By default the the API endpoint is not encrypting traffic and thus anyone that follows the guides and examples you publish, will have their passwords send over plain text when accessing the API. Suggestion: document that fact. Like, in bold.
Secondly: I assume all API clients provided by 1Password (Kube, Golang, Python, Terraform, ...) support accessing the API over https?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided