In the meantime, I have come to a few conclusions, based mostly on authentication credential handling. Specifically, there seems to be only one way to keep a password hidden.
- If I use the RESTful API directly, the credentials are contained right in the URL and are sent over the net in plain text.
- If I use the RESTFul API with digest authentication, I can hide the credentials over the net, but they are still in plain text in the Shortcut. And, the Shortcut is quite complex.
- Using Pythonista has the same problem, clear text in the python script, but encrypted on the net. However, it looks like there is a way to get a password from the keychain using the keychain module provided with Pythonista. One complication, it looks like Pythonista itself must store any passwords it will later retrieve. So, that will require a separate means to enter the password the first time.
- So, at least for now, that leaves @mundmc's SSH script method. This approach hides the password locally and over the net. The only downside is that it seems to operate a little more slowly. Probably because it must first establish the ssh connection and then execute the command.