Why does the response of REST endpoint “POST /auth/access-key/exchange” reveal a password?

The REST endpoint `POST /auth/access-key/exchange` allows you to exchange a valid access key for a new access token. Keep in mind that tokens expire, but keys do not. When called, the REST endpoint generates new credentials as a token. It does not show or expose any existing login credentials or passwords. In a way, it is a reduction of privileges, and you are using the admin password, or access key, for the team to generate a set of expiring credentials to share access with someone temporarily.