client/user token implementations leak credentials in logs

[ChristianSch]

Hi,

As both client and user token implementations use query strings, the credentials can actually leak in any logs on the server (mine/our/the clients). It is preferred to actually include them in the request body instead. Quoting the api doc:

• Even though finAPI is not logging query parameters, it is still recommended to pass the parameters in the POST body instead of in the URL. Also, please set the Content-Type of your request to 'application/x-www-form-urlencoded' when calling this service.

Relevant: #37

[proshin-roman]

Hi Christian,
thanks for the request!
Yes, you're right about this issue - all credentials should be submitted in the body of a request. This is a bug and it will be fixed (feel free to submit a pull request).

[ccostin93]

@proshin-roman Will try to fix this issue over the weekend