One of your API endpoints is asking for password_hash. How important is this and what would you expect the method of hashing the password is?

It’s not necessary but can be a good insight and additional risk vector. 

You can use any type of encryption to create the password_hash from the plain password the user account has in your database, even double or custom just make sure the string is not longer than 64 characters. 

The main use of password hashes is Velocity rules and Customer connections, it helps you and your team find correlations between accounts and prevent fraud and bonus abuse.