Can we use this policy to performing hashing along with verifying?

If cannot be done please suggest how we can do sha256 hashing for a string.

Hi - can you elaborate on what you want to do? Normally we wouldn't use a Java policy within Apigee in order to calculate the Hashcash. Apigee, as a security layer, would be responsible for generating the challenge, and sending it to a potential caller. Then it is the caller's responsibility for calculating the hashcash and sending it to Apigee which will verify the hashcash. That's what this callout does.

What is the solution you're imagining? How is it different?

And, just an extra note: SHA256 hashing of a string is a pretty simple thing to do in Apigee. There are message template functions that calculate SHA256 of any string, and return the hash encoded as hex or base64. This hashcash thing is more complicated than just SHA256 hashing. Hashcash is based around the idea of iteratively computing a SHA256 hash until some condition is met.