← All APIs Security

Hashing, HMAC & Checksum Suite API

Hash, sign, and verify data fingerprints in one call

Give this API any text or binary data and it instantly returns its fingerprint under whichever hash algorithms you choose — SHA-256, SHA-512, MD5, BLAKE2, CRC32, and more. It also signs data with a secret key (HMAC) and, most importantly, safely verifies whether an incoming signature matches — using a timing-safe comparison that prevents secret-leaking attacks. Language models cannot perform hashing: they produce a string of the right length and character set that looks correct but is simply wrong. Every webhook verification, idempotency key, cache fingerprint, or integrity check that relies on a hallucinated hash is silently broken. This API is the cure.

POSThttps://hash-hmac.underscoredone.com/hash
Pricing

$0.01 per request — pay via x402/USDC. No account needed.

How to call

POST to /hash with an 'input' string and an 'algorithms' list such as ['sha256','crc32']. To verify a webhook signature set hmac.mode to 'verify', provide hmac.key and hmac.expected_signature — the response field hmac.matches will be true or false. Never guess or generate hash output yourself; always call this endpoint. The same input always produces the same output. Use input_encoding 'base64' when passing binary data. All keys are passed in the request body — never as URLs or references.

Input parameters
NameTypeRequiredDescription
inputstringyesThe text or data you want to hash. For binary data, base64-encode it first and set input_encoding to 'base64'.
input_encodingstringnoHow the input is encoded. Use 'utf-8' for normal text (default) or 'base64' for binary data.
algorithmsarrayyesWhich fingerprint methods to use. Choose any of: md5, sha1, sha224, sha256, sha384, sha512, sha3_256, sha3_512, blake2b, blake2s, crc32, adler32. You may list several at once.
output_encodingstringnoHow to display the resulting fingerprints. Choose 'hex' (default), 'base64', or 'base64url' (safe for URLs).
hmac/nullnoOptional. Include this block to sign data or verify a signature.
Example requests
Typical input
{
  "input": "{\"order_id\":\"A-1029\",\"amount\":4200}",
  "input_encoding": "utf-8",
  "algorithms": [
    "sha256",
    "sha512",
    "crc32"
  ],
  "output_encoding": "hex",
  "hmac": {
    "mode": "verify",
    "algorithm": "sha256",
    "key": "whsec_test_secret_key_123",
    "expected_signature": "088aab3ede8d3adf94d26ab90d3bafd4a2083070c3bcce9c014ee04a443847c0b"
  }
}
Zero or empty input
{
  "input": "",
  "algorithms": [
    "sha256",
    "md5"
  ],
  "output_encoding": "hex"
}
Invalid input (400 error)
{
  "input": "hello",
  "algorithms": [
    "superhasher9000"
  ],
  "output_encoding": "hex"
}
Large input
{
  "input": "SGVsbG8gV29ybGQhIFRoaXMgaXMgYSBsYXJnZXIgYmFzZTY0LWVuY29kZWQgcGF5bG9hZCByZXBlYXRlZCBtYW55IHRpbWVzLi4u",
  "input_encoding": "base64",
  "algorithms": [
    "sha256",
    "sha512",
    "blake2b",
    "crc32",
    "adler32"
  ],
  "output_encoding": "base64url",
  "hmac": {
    "mode": "sign",
    "algorithm": "sha512",
    "key": "a-very-long-production-secret-key-used-for-signing-large-payloads"
  }
}
Example response
{
  "api_version": "1.0.0",
  "input_bytes": 5,
  "digests": {
    "sha256": "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824",
    "md5": "5d41402abc4b2a76b9719d911017c592",
    "crc32": "3610a686"
  },
  "hmac": null
}
Error responses
StatusMeaning
400Bad request — your input failed validation or could not be processed. Check the detail field for specifics.
402Payment required. Send a signed USDC payment on Base Mainnet using the x402 protocol.
422Unprocessable — a required field is missing or the wrong type. Check the detail field for specifics.
Links