<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="font-family: Calibri, sans-serif; font-size: 14px; color: rgb(0, 0, 0);">
I'm setting up a new gateway in apiman. I put in the wrong password for the configuration endpoint credentials, and this is what I got on the &quot;New Gateway&quot; screen:</div>
<div style="font-family: Calibri, sans-serif; font-size: 14px; color: rgb(0, 0, 0);">
<br>
</div>
<div style="color: rgb(0, 0, 0);"><strong apiman-i18n-key="gateway-config-invalid.title">Gateway Configuration Invalid</strong>
<div apiman-i18n-key="gateway-config-invalid.msg">Something has gone wrong when testing the Gateway. Hopefully the details (below) will help you figure out what.</div>
</div>
<div>
<blockquote style="font-family: Calibri, sans-serif; font-size: 14px; margin: 0px 0px 0px 40px; border: none; padding: 0px;">
<div apiman-i18n-key="gateway-config-invalid.msg" style="color: rgb(0, 0, 0);"></div>
</blockquote>
<div style="margin-top: 8px;">
<pre class="ng-binding" style="font-family: Calibri, sans-serif; font-size: 14px;">{&quot;data&quot;:&quot;&lt;html&gt;&lt;head&gt;&lt;title&gt;Error&lt;/title&gt;&lt;/head&gt;&lt;body&gt;Unauthorized&lt;/body&gt;&lt;/html&gt;&quot;,&quot;status&quot;:401,&quot;config&quot;:{&quot;method&quot;:&quot;PUT&quot;,&quot;transformRequest&quot;:[null],&quot;transformResponse&quot;:[null],&quot;data&quot;:{&quot;name&quot;:&quot;The Gateway&quot;,&quot;description&quot;:&quot;Gateway to back-end services&quot;,&quot;configuration&quot;:&quot;{\&quot;endpoint\&quot;:\&quot;https://[GATEWAY_URI]/apiman-gateway-api/\&quot;,\&quot;username\&quot;:\&quot;apimanager\&quot;,\<b><font color="#ff2600">&quot;password\&quot;:\&quot;api-manager$65454\&quot;</font></b>}&quot;,&quot;type&quot;:&quot;REST&quot;},&quot;url&quot;:&quot;https://[APIMAN_URI]/apiman/gateways&quot;,&quot;headers&quot;:{&quot;Accept&quot;:&quot;application/json, text/plain, */*&quot;,&quot;Content-Type&quot;:&quot;application/json;charset=utf-8&quot;,&quot;Authorization&quot;:&quot;Bearer [TOKEN]&quot;}},&quot;statusText&quot;:&quot;Unauthorized&quot;}</pre>
<pre class="ng-binding"><font face="Calibri">Granted that only a mistaken password is shown, this still doesn't seem secure, and also makes me wonder if the credential may be exposed in other similar places. Should I raise an issue on this?</font></pre>
<pre class="ng-binding" style="font-family: Calibri, sans-serif; font-size: 14px;"><br></pre>
</div>
</div>
</body>
</html>