What is the difference between using an auth header and the request body to send credentials?

I have an API that uses JWT token-based authentication. In order to get a short-lived token, the client first calls a /Token endpoint, passing username and password in the body of the request. As I understand it, this is a st… Continue reading What is the difference between using an auth header and the request body to send credentials?