Custom API plugin to execute 3rd party API to retrieve data
I am new to WordPress here.
I have this request where I need to create a custom REST API plugin where when user triggers the following URL link:
The plugin will perform the following:
a. Execute CURL POST (using the username and password stored within the plugin) to retrieve the token
b. Execute CURL GET using the token retrieved, order number and coupon ID (specified in the URL) to retrieve the coupon information.
Is there any security concern the credential stored within the plugin?
Is this setup approach feasible?
Seeking experts here for advise