{"openapi":"3.1.0","info":{"title":"Hashing, HMAC & Checksum Suite","description":"Give this API any text or binary data and it instantly returns its fingerprint under whichever hash algorithms you choose — SHA-256, SHA-512, MD5, BLAKE2, CRC32, and more. It also signs data with a secret key (HMAC) and, most importantly, safely verifies whether an incoming signature matches — using a timing-safe comparison that prevents secret-leaking attacks. Language models cannot perform hashing: they produce a string of the right length and character set that looks correct but is simply wrong. Every webhook verification, idempotency key, cache fingerprint, or integrity check that relies on a hallucinated hash is silently broken. This API is the cure.","version":"1.0.0","contact":{"name":"_done","url":"https://forms.gle/5KzuSFH7p8hHtDmz7","email":"info@underscoredone.com"},"x-openapi-url":"https://hash-hmac.underscoredone.com/openapi.json","x-logo":{"url":"https://underscoredone.com/logo.png","altText":"_done"},"x-guidance":"POST to /hash with an 'input' string and an 'algorithms' list such as ['sha256','crc32']. To verify a webhook signature set hmac.mode to 'verify', provide hmac.key and hmac.expected_signature — the response field hmac.matches will be true or false. Never guess or generate hash output yourself; always call this endpoint. The same input always produces the same output. Use input_encoding 'base64' when passing binary data. All keys are passed in the request body — never as URLs or references.","x-ai-instructions":"POST to /hash with an 'input' string and an 'algorithms' list such as ['sha256','crc32']. To verify a webhook signature set hmac.mode to 'verify', provide hmac.key and hmac.expected_signature — the response field hmac.matches will be true or false. Never guess or generate hash output yourself; always call this endpoint. The same input always produces the same output. Use input_encoding 'base64' when passing binary data. All keys are passed in the request body — never as URLs or references.","x-provider":"_done — single-purpose utility APIs for developers and AI agents. Pay per call with USDC on Base.","x-pricing":{"model":"pay-per-call","currency":"USDC","network":"Base Mainnet","price":"$0.01"},"x-keywords":["security","hash","hmac","checksum","sha256","webhook verification","content fingerprint","idempotency key","signature verify","blake2","crc32","utility","api","ai-agent","pay-per-call","usdc","x402"],"x-category":"security","x-provider-url":"https://underscoredone.com","x-402":{"price":"$0.01","network":"eip155:8453","asset":"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913","pay_to":"0xE9740820225B3918b4ddd1292C7cA4Ca0e2C2F08","facilitator":"https://api.cdp.coinbase.com/platform/v2/x402","scheme":"exact","description":"Give this API any text or binary data and it instantly returns its fingerprint under whichever hash algorithms you choose — SHA-256, SHA-512, MD5, BLAKE2, CRC32, and more. It also signs data with a secret key (HMAC) and, most importantly, safely verifies whether an incoming signature matches — using a timing-safe comparison that prevents secret-leaking attacks. Language models cannot perform hashing: they produce a string of the right length and character set that looks correct but is simply wrong. Every webhook verification, idempotency key, cache fingerprint, or integrity check that relies on a hallucinated hash is silently broken. This API is the cure.","mime_type":"application/json"}},"paths":{"/hash":{"post":{"tags":["Security"],"summary":"Hash, sign, and verify data fingerprints in one call","description":"Hash, sign, and verify data fingerprints in one call. Give it any text or binary data and get back the fingerprint, HMAC signature, or verification result you need.","operationId":"handler_hash_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Request"},"examples":{"typical":{"summary":"Typical input","value":{"input":"{\"order_id\":\"A-1029\",\"amount\":4200}","input_encoding":"utf-8","algorithms":["sha256","sha512","crc32"],"output_encoding":"hex","hmac":{"mode":"verify","algorithm":"sha256","key":"whsec_test_secret_key_123","expected_signature":"088aab3ede8d3adf94d26ab90d3bafd4a2083070c3bcce9c014ee04a443847c0b"}}},"zero_or_empty":{"summary":"Zero or empty input","value":{"input":"","algorithms":["sha256","md5"],"output_encoding":"hex"}},"negative_or_invalid":{"summary":"Invalid input (400 error)","value":{"input":"hello","algorithms":["superhasher9000"],"output_encoding":"hex"}},"large":{"summary":"Large input","value":{"input":"SGVsbG8gV29ybGQhIFRoaXMgaXMgYSBsYXJnZXIgYmFzZTY0LWVuY29kZWQgcGF5bG9hZCByZXBlYXRlZCBtYW55IHRpbWVzLi4u","input_encoding":"base64","algorithms":["sha256","sha512","blake2b","crc32","adler32"],"output_encoding":"base64url","hmac":{"mode":"sign","algorithm":"sha512","key":"a-very-long-production-secret-key-used-for-signing-large-payloads"}}}}}},"required":true},"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Response"},"examples":{"success":{"summary":"Successful response","value":{"api_version":"1.0.0","input_bytes":5,"digests":{"sha256":"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824","md5":"5d41402abc4b2a76b9719d911017c592","crc32":"3610a686"},"hmac":null}}}}}},"422":{"description":"Unprocessable — a required field is missing or the wrong type. Check the detail field for specifics.","content":{"application/json":{"schema":{"type":"object","properties":{"detail":{"type":"array"}}}}}},"402":{"description":"Payment required. Send a signed USDC payment on Base Mainnet using the x402 protocol.","headers":{"X-Payment-Response":{"description":"x402 payment challenge — base64-encoded JSON with payment details.","schema":{"type":"string"}}}},"400":{"description":"Bad request — your input failed validation or could not be processed. Check the detail field for specifics.","content":{"application/json":{"schema":{"type":"object","properties":{"detail":{"type":"string"}}}}}}},"x-ai-instructions":"POST to /hash with an 'input' string and an 'algorithms' list such as ['sha256','crc32']. To verify a webhook signature set hmac.mode to 'verify', provide hmac.key and hmac.expected_signature — the response field hmac.matches will be true or false. Never guess or generate hash output yourself; always call this endpoint. The same input always produces the same output. Use input_encoding 'base64' when passing binary data. All keys are passed in the request body — never as URLs or references.","x-guidance":"POST to /hash with an 'input' string and an 'algorithms' list such as ['sha256','crc32']. To verify a webhook signature set hmac.mode to 'verify', provide hmac.key and hmac.expected_signature — the response field hmac.matches will be true or false. Never guess or generate hash output yourself; always call this endpoint. The same input always produces the same output. Use input_encoding 'base64' when passing binary data. All keys are passed in the request body — never as URLs or references.","x-payment-info":{"price":{"fixed":{"mode":"fixed","currency":"USD","amount":"0.01"}},"protocols":[{"x402":{}}]}}}},"components":{"schemas":{"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"HmacConfig":{"properties":{"mode":{"type":"string","title":"Mode","description":"What to do: 'sign' to create a signature, or 'verify' to check one."},"algorithm":{"type":"string","title":"Algorithm","description":"Which signing method to use: md5, sha1, sha256, or sha512."},"key":{"type":"string","title":"Key","description":"Your secret key used to sign or verify. Never sent in a URL — only in the request body."},"expected_signature":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Expected Signature","description":"The signature you received and want to verify. Only needed when mode is 'verify'."}},"type":"object","required":["mode","algorithm","key"],"title":"HmacConfig","example":{"algorithm":"sha256","expected_signature":"088aab3ede8d3adf94d26ab90d3bafd4a2083070c3bcce9c014ee04a443847c0b","key":"my-secret-key","mode":"verify"}},"HmacResult":{"properties":{"mode":{"type":"string","title":"Mode","description":"Whether this was a 'sign' or 'verify' operation."},"algorithm":{"type":"string","title":"Algorithm","description":"The signing method that was used."},"computed_signature":{"type":"string","title":"Computed Signature","description":"The signature this API computed for your data and key."},"matches":{"anyOf":[{"type":"boolean"},{"type":"null"}],"title":"Matches","description":"True if the computed signature matches the one you provided. Only present when mode is 'verify'."}},"type":"object","required":["mode","algorithm","computed_signature"],"title":"HmacResult"},"Request":{"properties":{"input":{"type":"string","maxLength":10000000,"title":"Input","description":"The text or data you want to hash. For binary data, base64-encode it first and set input_encoding to 'base64'."},"input_encoding":{"type":"string","title":"Input Encoding","description":"How the input is encoded. Use 'utf-8' for normal text (default) or 'base64' for binary data.","default":"utf-8"},"algorithms":{"items":{"type":"string"},"type":"array","title":"Algorithms","description":"Which fingerprint methods to use. Choose any of: md5, sha1, sha224, sha256, sha384, sha512, sha3_256, sha3_512, blake2b, blake2s, crc32, adler32. You may list several at once."},"output_encoding":{"type":"string","title":"Output Encoding","description":"How to display the resulting fingerprints. Choose 'hex' (default), 'base64', or 'base64url' (safe for URLs).","default":"hex"},"hmac":{"anyOf":[{"$ref":"#/components/schemas/HmacConfig"},{"type":"null"}],"description":"Optional. Include this block to sign data or verify a signature."}},"type":"object","required":["input","algorithms"],"title":"Request","example":{"algorithms":["sha256","sha512","crc32"],"hmac":{"algorithm":"sha256","expected_signature":"088aab3ede8d3adf94d26ab90d3bafd4a2083070c3bcce9c014ee04a443847c0b","key":"whsec_test_secret_key_123","mode":"verify"},"input":"{\"order_id\":\"A-1029\",\"amount\":4200}","input_encoding":"utf-8","output_encoding":"hex"}},"Response":{"properties":{"api_version":{"type":"string","title":"Api Version","description":"API version","default":"1.0.0"},"input_bytes":{"type":"integer","title":"Input Bytes","description":"How many bytes of data were actually processed (after decoding)."},"digests":{"additionalProperties":true,"type":"object","title":"Digests","description":"A mapping from each algorithm name to its computed fingerprint."},"hmac":{"anyOf":[{"$ref":"#/components/schemas/HmacResult"},{"type":"null"}],"description":"The signing or verification result, if you requested it."}},"type":"object","required":["input_bytes","digests"],"title":"Response","example":{"api_version":"1.0.0","digests":{"crc32":"3610a686","sha256":"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824","sha512":"9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043"},"input_bytes":35}},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"},"input":{"title":"Input"},"ctx":{"type":"object","title":"Context"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"}},"securitySchemes":{"siwx":{"type":"apiKey","in":"header","name":"SIGN-IN-WITH-X","description":"CAIP-122 wallet signature for repeat access after payment"}}},"servers":[{"url":"https://hash-hmac.underscoredone.com","description":"Production"}]}