Authenticated Encryption Anywhere And Everywhere

Universal Authentication And Encryption Platform For Securing Next Generation Apps, Systems, Devices And Robots

HexaEight Provides A Revolutionary Authentication Platform That Offers Patent-pending Encryption Technology And Token-less Authentication Approach To Secure Your Websites, Web-apps, Systems And Even Provides A Way To Authenticate With Chatbots, Robots, Drones And Other Devices


Use Our Revolutionary Platform For Integrating Instant Authentication For Unlimited Users Across Websites, Apps, And Systems


Use Our Encryption Technology To Establish Secure Communication Across Sessions, Backend APIs, Resource Servers, Devices and Robots

Why HexaEight Platform?

Integrate our cutting-edge authentication technology into any Website or App using your favorite framework or Front End Site builder. Our Authentication Technology  allows you to build a Single Front End with multiple backends that have access to a wide range of features and capabilities. Plus,  you can implement Single Sign-on across systems and devices, making it easy for your users to access the resources they need without having to remember multiple usernames and passwords.

But that's not all – our technology provides a unique advantage in establishing secure communication with any destination, even if that destination has not yet registered on our platform. This allows our solution to stay ahead of the curve and provide the best possible authentication experience for our users.

So if you're looking for a robust authentication solution that can be deployed anywhere and everywhere, HexaEight offers a constantly evolving Platform that provides the most advanced authentication system available.

One Front End, Unlimited Backends

Building Apps using a  Single Front End that can make use of multiple backends will be the future of app development when Robots like Chat-GPT take over, but building them can be challenging. Take, for example, the scenario of building a  Grocery Web Application that connect to multiple stores or a Peer To Peer Chat Application that can to switch to another Chat provider

The main complexity involved in building the above apps revolves around scalable authentication and secure communication with the backend providers assuming everyone implements Open API specification

Building apps like the ones we described above can be a daunting task, But with HexaEight, it's a breeze! Simply build the Front End using any Site builder or a Static Site Generator, and integrate our authentication using just a few lines of code. Our powerful HTTP Client makes it easy to fetch data via API from any backend provider and save costs by hosting the front end UI on any Static website

HexaEight Platform provides a Pocket size Authorization Token server that can run on multiple OS including Raspberry Pi 

With our authorization server, you can authenticate any email address, whether it's for work, personal, or social use, without redirection to an external site. By adding a wildcard setting, your application can easily accept users from any email domain, making it scalable and versatile. Additionally, our authorization server doesn't rely on databases to store policies, ensuring a secure and efficient authorization process.

HexaEight Platform provides  Middleware to protect backend APIs using Token-less authentication approach using our Patent-pending Encryption Technology.

Multiple backend service providers can implement our powerful Middleware to protect their APIs, while the front-end interface can easily connect to any of the providers' authorization servers and establish secure communication with the providers' APIs using our state-of-the-art Encryption Technology

Our Platform Features

✓ Authentication

Authenticate  Any User Using  Any Email Address Or Any Machine Using A Domain Name Or Resource ID

✓ Authorization

Use Our Dynamic Authorization Capability Post Authentication Or Plugin your Own Authorization Layer

✓ Encryption

Enable Application Layer Encryption As Well As Authenticated Encryption Using Our Technology Across Applications

✓ Verification

Physically Or Virtually Verify Any User EMail Address Using Our Mobile Application To Prevent Frauds 

✓ Peer To Peer

Encrypt Information To Any User Or Machine By Fetching An Asymmetric Shared Key From Our Platform.

✓ Key Protection

Stolen User And Machine Keys Cannot Be Used By Anyone To Spoof The Identity Of Another User Or Machine

✓ Key Rotation

Machine Keys are automatically rotated every 15 minutes and Application Keys are rotated every Month

✓ Offline

Use Our Technology To Allow Devices To Establish Direct Secure communication even when they are offline

✓ Static Site Protection

Enable Authentication in your Java Script App hosted on any Static Web Site


Protect your APIs using our Technology without using any API Keys for authorized access

✓ Non-HTTP 
Site Protection

Our Authentication solution can also protect Applications hosted on plain http protocol

✓ Protocol

Our Authentication and Token-less solution is completely

✓ Two Factor Authentication

Users will need to solve an Encrypted QR Captcha before they are granted access to their Login Session.

✓ Password-less Authentication

Users do not need to type any Passwords in the Client Or Browser during login in order to provide maximum security

✓ True

Cookies can be safely disabled to prevent providers from tracking you since we don't use Cookies

✓ Data

Data can be stored securely across sessions in the local storage using built-in functions offered by our Platform

How Does Our Authentication Work?

HexaEight Sessions

HexaEight Sessions Is Our Flagship Technology Solution That Enables Authentication Using Encryption In A Variety Of Web / Mobile Applications, Systems, And Devices. It Uses A Unique Concept Of Token-less Authentication, Relying On Our Patent-pending Encryption Technology To Establish The Identity Of Any User Or Machine.
In Addition, HexaEight Sessions Implements Two-factor Authentication, Using Encrypted QR Codes As An Extra Security Layer To Ensure The Highest Level Of Protection.

User To Machine, Services And Devices

HexaEight Sessions can be used in both client and server applications to establish secure communication.

An end user can prove their identity by encrypting information to the server application using HexaEight Session. Similarly the server application uses HexaEight Middleware Session to verify the user's identity and also proves its own identity by sending back encrypted information back to the client application.

Direct User To User Authentication and Secure Communication via Application

HexaEight Sessions Can Also Be Used For Peer To Peer Authentication Like In A Chat Application Or In A Peer To Peer Web3 or Gaming App

HexaEight Session Capabilities

Authenticate Any User

HexaEight Sessions simplifies the complex task of authenticating Email Users without the need to type a password at login prompt

Encrypt And Decrypt

HexaEight Sessions provides encryption and decryption capabilities for any destination even if the destination is not yet registered on our Platform

Protect And Decipher

HexaEight Sessions provide self encryption capabilities to protect the data stored in local Browser storage or in an untrusted environment

Secure Communication

HexaEight Sessions offers HTTP Client instances that implements authenticated encryption to secure communication with Destination APIs

Machine To Machine Communication

Our Technology allows seamless, direct communication between machines using HexaEight Machine Sessions without the need to implement any application.

Our Cloud Platform provides the encryption keys for the source and destination machines, enabling them to establish a secure and authenticated bidirectional communication channel using our cutting-edge encryption technology.

Easy Integration

For Static Website, PWA, Web, Mobile And Even Desktop Apps

Step 1 →

Self Host HexaEight Token Server on any Operating System and Create a Client Application Realm. Apply Authorization Policies To The Client Application Realm

Step 2 →

Build A Front End UI And Integrate HexaEight Sessions by pointing to Token Server along with the Client Application ID.  Publish your Client Application To End Users 

Step 3 ✔

Integrate Our Middleware by pointing to the Token Server.  Apply access policies in the Token Server to Protect Your Backend APIs without API Keys

For Integrating Single Sign On In Operating Systems

Step 1 →

Self Host HexaEight Token Server And Apply Access Policies To Define The Users Who Are Allowed To Login To Your Systems

Step 2 →

Integrate Our Authentication Plugin in your Operating System and configure your plugin which will allow users to login to your System using a One Time Pass Code.

For Authentication In Devices And Robots 

Custom Authentication

Our SDK libraries can be used to build and integrate HexaEight Sessions for establishing secure communication in Devices, Drones and Robots using Raspberry Pi's and using CANBUS SDK in order to allow electronic subsystems to authenticate and securely establish secure communication.

Our Core Technology
HexaEight Encryption

Standard Encryption Techniques like Public Key cryptography use a pair of keys, a public key and a private key, to encrypt and decrypt data. The Public key is used to encrypt the data, while the Private key is used to decrypt it. While this technique ensures the secrecy of the message, it cannot be used to establish the identity of the sender as the Public key can be subject to attacks during the exchange process.

To verify the identity of a user using a public key, a Certificate Authority (CA) must certify the Public key and issue a Digital Certificate. While Digital Certificates and Signatures offer message authenticity, they can be compromised if the private key is misplaced or stolen. In this case, it can be time-consuming to revalidate and issue a new Digital Certificate and Signature

HexaEight Technology combines asymmetric and symmetric encryption techniques to create a new method that can be used for both Authentication and Encryption. Our platform eliminates the need to maintain a public key infrastructure by allowing users to establish secure communication with any user or machine by simply retrieving an asymmetric shared key of the destination from our Platform. Asymmetric shared keys are resistant to attacks, making our technology a secure option for use in any environment.

A Schematic Diagram Of Our Encryption And Decryption Process Used Across
Users, Applications, Machines And Devices

Our Mobile Application

HexaEight Authenticator

HexaEight Authenticator Is Our Free Mobile Application For Users That Implements HexaEight Authenticated Encryption Technology. 

Our Mobile Application Can Be Used To Authenticate And Authorize User Agents, Applications, Machines, Devices and even Robots.


This QRCode

To Download Our
Mobile App From
Google Play Store


This QRCode

To Download Our
Mobile App From
Apple Play Store

Our Serverless Technology

HexaEight Serverless

HexaEight Serverless is our solution that utilizes serverless technology to enable contactless authentication in web applications. If you're looking for a quick and easy contactless login solution for kiosks or registration desks, HexaEight Serverless can meet your needs. However, please note that this solution uses HTTP secure cookies during the authentication process.

Simple Pricing for Everyone

HexaEight Pricing

Please note that our Authentication service is completely free of charge for unlimited users and it will remain free forever, with no limitations regardless of any number of users, the charges you will incur will depend on the total number of consumed client or machine tokens every month.

In order to understand our pricing, your need to understand the below terminologies and the cost associated with them.


To implement authentication in your application, using our Platform, you'll need to self-host our Token Server. Initially, your front end application will contact our Platform to complete the initial authentication process which is FREE. After that, your application will communicate with your hosted Token Server for authorization and complete the authentication process by creating a HexaEight Session inside the Application which is again FREE. In order to run a A Single Token Server Can Handle Unlimited Of Authorizations you will need Machine Tokens which is chargable.


To encrypt and decrypt information within HexaEight Sessions, your application requests Client Tokens using HexaEight Session from the hosted Token Server. These Client tokens are again chargeable.

In Summary HexaEight User Sessions request for Client Tokens and Resource Servers, Systems, and any other Devices consume Machine Tokens in order to establish a secure communication both with  our Platform as well another Machines that have implemented HexaEight Encryption.

How Much Does It Cost?

HexaEight Token Server uses Machine Tokens to establish secure and direct communication with our Platform (auth.hexaeight.com).

To host an HexaEight Token Server, you'll need an API key. The Token Server fetches a Machine token also known as an asymmetric shared key of auth.hexaeight.com every 15 minutes to establish secure and direct communication with our platform. Each machine token required for this operation costs $0.001, so hosting one Token Server would cost approximately $3 per month

What is the Cost Of Tokens?

Every Client Token costs $0.003 and is specific to a particular destination and tied to thee user session so that can be reused any number of times for a maximum period of 30 days or as long as the session is active.

HexaEight Platform implements Perfect Forward Secrecy and hence Machine Tokens are rotated every 15 minutes for every destination and such are valid only for a period of 15 minutes and can be reused as many times as needed during this time window

Free Plan



Per Month

10 Client Tokens
per month
for FREE

100 Machine Tokens
per month
for FREE

Max 10 Token Requests
per hour

Best For Testing One Token Server and 10

HexaEight Sessions Authentications
per month

Pro Plan 


Per Month

1000 Client Tokens
per month
+ $0.003 each other

6000 Machine Tokens
per month
+ $0.001 each other

Max 100 Token Requests
per minute

Supports Machine Tokens For Two Token Servers And
100 Sessions Authentication per minute

Mega Plan


Pay Only

$0.003 per
Client Token

$0.001 per
Machine Token

Token Requests

Unlimited Machine Tokens and HexaEight Session Authentications

By clicking Subscribe above, you'll be directed to our partner portal, RAPID API, which is the world's largest API hub. From there, you can choose and subscribe to any of our plans

 Hosted Token Server ADD-ON
Subscribe Via PayPal

If you don't have the infrastructure to host our Token Server, we can host one for you for as low as $3 per month. You can then feed the Rapid API Key and use this Token Server for authentication in Unlimited Applications.

Pricing Use Cases

Sample Pricing for
Use Case 1

Assuming you have developed a JavaScript Client Application and have 100 Users  accessing a database through one HexaEight Middleware Server (HMS) via HexaEight Sessions from your application
The cost estimate for this scenario is :
1. Authentication for 100 users                = FREE
2. One HexaEight Token Server                 = ~$3.0
3. 100 User Sessions Fetch HMS Client Token * 0.003 * 30 days    = $9.0
4. 1 HexaEight Middleware Session * 0.003 * 100 (users) = $0.3
Total (per month)                                                            =  $15.2

Sample Pricing for
Use Case 2

As an Admin you want all your users to login to 5 Linux Systems using SSH by using HexaEight One Time Password.  You deploy a token server and add policies and point your Linux servers to an ldap server so that your team of 50 users can login using their email address. You install HexaEight Authentication Plugin on all the 5 Linux servers so that every time a user tries to login, two machine tokens is fetched, one by the Linux Authentication Plugin and another one by Token Server.
The cost estimate for this scenario is :  
5 HexaEight System Plugins * 0.001  * 50 (users) = $0.25 per day
1 Token Server * 0.005 (5 Machine Tokens) * 50 (users) = $0.25 per day

1. One HexaEight Token Server = ~$3.0 per month
2. HexaEight System Plugin = $7.5 per month
3. Token Server Additional cost  for Machine Tokens =  $7.5 per month
Total (per month)                                              =  $18

Sample Pricing for
Use Case 3

Assume you have have developed a program that allows 50 IOT devices connected inside a LAN to talk to each other by integrating HexaEight Library. You want keys to be rotated every week and you want offline (without Internet access) communication between the devices and allow them to be online once every week for a very short period of 10 or 15 min.

Every device will fetch the Machine token of all the other devices once every week when online and reuse the machine token for unlimited authentication, encryption and decryption of data. All devices establish a direct connection with each other device over LAN. The cost estimate for this scenario is :  

1. 50 Machine Tokens * 50 devices * 4 weeks * 0.001 = $10
Total (per month)                                              =  $10

HexaEight Serverless Pricing is available HERE

Additional Questions?

If you have more questions feel free to Contact Us and we will be happy to help you.

Privacy Policy

Terms of Use

© Copyright 2023 HexaEight - All Rights Reserved
HexaEight Trademark is held by HexaEight. Various trademarks are held by their respective owners.