Chef api security to transfer

Suppose I use chef api to transfer passwords from xyz application to my chef server.
Will this transfer from xyz application to chef server will be secure?
Does this uses any encryption to transfer from xyz appln. to chef server.
Can this channel be spoofed ?

This question is a bit broad and lacking details but in general, chef-server communication is all HTTPS with authenticated clients. It’s not clear what you mean by application and it’s not as though encryption is a transferable property, the communication channel is either encrypted or it isn’t.

What is it that you are specifically concerned about?

Yeah so is that communication channel from any application which uses api to send value to chef server. is that channel secure ?

Any application that is talking to the chef-server API, would need to do so similarly to a client and typically via a library like chef-api which follows the same security pattern as clients in that it requires HTTPs (default) and operations require a client key (client.pem). Assuming you’ve not disabled HTTPs and have valid certificates then this is identical security to a chef-client/workstation.