I’m aware that it’s not the actual cleartext password. From a security perspective should even salted and hashed passwords should stay behind the API or might there be a need for something on the other side of the API to access that field? thanks