@Sim commented on @Sim’s file : even i can see the token in the response too :S , AFAIK we need to hide so no one can use it against our app . or i am getting the whole idea wrong , this is coming from full advance boiler plate example. how do i hide password and this data , even though i am making a post call then what is going on why every thing is so openly visible , can any one please explain to me ?