I am trying to create an automation rule that sends a Web Request. The API uses OAUTH2 for authentication, so in an initial action, I need to request for an access-token, which will then be returned in the response body, then I will be able to use this access-token in the header of subsequent API calls as a bearer token.
I want to understand the security implications of this in terms of the chances of the bearer token being exposed. I understand that Header values of the Send Web Request Action can be 'Hidden', so you can configure the access-token as a smart-value in the subsequent API calls as a Hidden value.
My concern is if the response body of a Send web request is logged anywhere in which the bearer token will be exposed in the first request.
