API and used as the "Authentication" header on subsequent requests
I read up online in the documentation that you can use extensions but they do not relate to this method
It also states in the documentation that "Process property values of data type Hidden are not visible in the UI. Hidden process properties should not be used to store passwords, however, because their values are not encrypted." which I confirmed by showing the HTML source of the page where these are managed and the password field shows the value in clear text
Therefore is there a preferred method of encrypting these values? I need to be able to reference them in parameters in a flow but I do not want any user who gains access to a compromised account to be able to lift these credentials
Any help would be appreciated - for now we will simply increase the password strength of our account