[383toast]

What's the stance on security for handling private tokens/cookies/sessions/etc?

[mormegil]

My first thought. Do I understand correctly that the HAR with all my session cookies, username&passwords&etc (not mentioning possibly sensitive data in the service) is sent to OpenAPI? Well… just… be aware of it if you want to try this.

[richardzhang]

This is certainly an important question. We use a third-party vault to store tokens/keys.