2๐
I think you need to read their official documentation about properly posting sensitive requests:
http://quickblox.com/developers/Authentication_and_Authorization#Signature_generation
As I see all requests are passed over HTTPS so there is no need for you to do anything else.
Also make sure you allow users to enter their own passwords or are having control of their Quickblox account as you are creating those accounts without their consent. What if some user of yours wanted to create an account in Quickblox and found that his email is already been taken?
๐คFanis Despoudis
Source:stackexchange.com