Is it necessary to encrypt the payload before sending out the post request?
Solution 1:
No you do not need to encrypt the payload. SSL will do that for you. The payload would be secure between the client and the server.
Devtools can be only opened on the local instance of chrome client. Dev Tools only starts capturing data when it is open and if a request is made. Cannot be used in man-in-the-middle attack.