Fix Add '_pw' var as var sensibles.

htdocs/api/class/api_setup.class.php

@@ -1429,7 +1429,7 @@ class Setup extends DolibarrApi
     	if (!preg_match('/^[a-zA-Z0-9_]+$/', $constantname) || !isset($conf->global->$constantname)) {
     		throw new RestException(500, 'Error Bad or unknown value for constantname');
     	}
-    	if (preg_match('/(_pass|password|secret|_key|key$)/i', $constantname)) {
+    	if (preg_match('/(_pass|_pw|password|secret|_key|key$)/i', $constantname)) {
     		throw new RestException(403, 'Forbidden');
     	}