For a server to server connection through API it is necessary to use a cookie at the moment and send the credentials as arguments.

We would like to have the option to use a JWT to login instead of a cookie. The cookie lasts for only 28 days and then the whole authentication process has to start again. Which means we have to send the username and password as arguments to the server on a monthly basis.

HTTPS is used to encrypt the arguments and they will most likely be safe on transfer. But arguments are usually logged by the server upon receving them. Which would mean that our username and password would show up unencrypted in a log file.

It would be disastraous should someone with bad intentions gets his hands on such a logfile.

That's why would recommend to use a Token based path to login and authenticate.