There is a certain API.
There is a certain number of users with software. (OS win both there and there)
Soft makes a request to the API using Kurla (CURLAUTH_NTLM) passing there ':' (credentials in general, I don’t know Russian)
Is it safe? Can I intercept the request data and fake it? Whether SSL will save and how to use it correctly, I need to completely trust the user who makes the request and check it.
