For DSM 7.2.1-69057 Update 4
worked for me this:
https://IP:PORT/webapi/entry.cgi?api=SYNO.API.Auth&version=6&method=login&account=LOGIN&passwd=PASS
When making an HTTPS API call where the password (or any other parameter) includes special characters like + / & etc.., it's important to correctly encode these characters so they are properly interpreted by the server. In URLs, the + character is typically interpreted as a space, so it needs to be encoded as %2B to be correctly transmitted.