Is your feature request related to a problem? Please describe.
Tokens shouldn't be stored in plain text. (There isn't security issue to fill so I'm publishing here)

Describe the solution you'd like
The easiest to do is to store them hashed, like passwords. But unlike passwords, they need to be unique. Also, they aren't user input, that means that we can have a really long token and we can use fast hashing algorithm (long to crack but fast with the token)
So the main solution is to use a non-salted hash (e.g sha256) with a longer API token (e.g. 128 chars instead of 14).

Describe alternatives you've considered
An other solution would be to have an unique token_id with a salted hash.

Additional context
nothing

(One thing apart, the default work factor for bcrypt should be 12, as OWASP recommend)