swagger-petstore-openapi-3-0

Redesign needed: switch to POST /user/login with credentials in the request body (JSON or form-encoded), enforce HTTPS, mark credentials as required, avoid logging sensitive data, and implement proper authentication flow with input validation, rate limiting, and potentially MFA. The current design presents medium-high security risk due to credential exposure in URLs and logs.