If you need to pass username and password for Basic Auth you need to send that in headers e.g.
$headers = array('Authorization' => 'Basic ' . base64_encode( YOUR_USERNAME . ':' . YOUR_PASSWORD );
$response = wp_remote_post( $url, array(
'method' => 'POST',
'timeout' => 45,
'headers' => $headers
)
);
If you need to pass username and password as value you can send it in body e.g.
$response = wp_remote_post( $url, array(
'method' => 'POST', // Use 'GET' for GET request
'timeout' => 45,
'headers' => array(),
'body' => array(
'username' => 'test',
'password' => 'xxxx'
),
)
);
//Get the response
if ( is_wp_error( $response ) ) {
$error_message = $response->get_error_message();
echo "Something went wrong: $error_message";
} else {
echo 'Response:<pre>';
print_r( $response ); // You will get the token in $response, the $response usually in JSON or XML.
echo '</pre>';
}
Once you have the token you can send that in URL again to wp_remote_post
function
For your other question you must encrypt any sensitive information and decrypt it when you need it.