Hash a password
API · /bcrypt-api
Bcrypt API
healthy
4,308 Subscribers
Hash and verify passwords with bcrypt, server-side. Generate a salted bcrypt hash at a cost factor you choose (4–14), check a plaintext password against an existing hash, or inspect a hash to read its bcrypt version, cost factor and salt. Fully compatible with bcrypt hashes from PHP ($2y$), Node, Python and others, so you can verify and migrate existing credentials. Pure server-side computation with no third-party upstream, so it is always available — and it offloads the deliberately CPU-intensive hashing work from your own servers. Ideal for adding password authentication, credential migration, auth tooling, testing and no-code backends.
api.oanor.com/bcrypt-api
API health
healthy- Uptime
- 100.00%
- Server probes · 24h
- Avg latency
- 108 ms
- Server probes · 24h
- Subscribers
- 4,308
- active
- Total calls
- 57
- last 7 days
Pricing
Pick a tier — billed monthly, cancel anytime.
Free
Free
- 600 calls / month
- 2 requests / second
- Hard cap (429 above quota, no overage)
- 600 requests/month, 2 req/s
- Hash, verify & inspect
- Cost factor 4-14
- No credit card
Basic
€5.00 /month
- 25,000 calls / month
- 5 requests / second
- Hard cap (429 above quota, no overage)
- 25,000 requests/month, 5 req/s
- PHP $2y$ / Node / Python compatible
- Adjustable cost factor
- Commercial use, email support
Pro
€16.00 /month
- 150,000 calls / month
- 12 requests / second
- Hard cap (429 above quota, no overage)
- 150,000 requests/month, 12 req/s
- High-volume auth workloads
- Offload CPU-heavy hashing
- Priority email support
Mega
€41.00 /month
- 1,000,000 calls / month
- 30 requests / second
- Hard cap (429 above quota, no overage)
- 1,000,000 requests/month, 30 req/s
- Auth-platform & migration scale
- Maximum concurrency
- Priority support
Built by
Related APIs
Other APIs with overlapping tags.
htpasswd API
Generate and verify Apache/nginx htpasswd credentials. Hash a password with bcrypt (recommended), Apache's classic apr1 MD5, or sha1, and get back the ready-to-paste user:hash line for a .htpasswd file or an nginx auth_basic_user_file. The verify endpoint checks a password against any of those hash formats, auto-detecting the algorithm from the hash prefix ($2 for bcrypt, $apr1$ for apr1, {SHA} for sha1). Perfect for setting up HTTP Basic Auth, provisioning scripts, CI and container builds, and admin tooling. Pure local computation — credentials are hashed in memory and never stored; send them via POST. Live. 3 endpoints. Distinct from generic bcrypt password hashing — this targets the htpasswd file format and Apache-specific algorithms.
api.oanor.com/htpasswd-api
Password API
A fast, fully-local password toolkit: generate cryptographically-secure random passwords (configurable length, character classes and exclude-similar), estimate password strength (entropy bits, a 0-4 score, character-class breakdown, common-password detection, an offline crack-time estimate and actionable feedback), and create memorable diceware-style passphrases. Built on Node crypto, no third-party upstream, and inputs are never logged — so responses are instant, private and always available. Ideal for signup and account flows, admin tools, password managers and security features.
api.oanor.com/password-api
Fast Hash API
Non-cryptographic hash functions — the fast hashes used in hash tables, bloom filters, sharding, deduplication and cache keys. Give it text (UTF-8) or raw bytes as hex and it returns the digest under every algorithm at once, or under one named algorithm: FNV-1 and FNV-1a (32- and 64-bit), djb2, sdbm, Jenkins one-at-a-time, CRC-16 (CCITT-FALSE and ARC/IBM), Fletcher-16 and Fletcher-32, and MurmurHash3 (x86 32-bit, with an optional seed). Each digest is returned in hex and as an unsigned integer. Everything is computed locally and deterministically, so the same input always maps to the same hash — exactly what you need for stable bucketing and lookups. These are deliberately NOT for security: they are fast and well-distributed, not collision-resistant. Ideal for hash-table and bloom-filter implementations, consistent sharding and partitioning, cache and dedup keys, A/B bucketing, and teaching how hashing works. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. For cryptographic hashes (SHA, MD5, HMAC) use a hash API, and for CRC-32/Adler-32 integrity checksums use a checksum API.
api.oanor.com/fasthash-api
Hash API
Compute cryptographic hashes (MD5, SHA-1, SHA-256/384/512, SHA-3, RIPEMD-160) in hex or base64, generate HMAC signatures for webhook and message authentication, and mint v4 UUIDs. All server-side and deterministic. Handy for integrity checks, signing, cache keys, deduplication and id generation.
api.oanor.com/hash-api
Frequently asked questions
Quick answers about pricing, quotas, and integration.
How do I get an API key for Bcrypt API?
Sign up for free at oanor.com, generate an API key from the developer dashboard, and call Bcrypt API with the x-oanor-key header. No credit card needed for the free tier.
What's the rate limit for Bcrypt API?
Free tier allows 1 request per second. Paid plans scale up to 50 requests per second on the Mega tier. Hard limits return HTTP 429 above the quota — no surprise overage charges.
How much does Bcrypt API cost?
Bcrypt API has a free tier with 100 calls / month. Paid plans start at €5.00 / month with higher quotas and faster rate limits.
Can I cancel my subscription anytime?
Yes. Plans are billed monthly and you can cancel anytime from your billing dashboard. No long-term contracts and no cancellation fee.
Is Bcrypt API GDPR-compliant?
All requests to Bcrypt API go through our EU-based gateway. Your upstream API key never leaves our server and no personal data is shared with the upstream provider beyond the request you send.
Pick an endpoint from the list on the left to see its details and try it.
Code snippets
Sign up to get an API key, then call any path under your slug.
curl https://api.oanor.com/bcrypt-api/SOME_PATH \
-H "x-oanor-key: oanor_test_..."const res = await fetch("https://api.oanor.com/bcrypt-api/SOME_PATH", {
headers: { "x-oanor-key": "oanor_test_..." }
});
const data = await res.json();$ch = curl_init("https://api.oanor.com/bcrypt-api/SOME_PATH");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["x-oanor-key: oanor_test_..."]);
$response = curl_exec($ch);import requests
r = requests.get(
"https://api.oanor.com/bcrypt-api/SOME_PATH",
headers={"x-oanor-key": "oanor_test_..."},
)
print(r.json())Ratings
Sign in to rate.
No reviews yet.
Discussion
Ask questions, share usage tips, get answers from the provider and other developers. Public — anyone can read.
Sign in to start a thread or reply.
Sign inNew thread
📌 Pinned
🔒 Locked
·
·
·
-
Provider answer
🔒 This thread is locked — no new replies.
-
·
- No threads yet — start the discussion.
Support
Private 1:1 support with the provider — billing questions, integration issues, account problems. Only you and the provider team can see these threads.
Sign in to open a support ticket.
Sign inOpen new ticket
Describe what you need help with. The provider team gets an email and replies on the ticket page.
-
·
Urgent - No tickets yet for this API.