When specifying the password in the "Password" field of the REST step, the password field is protected.
However, the password appears in plaintext in the URL field.
Is this by design?
All supported DevTest environments.
Yes, this is by design.
The window is a graphical representation of the URL command for the REST protocol.
When using REST, the password is always sent as plaintext.