Crypto & Security 1 credit COMPUTE

Verify Password API

Verify a user-submitted password against a stored PBKDF2 hash via REST API. Uses constant-time comparison to prevent timing-based attacks — an attacker cannot determine if a password is close to correct by measuring response time.

Try it live →

How it works

POST the plaintext password, the stored hash, and the stored salt. The API recomputes the PBKDF2-SHA256 hash with the same parameters and compares using crypto.timingSafeEqual(). Returns {"valid": true} or {"valid": false}.

Use cases

Verify passwords at login in a serverless auth function
Check passwords during password-change flows (verify old before setting new)
Build authentication APIs without importing bcrypt or argon2

API Reference

POST https://slopshop.gg/v1/crypto-password-verify
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

Input parameters

Parameter	Type	Required	Description
`input / data`	string	required	The input data to hash or process

Example response

{
  "data": {
    "result": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "algorithm": "password-verify"
  },
  "meta": {
    "credits_used": 1,
    "engine": "real",
    "ms": 4
  }
}

Examples

Three real-world scenarios showing how developers use Verify Password in production.

Example 1

Check a submitted password against the stored hash during login.

curl -X POST https://slopshop.gg/v1/crypto-password-verify \
  -H "Authorization: Bearer $SLOPSHOP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"password": "MySecurePassword123!", "hash": "stored_hash_hex", "salt": "stored_salt_hex"}'

Example 2

Password change flow

Verify the old password before allowing the user to set a new one.

curl -X POST https://slopshop.gg/v1/crypto-password-verify \
  -H "Authorization: Bearer $SLOPSHOP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"password": "OldPassword456", "hash": "stored_hash_hex", "salt": "stored_salt_hex"}'

Example 3

PIN verification

Check a submitted PIN against its stored PBKDF2 hash.

curl -X POST https://slopshop.gg/v1/crypto-password-verify \
  -H "Authorization: Bearer $SLOPSHOP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"password": "492817", "hash": "stored_pin_hash", "salt": "stored_pin_salt"}'

Code examples

curl

curl -X POST https://slopshop.gg/v1/crypto-password-verify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"input": "your data here"}'

Python

import requests

response = requests.post(
    "https://slopshop.gg/v1/crypto-password-verify",
    headers={"Authorization": "Bearer YOUR_API_KEY"},
    json={"input": "your data here"}
)
result = response.json()
print(result["data"])

Node.js

const response = await fetch("https://slopshop.gg/v1/crypto-password-verify", {
  method: "POST",
  headers: {
    "Authorization": "Bearer YOUR_API_KEY",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({ input: "your data here" })
});
const { data } = await response.json();
console.log(data);

CLI

# Install the Slopshop CLI
npm install -g slopshop

# Set your API key
export SLOPSHOP_KEY=your_api_key

# Call crypto-password-verify
slop crypto-password-verify '{"input": "your data here"}'

Pricing

Credits per call

credits

Cost per call

$0.001

at Starter tier

Tier

COMPUTE

Pure compute

Credits are purchased in bundles starting at $1 for 1,000 credits. All compute APIs like this one use 1 credit per call — that's $0.001. See all pricing tiers.

Related APIs in Crypto & Security

View the full API catalog · Try in playground · Documentation