Hi @Alexander Stump ,

First of all, if you do not have a control over that REST API, then you might not be able to do much about it as it is designed like that to accept the credentials in the body and not using Basic Authentication.

In terms of storing the password, storing it in plaintext is definitely NOT a good way to go. You can have a  look at the password storage cheat sheet from OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html 

There are various ways to avoid storing it in plain text but since you need to be able to retrieve the password in plain text to be used for your API, you can have a look on how to implement symmetric encryption. Basically, you would need to encrypt your plain text first, then store it encrypted. Then when you will need to get the plain text, you have to implement a decryption mechanism.

You can have a look at this Cryptographic Cheat Sheet for more information on OWASP recommendation on encryption: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html 

If you are looking for a component for encryption, you can have a look at CryptoAPI from Forge: https://www.outsystems.com/forge/component-overview/437/cryptoapi-o11 

You can use this component to encrypt your plain text password and then store it, then decrypt it and get back the plain text once you need to call the rest api. 

Hope this helps.

Regards,

Bryan

Is this is a global setting at the application level or it's different for each user ? If this is a global setting you could store this information in Site Properties with Is Secret set to Yes.

Hi 

For store password in a table and encrypt/decrypt the value by logic. or as Siya's suggestion  using site property.

For passing passwrod it is depends on the API you want to consume. 

Regards,