API password reset

In my application we have feature to change old password and create new password.
Once password generated its in encrypted format .
As of now am manually in katalon am changing Under Query parameters(API) - password "3dhjh4iuiufefhieyfevhvbhveruuu " → need to be changed manually.
Problem is inbetween anyone can change password(old to new), i have to make sure katalon fetches always recent/ dynamic password and token
Please let us know how to crack it.


better ask the developer to implement a certain policy, e.g. based on tokens or whatever else, to do it the right way