The password generator + validator should exclude certain characters from the character sets to avoid confusion and potential bugs, e.g.:capital i and lower l are confusing
capital o and zero are confusing
@ and : may ruin passwords in URL
As none of the values are per se incorrect it may make sense to just remove them from the generator but still leave them as "valid" values.
JAS should support JSON parsing and rendering which in turn can be used for a full-fledged read/write API. The JavaScript HTTP class should be extended to support this as well.
It seems the URLs are created and/or rendered incorrectly. This issue tends to occur when multiple environments use the same database where the hostnames differ. Or rather when in one environment the default project is JAS and in the other it isn't.