API Documentation
This API allows users to submit tasks containing one or more hashes for processing. Below you'll find details on how to use the API, including required parameters, accepted values, and response formats.
Endpoint
POST https://api.onlinehashcrack.com/v2
Request Parameters
All parameters should be included in the JSON body of the POST request.
| Parameter | Type | Description | Required |
|---|---|---|---|
api_key |
String | The free API key starts with sk_. Generated from this page. |
Yes |
agree_terms |
String | Confirmation that you agree to the Terms & Conditions. Allowed values are yes or no. |
Yes |
action |
String | Allowed values are list_tasks or add_tasks. Default to add_tasks if not provided.list_tasks will just list current tasks in JSON format. |
No |
algo_mode |
Integer | An integer specifying the algorithm mode, which can be found here. Eg: 0 for MD5. | Yes if add_tasks |
hashes |
Array of strings | An array of hash strings. Maximum of 50 hashes. | Yes if add_tasks |
Terms & Conditions Agreement
Note: By setting
agree_terms to "yes", you confirm that you have read and agree to our Terms & Conditions of using this API.
Example Request
// Add new tasks
curl -X POST "https://api.onlinehashcrack.com/v2" \
-H "Content-Type: application/json" \
-d '{
"api_key": "sk_XXX",
"agree_terms": "yes",
"algo_mode": 0,
"hashes": ["8124BC0A5335C27F086F24BA2C7A4810"]
}'
// or List my tasks
curl -X POST "https://api.onlinehashcrack.com/v2" \
-H "Content-Type: application/json" \
-d '{
"api_key": "sk_XXX",
"agree_terms": "yes",
"action ": "list_tasks"
}'
import requests
url = "https://api.onlinehashcrack.com/v2"
headers = {"Content-Type": "application/json"}
data = {
"api_key": "sk_XXX",
"agree_terms": "yes",
"algo_mode": 0,
"hashes": ["8124BC0A5335C27F086F24BA2C7A4810"]
}
response = requests.post(url, json=data, headers=headers)
print(response.json())
$url = "https://api.onlinehashcrack.com/v2";
$data = [
"api_key" => "sk_XXX",
"agree_terms" => "yes",
"algo_mode" => 0,
"hashes" => ["8124BC0A5335C27F086F24BA2C7A4810"]
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
const axios = require('axios');
const url = 'https://api.onlinehashcrack.com/v2';
const headers = { 'Content-Type': 'application/json' };
const data = {
api_key: 'sk_XXX',
agree_terms: 'yes',
algo_mode: 0,
hashes: ['8124BC0A5335C27F086F24BA2C7A4810']
};
axios.post(url, data, { headers })
.then(response => console.log(response.data))
.catch(error => console.error('Error:', error));
Response Format
The API returns a JSON response with the following structure.
Response Structure (batch summary)
The response is organized into three buckets: accepted, skipped, and rejected. Each bucket contains a count and a list of hashes (masked, e.g. 1AAB...5CC8).
- accepted: hashes successfully added to the dashboard
- skipped: hashes ignored because they were already submitted (reason:
already_sent) - rejected: hashes refused due to an error (see
reason)
Sample Response
{
"accepted": {
"count": 1,
"hashes": [
"1AAB...5CC1"
]
},
"skipped": {
"count": 1,
"reason": "already_sent",
"hashes": [
"1AAB...5CC2"
]
},
"rejected": {
"count": 1,
"hashes": [
"1AC...C03"
],
"reason": "invalid_format"
}
}
Notes
hashesare masked for safety and are provided only for quick correlation in logs.*.countis the number of tasks added or skipped or rejected.rejected.reasonisnullwhen nothing was rejected, otherwise it contains an error code such asinvalid_formatorinvalid_algorithm.
Error Response (request-level error)
Request-level errors occur when the API request cannot be processed at all (invalid API key, missing terms agreement, invalid JSON, rate limit exceeded, etc.). In that case, the response contains a single error message and an appropriate HTTP status code.
{
"success": false,
"message": "Description of the error."
}
{
"success": false,
"message":"Invalid API key."
}
Rejected reason codes
When individual hashes are rejected, the rejected.reason field may contain one of the following codes:
invalid_format: hash format does not matchalgo_modeinvalid_algorithm: unsupported or invalidalgo_modequota_exceeded: quota reached for the accountinternal_error: unexpected server-side error while saving tasks
Response Codes
| HTTP Status Code | Description |
|---|---|
| 200 OK | Request was successful. |
| 400 Bad Request | Validation errors occurred. Check your parameters and the response description. |
| 401 Unauthorized | Invalid API key provided. |
| 405 Method Not Allowed | Invalid request method. Only POST requests are allowed. |
| 429 Too Many Requests | Rate limit exceeded. Please try again later or upgrade your Profile. |
| 500 Internal Server Error | An error occurred on the server. |
Rate Limiting
To prevent misuse, the API enforces rate limiting based on the verification level of your Tier profile (see your Profile)
- Maximum of 5 requests per hour per API key for Tier 1.
- Maximum of 50 requests per hour per API key for Tier 2.
- Maximum of 100 requests per hour per API key for Tier 3.
- Contact us if you need more or have specific needs.
If you exceed this limit, you will receive a 429 Too Many Requests response.
{
"success": false,
"message": "Rate limit exceeded. Please try again later or upgrade your Profile."
}