I am currently making a file server (Based on HTTP) for my service. I want an upload key, so a key that is needed for uploading. To get this key, the client has to provide his login data.
Let’s say my site has the following link where you can get the key:
Currently, the client must specify his credentials in the query of the get request. So in my example:
As you may already see, this is not really secure. It is recorded in the server’s log data and can be easily seen by others.
Now my question is:
How could the client now send the authentication data to the server in a secure way?