Errors while refreshing tokens causes sensitive information in the query string of the request to be logged

We use a third-party library to make HTTP requests to ecobee and this library automatically logs the URL including the query string when it gets an error response. Since the API requires that sensitive information such as the refresh token and app key be included in the request's query string, the information is getting logged when the API returns an error.

We would strongly prefer that sensitive information not be sent our logs. If we could optionally put the information into the POST request's body, that would solve our issue.

1 person has
this problem