# Bcrypt API
> Hash and verify passwords with bcrypt, server-side. Generate a salted bcrypt hash at a cost factor you choose (4–14), check a plaintext password against an existing hash, or inspect a hash to read its bcrypt version, cost factor and salt. Fully compatible with bcrypt hashes from PHP ($2y$), Node, Python and others, so you can verify and migrate existing credentials. Pure server-side computation with no third-party upstream, so it is always available — and it offloads the deliberately CPU-intensive hashing work from your own servers. Ideal for adding password authentication, credential migration, auth tooling, testing and no-code backends.

## Authentication
All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys.

```bash
curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/bcrypt-api/..."
```

## Pricing
- **Free** (Free) — 600 calls/Mo, 2 req/s
- **Basic** ($5/Mo) — 25,000 calls/Mo, 5 req/s
- **Pro** ($16/Mo) — 150,000 calls/Mo, 12 req/s
- **Mega** ($41/Mo) — 1,000,000 calls/Mo, 30 req/s

## Endpoints

### Bcrypt

#### `GET /v1/hash` — Hash a password

**Parameters:**
- `password` (query, required, string) — Password to hash Example: `test`
- `rounds` (query, optional, string) — Cost factor 4-14 (default 10) Example: `8`

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/bcrypt-api/v1/hash?password=test&rounds=8"
```

**Response:**
```json
{
    "data": {
        "hash": "$2a$08$NGVgB8QaXZ.R08f.Yq5K7uJ1coT4K1dFxptibNlxW8KyOZdUHnRtC",
        "rounds": 8,
        "version": "2a",
        "algorithm": "bcrypt",
        "truncated_to_72_bytes": false
    },
    "meta": {
        "timestamp": "2026-05-30T18:16:47.147Z",
        "request_id": "03c1fc2d-fcfc-417b-8bf5-a9afe3f6fc93"
    },
    "status": "ok",
    "message": "OK",
    "success": true
}
```

#### `GET /v1/info` — Inspect a bcrypt hash

**Parameters:**
- `hash` (query, required, string) — bcrypt hash Example: `$2a$08$M1BKhxYWcHvLkDqUFf/mEuOY7CJCfPtOb6x9btARppQWQ51UfauDK`

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/bcrypt-api/v1/info?hash=%242a%2408%24M1BKhxYWcHvLkDqUFf%2FmEuOY7CJCfPtOb6x9btARppQWQ51UfauDK"
```

**Response:**
```json
{
    "data": {
        "salt": "M1BKhxYWcHvLkDqUFf/mEu",
        "rounds": 8,
        "version": "2a",
        "algorithm": "bcrypt",
        "cost_factor": 8,
        "valid_format": true,
        "version_note": "0.x-compatible"
    },
    "meta": {
        "timestamp": "2026-05-30T18:16:47.222Z",
        "request_id": "3a5aaa1f-3e9b-4204-acec-f8520bd38eba"
    },
    "status": "ok",
    "message": "OK",
    "success": true
}
```

#### `GET /v1/verify` — Verify a password against a hash

**Parameters:**
- `password` (query, required, string) — Plaintext password Example: `secret`
- `hash` (query, required, string) — bcrypt hash Example: `$2a$08$M1BKhxYWcHvLkDqUFf/mEuOY7CJCfPtOb6x9btARppQWQ51UfauDK`

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/bcrypt-api/v1/verify?password=secret&hash=%242a%2408%24M1BKhxYWcHvLkDqUFf%2FmEuOY7CJCfPtOb6x9btARppQWQ51UfauDK"
```

**Response:**
```json
{
    "data": {
        "valid": true,
        "rounds": 8
    },
    "meta": {
        "timestamp": "2026-05-30T18:16:47.335Z",
        "request_id": "4e1cd465-d117-44b6-a16f-2d247c4a5877"
    },
    "status": "ok",
    "message": "OK",
    "success": true
}
```


---
Marketplace page: https://www.oanor.com/api/bcrypt-api
OpenAPI spec: https://www.oanor.com/api/bcrypt-api/openapi.json