For example purposes it's fine. Also, if you're using HTTPS then no one will see query params.
You can send username and password as standard POST data with content-type application/x-www-form-urlencoded and then those params will not be part of the URL.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
But sending the username and password in url localhost:8080/api/authenticate?us... , isn't it a security flaw itself?
For example purposes it's fine. Also, if you're using HTTPS then no one will see query params.
You can send username and password as standard
POST
data with content-typeapplication/x-www-form-urlencoded
and then those params will not be part of the URL.