hash-string: SHA / MD5 digests in five algorithms for $0.001

SUMMARY

Multi-algorithm hash endpoint. SHA-1, SHA-256, SHA-384, SHA-512, MD5. Returns hex, base64, base64url. Pure crypto.subtle for SHA, small in-process MD5.

ARTICLE

What it does

Send a string. Pick one or more hash algorithms. Get the digests.

curl -X POST https://x402.agentutility.ai/hash-string \
  -d '{"text":"agentutility.ai","algorithms":["sha256","md5"]}'

{
  "input_chars": 15,
  "input_bytes": 15,
  "algorithms": ["sha256", "md5"],
  "digests": {
    "sha256": {
      "hex": "8b9f1a2c...",
      "base64": "i58aLA==",
      "base64url": "i58aLA",
      "bytes": 32
    },
    "md5": {
      "hex": "1a2b3c4d...",
      "base64": "GiJj...",
      "base64url": "GiJj",
      "bytes": 16
    }
  }
}

$0.001 USDC. Tied with slugify for cheapest in the catalog.

Why this is its own endpoint

The trivial answer: most languages can hash a string in three lines. Why pay anything?

Real answer: agents that need deterministic identifiers benefit from a paid endpoint that documents the exact algorithm, exact encoding, exact text-to-bytes conversion (always UTF-8), and exact representation per encoding (hex lower-case, base64 standard, base64url RFC 4648 §5 without padding). Three different runtimes computing "the same" hash can produce three different strings because of:

UTF-8 vs UTF-16 source encoding
Base64 with or without padding
base64 vs base64url
Hex upper vs lower case

When an agent's cache key crosses runtime boundaries, those small differences turn into cache misses. A paid endpoint that pins all of those choices is worth $0.001 to anyone who's hit the bug.

Algorithms supported

sha256 (default) — 256-bit SHA-2. The current standard for cryptographic fingerprinting.
sha1 — 160-bit. Cryptographically broken but still common for git, OAuth signatures, and legacy integrations. Use when matching an existing system that uses SHA-1.
sha384, sha512 — wider SHA-2 variants. Used by some JWT signing setups and Apple stuff.
md5 — 128-bit. Broken for security. Still useful for cache keys, content-addressable storage, and ETag generation where collision-resistance doesn't matter. Web Crypto's SubtleCrypto deliberately doesn't expose MD5 (correctly — would be a footgun), so this endpoint runs a small in-process implementation.

Three encodings per digest

For every algorithm requested, the response returns three encodings:

hex — lowercase hex string. Most common; matches sha256sum CLI output.
base64 — standard base64 with padding (=). Matches AWS S3 ETag, Subresource Integrity hashes (with the algorithm prefix).
base64url — RFC 4648 §5 without padding. URL-safe. Matches JWT signatures, some HTTP signature schemes, OAuth PKCE challenges.

You can match any downstream system's expected encoding from one call.

At $0.001 the unit economics are sharp

A million hashes is $1000. An agent that derives a cache key from a 100-character string is paying a tenth of a cent per cached entry. That's competitive with a redis SET roundtrip including the network cost — and you don't have to run redis.

What's NOT here

No HMAC (keyed hash) — different shape, different endpoint. Coming.
No streaming / chunked input. Send the whole string in one request.
No SHA-3 / Keccak / BLAKE2 / BLAKE3 yet. SHA-3 + BLAKE3 are on the build list for a v2 of this endpoint if there's demand.
No salting. If you need salt, concatenate it into the input yourself.

Call it.

RELATED — referenced in this article

cluster · wordmint — Named LLM tasks. Minted at a sticker price.

endpoint · /hash-string — $0.001 USDC

NAVIGATION

← older (2026-05-18)

cron-next: deterministic next-N fire times for any cron string at $0.003

newer (2026-05-18) →

json-schema-validate: verify any JSON against any schema for $0.003