# htpasswd API > Generate and verify Apache/nginx htpasswd credentials. Hash a password with bcrypt (recommended), Apache's classic apr1 MD5, or sha1, and get back the ready-to-paste user:hash line for a .htpasswd file or an nginx auth_basic_user_file. The verify endpoint checks a password against any of those hash formats, auto-detecting the algorithm from the hash prefix ($2 for bcrypt, $apr1$ for apr1, {SHA} for sha1). Perfect for setting up HTTP Basic Auth, provisioning scripts, CI and container builds, and admin tooling. Pure local computation — credentials are hashed in memory and never stored; send them via POST. Live. 3 endpoints. Distinct from generic bcrypt password hashing — this targets the htpasswd file format and Apache-specific algorithms. ## Authentication All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys. ```bash curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/htpasswd-api/..." ``` ## Pricing - **Free** (Free) — 640 calls/Mo, 2 req/s - **Starter** ($1/Mo) — 4,900 calls/Mo, 8 req/s - **Pro** ($18/Mo) — 119,000 calls/Mo, 20 req/s - **Mega** ($54/Mo) — 615,000 calls/Mo, 50 req/s ## Endpoints ### htpasswd #### `GET /v1/generate` — Generate an htpasswd entry **Parameters:** - `password` (query, required, string) — Password Example: `secret` - `username` (query, optional, string) — Username (for the full line) Example: `admin` - `algorithm` (query, optional, string) — bcrypt|apr1|sha1 (default bcrypt) Example: `bcrypt` - `rounds` (query, optional, string) — bcrypt cost 4-15 **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/htpasswd-api/v1/generate?password=secret&username=admin&algorithm=bcrypt" ``` **Response:** ```json { "data": { "hash": "$2a$10$Cf2JFb8Od3gwBkpjUOtag.hXFF77aY4yGiIh1LhUjtmcq/lW2EE5y", "line": "admin:$2a$10$Cf2JFb8Od3gwBkpjUOtag.hXFF77aY4yGiIh1LhUjtmcq/lW2EE5y", "username": "admin", "algorithm": "bcrypt" }, "meta": { "timestamp": "2026-06-03T01:09:47.691Z", "request_id": "f4f80dc3-47e7-4bb0-b9f2-d2921a58ff15" }, "status": "ok", "message": "Generate an htpasswd entry", "success": true } ``` #### `GET /v1/verify` — Verify a password **Parameters:** - `password` (query, required, string) — Password Example: `secret` - `hash` (query, required, string) — htpasswd hash Example: `$apr1$abc$0123456789abcdefghijkl` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/htpasswd-api/v1/verify?password=secret&hash=%24apr1%24abc%240123456789abcdefghijkl" ``` **Response:** ```json { "data": { "valid": false, "algorithm": "apr1" }, "meta": { "timestamp": "2026-06-03T01:09:47.802Z", "request_id": "802934b7-94f3-46a0-943d-108be55f6a03" }, "status": "ok", "message": "Verify a password", "success": true } ``` ### Meta #### `GET /v1/meta` — Spec **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/htpasswd-api/v1/meta" ``` **Response:** ```json { "data": { "name": "htpasswd API", "notes": "bcrypt is recommended; apr1 is Apache's classic MD5; sha1 ({SHA}) is unsalted and weak — for legacy only. Hashes are computed locally and never stored. Send credentials via POST.", "version": "v1", "endpoints": [ { "path": "/v1/generate", "params": { "rounds": "bcrypt cost 4-15 (default 10)", "password": "required", "username": "optional (for the full line)", "algorithm": "bcrypt|apr1|sha1 (default bcrypt)" }, "returns": "the hash and the htpasswd line" }, { "path": "/v1/verify", "params": { "hash": "an htpasswd hash (required)", "password": "required" }, "returns": "whether the password matches" }, { "path": "/v1/meta", "params": [], "returns": "this document" } ], "description": "Generate and verify Apache/nginx htpasswd credentials. Hash a password with bcrypt, Apache's apr1 (MD5) or sha1, get the ready-to-paste user:hash line, and verify a password against any of those hash formats. Pure local, no key." }, "meta": { "timestamp": "2026-06-03T01:09:47.884Z", "request_id": "9ea7b79c-b06e-4460 …(truncated, see openapi.json for full schema) ``` --- Marketplace page: https://www.oanor.com/api/htpasswd-api OpenAPI spec: https://www.oanor.com/api/htpasswd-api/openapi.json