The short answer is you can’t. POST request is created for hiding its body. And it’s hard to understand how will you use it, since code is invalid. I’m pretty sure you need something different than using url parameters in post request. Explain what do you need to achieve in a bigger scale.
If you build your url inside your app, you don’t need to interpolate username and pass to it, transfer them separately.
Aside: this is a very strange construction. Don’t use the ! version of Poison.encode if you want an :ok tuple as a return value. Just take away the ! and you’ll get an :ok tuple. (Also, Poison is an old library not much used for new code these days).