When and why you should not expose secret information via GET parameters?
TLDR Answer: because get parameters are stored in plain text in the server log file.
Although your server-client connection is secured in favor of SSL layer, no man-in-middle can read what the client sends to the server, your exposed secret information (password, API key, ...) via GET parameters, they all will be stored in the server log file.