I am calling PF and PA REST Web services using username and password but it seems vulnerable to provide credentials.Is there a way to provide the only Authorization code for REST AP service calls instead of credentials?.
At the moment am calling in this way
root@ubuntu:/home/joe# curl -k -u "**UserName:Password**" -H "X-Xsrf-Header: PingAccess" https://localhost:9000/pa-admin-api/v1/virtualhosts
The PingAccess administrative API supports OAuth Access Tokens for authentication. They must be access tokens issued by PingFederate (using any grant type) and contain a configured scope for administrative API access. For more details see: https://support.pingidentity.com/s/document-item?bundleId=pingaccess-52&topicId=reference/ui/pa_t_Configure_API_Authentication.html
PingFederate itself currently does not support OAuth for administrative APIs however there are a number of options for authentication. The most secure form of authentication currently supported is client certificate authentication. For more details, see: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-92&topicId=adminGuide%2FconfiguringAccessToTheAdministrativeApi.html