{"openapi":"3.1.0","info":{"title":"htpasswd API","version":"1.0.0","description":"Generate and verify Apache/nginx htpasswd credentials. Hash a password with bcrypt (recommended), Apache's classic apr1 MD5, or sha1, and get back the ready-to-paste user:hash line for a .htpasswd file or an nginx auth_basic_user_file. The verify endpoint checks a password against any of those hash formats, auto-detecting the algorithm from the hash prefix ($2 for bcrypt, $apr1$ for apr1, {SHA} for sha1). Perfect for setting up HTTP Basic Auth, provisioning scripts, CI and container builds, and admin tooling. Pure local computation — credentials are hashed in memory and never stored; send them via POST. Live. 3 endpoints. Distinct from generic bcrypt password hashing — this targets the htpasswd file format and Apache-specific algorithms.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/htpasswd-api","description":"oanor gateway"}],"tags":[{"name":"htpasswd"},{"name":"Meta"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/generate":{"get":{"operationId":"get_v1_generate","tags":["htpasswd"],"summary":"Generate an htpasswd entry","description":"","parameters":[{"name":"password","in":"query","required":true,"description":"Password","schema":{"type":"string"},"example":"secret"},{"name":"username","in":"query","required":false,"description":"Username (for the full line)","schema":{"type":"string"},"example":"admin"},{"name":"algorithm","in":"query","required":false,"description":"bcrypt|apr1|sha1 (default bcrypt)","schema":{"type":"string"},"example":"bcrypt"},{"name":"rounds","in":"query","required":false,"description":"bcrypt cost 4-15","schema":{"type":"string"}}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"hash":"$2a$10$Cf2JFb8Od3gwBkpjUOtag.hXFF77aY4yGiIh1LhUjtmcq/lW2EE5y","line":"admin:$2a$10$Cf2JFb8Od3gwBkpjUOtag.hXFF77aY4yGiIh1LhUjtmcq/lW2EE5y","username":"admin","algorithm":"bcrypt"},"meta":{"timestamp":"2026-06-03T01:09:47.691Z","request_id":"f4f80dc3-47e7-4bb0-b9f2-d2921a58ff15"},"status":"ok","message":"Generate an htpasswd entry","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/verify":{"get":{"operationId":"get_v1_verify","tags":["htpasswd"],"summary":"Verify a password","description":"","parameters":[{"name":"password","in":"query","required":true,"description":"Password","schema":{"type":"string"},"example":"secret"},{"name":"hash","in":"query","required":true,"description":"htpasswd hash","schema":{"type":"string"},"example":"$apr1$abc$0123456789abcdefghijkl"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"valid":false,"algorithm":"apr1"},"meta":{"timestamp":"2026-06-03T01:09:47.802Z","request_id":"802934b7-94f3-46a0-943d-108be55f6a03"},"status":"ok","message":"Verify a password","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/meta":{"get":{"operationId":"get_v1_meta","tags":["Meta"],"summary":"Spec","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"name":"htpasswd API","notes":"bcrypt is recommended; apr1 is Apache's classic MD5; sha1 ({SHA}) is unsalted and weak — for legacy only. Hashes are computed locally and never stored. Send credentials via POST.","version":"v1","endpoints":[{"path":"/v1/generate","params":{"rounds":"bcrypt cost 4-15 (default 10)","password":"required","username":"optional (for the full line)","algorithm":"bcrypt|apr1|sha1 (default bcrypt)"},"returns":"the hash and the htpasswd line"},{"path":"/v1/verify","params":{"hash":"an htpasswd hash (required)","password":"required"},"returns":"whether the password matches"},{"path":"/v1/meta","params":[],"returns":"this document"}],"description":"Generate and verify Apache/nginx htpasswd credentials. Hash a password with bcrypt, Apache's apr1 (MD5) or sha1, get the ready-to-paste user:hash line, and verify a password against any of those hash formats. Pure local, no key."},"meta":{"timestamp":"2026-06-03T01:09:47.884Z","request_id":"9ea7b79c-b06e-4460-8c11-efea80688c66"},"status":"ok","message":"Meta","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":640,"rps_limit":2,"hard_limit":true},{"slug":"starter","name":"Starter","price_cents_month":50,"monthly_call_quota":4900,"rps_limit":8,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":1780,"monthly_call_quota":119000,"rps_limit":20,"hard_limit":true},{"slug":"mega","name":"Mega","price_cents_month":5380,"monthly_call_quota":615000,"rps_limit":50,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/htpasswd-api"}