diff --git a/gradle/changelog/remove_api_token_error_log.yaml b/gradle/changelog/remove_api_token_error_log.yaml
new file mode 100644
index 0000000000..b082be8fa8
--- /dev/null
+++ b/gradle/changelog/remove_api_token_error_log.yaml
@@ -0,0 +1,2 @@
+- type: fixed
+  description: Removed the API token error log message that was being printed when the API token was invalid.
diff --git a/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java
index de38346aec..83d3e6db24 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java
@@ -64,9 +64,7 @@ class ApiKeyTokenHandler {
       return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class));
     } catch (IOException | DecodingException e) {
       LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password");
-      if (LOG.isTraceEnabled()) {
-        LOG.trace("failed to parse token", e);
-      }
+      // do not print the exception here, because it could reveal password details
       return empty();
     }
   }