I never said you should store them as plain text. Encrypt them and when an API call comes in, decrypt the generated string to find out which access token it is.
Generate an ID for your access token then encrypt("ID" + "creation time") with your app secret.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I never said you should store them as plain text. Encrypt them and when an API call comes in, decrypt the generated string to find out which access token it is.
Generate an ID for your access token then encrypt("ID" + "creation time") with your app secret.