As has been pointed out serveral times to you in the comments you should never store passwords as plain text in your database. This is regardless to whether or not they are being directly used by your app or not. As Anthony mentioned in his comment to your question you should consider storing encrypted passwords encrypted that can be reversed by your app.
You should also check that the API you are using does not provide a more secure method for logging in using access tokens.
If you want to persist with storing plain text passwords despite all this then you should consider storing them in a separate column to your hashed ones. For example:-
id | username | password | api_login_password
It would not be a good idea to mix the usage of the password column by having some records with encrypted passwords and others not.
Using a schema like this you will not need to hash the api_login_password but continue to hash the app’s passwords. Presumably you have CakePHP setup to hash the passwords on your User entity, this will not affect the api_login_password column.
0
solved Disable password hashing for particular users