InfoSec: Your API payloads are in clear text 😱 Me: They're over TLS 1.3. InfoSec: Yes but I can read the JSON. Me: Because your browser decrypted it. For you. On purpose. InfoSec: Please encrypt the payload before sending over HTTPS. Encrypt the encryption. #rant

@bit_fury I would encrypt it only for their user account. Problem solved.