Use getpass for API

[cheginit]

I have a suggestion regarding credentials for API. Since passing user and pass as plain texts is not secure, you can use a Python built-in library called getpass. Here's an example:

import getpass as gp

urs = "https://ers.cr.usgs.gov/register"

prompts = {
    "username": "\n".join(
        [
            "Enter EarthExplorer username",
            f"(or create an account at {urs}): ",
        ]
    ),
    "password": "Enter EarthExplorer password: ",
}

user_data = {p: getpass(prompt=msg) for p, msg in prompts.items()}

This will prompt the user to enter the user and pass and will show asterisks (or bullets) as the user types the info.

Then you can carry on with login:

self.login(**user_data)

I can submit a PR if interested.

[yannforget]

Hi and thanks for the feedback,

I agree plain text credentials are not secure. But it allows for easier automation in shell scripts. Do you know if there is a way to do it with getpass?

Alternatively we could default to using getpass when credentials are not provided by the user

[cheginit]

NASA's EarthData uses netrc for their service. I looked at EarthExplorer's API but it seems that they need passing the user/pass directly to its web service. I think following a netrc approach be a good idea, meaning to read the info from a netrc file (or any other file). Perhaps this snippet from my TIL would give you an idea of what I mean.