Yep. Pretty sure it’s using the OAUTH2 standard. A unique token is generated for the app to use.Not familiar with the API but I assume they use some sort of Token to log in. You don't need to relog into your tesla app every time you open so same idea. It is a bad idea to store plaintext passwords.