Apigee hashes all OAuth access and refresh tokens to protect them in the event of a
database security breach. You use non-hashed tokens in API calls, and Apigee validates
them against the hashed versions in the database.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis documentation applies to both Apigee and Apigee hybrid platforms.\u003c/p\u003e\n"],["\u003cp\u003eApigee utilizes hashed versions of OAuth access and refresh tokens for security purposes.\u003c/p\u003e\n"],["\u003cp\u003eUsers interact with APIs using non-hashed tokens, which Apigee then validates against their hashed counterparts in the database.\u003c/p\u003e\n"]]],[],null,["# Hashing tokens for extra security\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\nApigee hashes all OAuth access and refresh tokens to protect them in the event of a\ndatabase security breach. You use non-hashed tokens in API calls, and Apigee validates\nthem against the hashed versions in the database."]]
