Signal API via https?

I am a new comer, so apologies if this is well known already, but can I use https with the signal API? I am uncomfortable sending user name and password in the clear over http.



I have found an old forum post from 2005 stating that https would be supported soon with the permissions page (not sure what that is). But I can find no reference to https in the signal API documentation.



Thanks

Donald:



Instead of using https, which places a high load on server infrastructure, and is not really appropriate for a high-frequency polling interface, let me propose the following. What if I create a separate “API password,” which only gives API-function access (IE can’t be used to log in to your C2 account). This could then be delivered over cleartext. Would this provide adequate comfort?

Thanks for the response Mathew. https would indeed be a lot of overhead. Are you proposing a separate API of functions which don’t require the password or an API which can be used for authentication of a session (which I guess would use https and set a cookie). Or something else - I may not be parsing your presponse properly.



I’ll have to decide the most expedient way to handle this. My first thought was a second password you could use solely for API commands. That second password would give you full API access without allowing C2 web account access.



But better, I think, is your suggestion: a new command (initiated through https) to request a session id. Then, subsequent API commands could be issued in clear text across http, using that session id. Obviously this wouldn’t protect the content of the API messages, but it would protect the user login info.