Continuing the discussion from Discourse API Documentation:
An unfortunate (in this context) characteristic of GET parameters is that they get logged all over the place, possibly including the discourse server, load balancers or proxies closer to the client.
Is there a way to provide the authentication details other than as GET parameters? E.g. many APIs allow for them to be passed via a custom HTTP header.