Revision history [back]

1) Yes it is not secure. That's why you are supposed to use https endpoint in real production.

2) In keystone v2, one is called admin port and other is service port. More operations are exposed via admin port. Only token is exposed via service port. Via admin you can do token, user creation etc

BTW you are better off looking at V3 api as V2 will be deprecated soon