#bcrypt

Generate and verify Apache/nginx htpasswd credentials. Hash a password with bcrypt (recommended), Apache's classic apr1 MD5, or sha1, and get back the ready-to-paste user:hash line for a .htpasswd file or an nginx auth_basic_user_file. The verify endpoint checks a password against any of those hash formats, auto-detecting the algorithm from the hash prefix ($2 for bcrypt, $apr1$ for apr1, {SHA} for sha1). Perfect for setting up HTTP Basic Auth, provisioning scripts, CI and container builds, and admin tooling. Pure local computation — credentials are hashed in memory and never stored; send them via POST. Live. 3 endpoints. Distinct from generic bcrypt password hashing — this targets the htpasswd file format and Apache-specific algorithms.

api.oanor.com/htpasswd-api

Hash and verify passwords with bcrypt, server-side. Generate a salted bcrypt hash at a cost factor you choose (4–14), check a plaintext password against an existing hash, or inspect a hash to read its bcrypt version, cost factor and salt. Fully compatible with bcrypt hashes from PHP ($2y$), Node, Python and others, so you can verify and migrate existing credentials. Pure server-side computation with no third-party upstream, so it is always available — and it offloads the deliberately CPU-intensive hashing work from your own servers. Ideal for adding password authentication, credential migration, auth tooling, testing and no-code backends.

api.oanor.com/bcrypt-api