You need to know how the server is expecting those three values.
Now you just pass them like they are on an URL-line (URLEncoded). That seldom works.
But maybe the server expects them in a JSon (the same as it answers).
Or maybe it expects them in the form of form-data (like http-page) with mime-type "multipart/form-data; boundary=xx".
Also, when you are able to login you probably also need to store the cookies/session variables because retrieving subsequent pages need them.
A small example I use in Delphi to convert the &-form to real form-date like a HTTP-form does:
{ Converts field1=a&field2=b to proper form-data }
procedure ConvertPostFields(var EncodedFields: string; var MimeType: string);
var
Bound, s: string;
Ts: TStringList;
i: integer;
begin
Bound := IntToHex(Random(MaxInt), 8) + '_Synapse_boundary';
Ts := TStringList.Create;
try
Ts.Delimiter := '&';
Ts.StrictDelimiter := true;
Ts.DelimitedText := EncodedFields;
s := '';
for i := 0 to Ts.Count - 1 do
begin
s := s + CRLF;
s := s + '--' + Bound + CRLF;
s := s + 'Content-Disposition: form-data; name="' + Ts.Names[i] + '"' + CRLF;
s := s + CRLF + Ts.ValueFromIndex[i];
end;
s := s + CRLF + '--' + Bound + '--' + CRLF;
MimeType := 'multipart/form-data; boundary=' + Bound;
EncodedFields := s;
finally
Ts.Free;
end;
end;
...
Param := AnsiString('j_username=somename&j_password=somepass&url=https://www.avanza.se/start');
ConvertPostFields(Param, Mime); // this converts the &-fields to proper form-data
WriteStrToStream(HTTPSend.Document, ansistring(Param));
HTTPSend.MimeType := Mime;
HTTPSend.HTTPMethod('POST','https://www.avanza.se/ab/handlelogin');