diff --git a/server/server.js b/server/server.js
index 9ac5354bf..e2e6adb4e 100644
--- a/server/server.js
+++ b/server/server.js
@@ -14,6 +14,7 @@ import { tokenXMiddleware } from './tokenx.js';
 import { readFileSync } from 'fs';
 import require from './esm-require.js';
 import { rateLimit } from 'express-rate-limit'
+import crypto from 'crypto'
 
 const apiMetricsMiddleware = require('prometheus-api-metrics');
 const { createProxyMiddleware } = httpProxyMiddleware;
@@ -64,13 +65,22 @@ const log = new Proxy(
     }
 );
 
+const hashToken = token => crypto.createHash('sha256').update(token).digest('base64');
+
 const apiRateLimit = rateLimit({
     windowMs: 1000, // 1 sekund
     limit: 100, // Limit each IP to 100 requests per `window`
     message: 'You have exceeded the 100 requests in 1s limit!',
     standardHeaders: true,
     legacyHeaders: false,
-    keyGenerator: (req) => req.headers?.authorization?.replace('Bearer ', '') || req.ip,
+    keyGenerator: (req) => {
+        const authHeader = req.headers?.authorization || '';
+        if (!authHeader.startsWith('Bearer ')) {
+            return req.ip;
+        }
+        const token = authHeader.substring(7);
+        return hashToken(token);
+    },
     handler: (req, res, next, options) => {
         if (req.rateLimit.remaining === 0) {
             log.error(`Rate limit reached for client ${req.ip}`);