I am running across several API's (including CA products) that require the password to be part of a json payload in an http post. In these cases the password can't be secured by using the password datatype because PAM considers constructing the json string to be string manipulation.