Authenticated Encryption Anywhere And Everywhere

AI Assisted Universal Authentication And Encryption Platform Featuring an Authentication Assistant For Securing Next Generation AI Based Apps, Systems, Devices And Humanoids

HexaEight Provides A Revolutionary Authentication Platform That Enables Businesses To Develop Next Generation Multi-Lingual Interactive AI Assistants, Capable Of Authenticating Users Using QR Codes And Voice Interactions, Thus Eliminating The Need To Disclose User Password To The AI Application


Use Our Revolutionary Platform For Authenticating Unlimited Users In AI Assistants, Websites, Apps, Systems, Devices as well as Robots 


Use Our Encryption Technology To Establish Secure Communication Across Sessions, Backend APIs and Resource Servers

Why HexaEight Platform?

Implement our cutting-edge authentication technology to build Next generation Front End And Back-End Apps powered by AI using your favorite language.
✓ Eliminate User Registrations And Sign-Ups
Integrated Authentication using AI Assistant
✓ Single-Sign-On Across Apps, Systems And Devices
✓ Protect your Apps using Application Layer Encryption
✓ Use Token-less Authentication To Protect Back-End API

Enhanced Compliance And Governance Across Apps

Build Assistants Using Controlled GPT  

Controlled GPT is a Feature Rich Virtual Machine Offered In Microsoft Azure Market Place which empowers businesses with a secure and compliant framework for building Controlled AI assistants while retaining control over its actions, responses and behavior.  Controlled GPT Assistants prioritize user privacy, reduce bias, provide top-quality interactions, and are feature rich with function calling capabilities and can be tailored to meet individual or organizational requirements. 

Our Platform Features

✓ Authentication

Authenticate  Any User Using  Any Email Address Or Any Machine Using A Domain Name Or Resource ID

✓ Authorization

Use Our Dynamic Authorization Capability Post Authentication Or Plugin your Own Authorization Layer

✓ Encryption

Enable Application Layer Encryption As Well As Authenticated Encryption Using Our Technology Across Applications

✓ Verification

Physically Or Virtually Verify Any User EMail Address Using Our Mobile Application To Prevent Frauds 

✓ Peer To Peer

Encrypt Information To Any User Or Machine By Fetching An Asymmetric Shared Key From Our Platform.

✓ Key Protection

Stolen User And Machine Keys Cannot Be Used By Anyone To Spoof The Identity Of Another User Or Machine

✓ Key Rotation

Machine Keys are automatically rotated every 15 minutes and Application Keys are rotated every Month

✓ Offline

Use Our Technology To Allow Devices To Establish Direct Secure communication even when they are offline

✓ Static Site Protection

Enable Authentication in your Java Script App hosted on any Static Web Site


Protect your APIs using our Technology without using any API Keys for authorized access

✓ Non-HTTP 
Site Protection

Our Authentication solution can also protect Applications hosted on plain http protocol

✓ Protocol

Our Authentication and Token-less solution is completely

✓ Two Factor Authentication

Users will need to solve an Encrypted QR Captcha before they are granted access to their Login Session.

✓ Password-less Authentication

Users do not need to type any Passwords in the Client Or Browser during login in order to provide maximum security

✓ True

Cookies can be safely disabled to prevent providers from tracking you since we don't use Cookies

✓ Data

Data can be stored securely across sessions in the local storage using built-in functions offered by our Platform

How Does Our Authentication Work?

HexaEight Authenticator For End-Users

HexaEight Authenticator Is Our Complimentary Mobile App, Designed For Users, Resource Owners, System Administrators And Device Operators That Seamlessly Integrates Our Authenticated Encryption Technology.

It Allows End-Users To Scan QR Codes & Authenticate In
✓  Front-End Applications By Authorizing User Agents  
✓ Across Operating Systems Using One-Time-PASSCODE
✓ External And Physical Devices like Magnetic Door-locks, as well as in Humanoids, Robots, Drones.

HexaEight Authenticator For Owners

✓ Resource Owners Build And Authorize Front-End And Back-End Applications

✓ System Administrators Authorizes Machines And Integrate Our Plugins to Enable Authentication For End-Users Across Operating Systems

✓ Device Operators Authorizes External Devices And Build Apps Using Our SDK To Enable Authentication For End-users In External and Physical Devices.

HexaEight Sessions

HexaEight Sessions Is Our Flagship Technology Solution That Enables Authentication Using Encryption Across Web, Mobile, Systems, Devices as well as in AI powered Applications.
It Uses A Unique Concept Of Token-less Authentication, Relying On Our Patent-pending Encryption Technology To Establish The Identity Of Any User Or Machine.
In Addition, HexaEight Sessions Implements Two-factor Authentication, Using Encrypted QR Codes As An Extra Security Layer To Ensure The Highest Level Of Protection.

User To Machine, Services And Devices

HexaEight Sessions can be used in both client and server applications to establish secure communication.

An end user can prove their identity by encrypting information to the server application using HexaEight Session. Similarly the server application uses HexaEight Middleware Session to verify the user's identity and also proves its own identity by sending back encrypted information back to the client application.

Direct User To User Authentication and Secure Communication via Application

HexaEight Sessions Can Also Be Used For Peer To Peer Authentication Like In A Chat Application Or In A Peer To Peer Web3 or Gaming App

HexaEight Session Capabilities

Authenticate Any User

HexaEight Sessions simplifies the complex task of authenticating Email Users without the need to type a password at login prompt

Encrypt And Decrypt

HexaEight Sessions provides encryption and decryption capabilities for any destination even if the destination is not yet registered on our Platform

Protect And Decipher

HexaEight Sessions provide self encryption capabilities to protect the data stored in local Browser storage or in an untrusted environment

Secure Communication

HexaEight Sessions offers HTTP Client instances that implements authenticated encryption to secure communication with Destination APIs

Machine To Machine Communication

Our Technology allows seamless, direct communication between machines using HexaEight Machine Sessions without the need to implement any application.

Our Cloud Platform provides the encryption keys for the source and destination machines, enabling them to establish a secure and authenticated bidirectional communication channel using our cutting-edge encryption technology.

Easy Integration

Building Web2, Web3 And AI Powered Apps

Step 1 →

Self Host HexaEight Token Server on any Operating System and Create a Client Application Realm. Apply Authorization Policies To The Client Application Realm

Step 2 →

Build A Front End UI And Integrate HexaEight Sessions by pointing to Token Server along with the Client Application ID.  Publish your Client Application To End Users 

Step 3 ✔

Integrate Our Middleware by pointing to the Token Server.  Apply access policies in the Token Server to Protect Your Backend APIs without API Keys

Integrate Operating System Plugins

Step 1 →

Self Host HexaEight Token Server And Apply Access Policies To Define The Users Who Are Allowed To Login To Your Systems

Step 2 →

Integrate Our Authentication Plugin in your Operating System and configure your plugin which will allow users to login to your System using a One Time Pass Code.

Physical And External Devices

Custom Authentication

Our SDK libraries can be used to build and integrate HexaEight Sessions for establishing secure communication in Devices, Drones and Robots using Raspberry Pi's and can also use CANBUS SDK to allow electronic subsystems to authenticate and securely establish secure communication with each other.

Our Core Technology
HexaEight Encryption

Standard Encryption Techniques like Public Key cryptography use a pair of keys, a public key and a private key, to encrypt and decrypt data. The Public key is used to encrypt the data, while the Private key is used to decrypt it. While this technique ensures the secrecy of the message, it cannot be used to establish the identity of the sender as the Public key can be subject to attacks during the exchange process.

To verify the identity of a user using a public key, a Certificate Authority (CA) must certify the Public key and issue a Digital Certificate. While Digital Certificates and Signatures offer message authenticity, they can be compromised if the private key is misplaced or stolen. In this case, it can be time-consuming to revalidate and issue a new Digital Certificate and Signature

HexaEight Technology combines asymmetric and symmetric encryption techniques to create a new method that can be used for both Authentication and Encryption. Our platform eliminates the need to maintain a public key infrastructure by allowing users to establish secure communication with any user or machine by simply retrieving an asymmetric shared key of the destination from our Platform. Asymmetric shared keys are resistant to attacks, making our technology a secure option for use in any environment.

A Schematic Diagram Of Our Encryption And Decryption Process Used Across
Users, Applications, Machines And Devices

Our Serverless Technology

HexaEight Serverless

HexaEight Serverless is our solution that utilizes serverless technology to enable contactless authentication in web applications. If you're looking for a quick and easy contactless login solution for kiosks or registration desks, HexaEight Serverless can meet your needs. However, please note that this solution uses HTTP secure cookies during the authentication process.

Download Our Mobile Application


This QRCode

To Download Our
Mobile App From
Google Play Store


This QRCode

To Download Our
Mobile App From
Apple Play Store

Simple Pricing for Everyone

HexaEight Pricing

Please note that our Authentication service is completely free of charge for unlimited users and it will remain free forever, with no limitations regardless of any number of users, the charges you will incur will depend on the total number of consumed client or machine tokens every month.

In order to understand our pricing, your need to understand the below terminologies and the cost associated with them.


To implement authentication in your application, using our Platform, you'll need to self-host our Token Server. Initially, your front end application will contact our Platform to complete the initial authentication process at no cost. After that, your application will communicate with your hosted Token Server for authorization and complete the authentication process by creating a HexaEight Session inside the Application which is again FREE. However In order for your self-hosted Token Server to talk to Our Platform securely you will need Machine Tokens which is chargeable.


To encrypt and decrypt information within HexaEight Sessions, your application requests Client Tokens from your self-hosted Token Server. These Client tokens are again chargeable.

In Summary HexaEight User Sessions request for Client Tokens and Resource Servers, Systems, and any other Devices consume Machine Tokens in order to establish a secure communication both with  our Platform as well another Machines that have implemented our authentication Framework.

How Much Does It Cost?

HexaEight Token Server uses Machine Tokens to establish secure and direct communication with our Platform (auth.hexaeight.com).

To host an HexaEight Token Server, you'll need an API key. The Token Server fetches a Machine token also known as an asymmetric shared key of auth.hexaeight.com every 15 minutes to establish secure and direct communication with our platform. Each machine token required for this operation costs $0.001, so hosting one Token Server would cost approximately $3 per month

What is the Cost Of Tokens?

Every Client Token costs $0.003 and is specific to a particular destination and tied to the user session so that can be reused any number of times for a maximum period of 30 days or as long as the session is active.

HexaEight Platform implements Perfect Forward Secrecy and hence Machine Tokens are rotated every 15 minutes for every destination and such are valid only for a period of 15 minutes and can be reused as many times as needed during this time window

Free Plan



Per Month

10 Client Tokens
per month
for FREE

100 Machine Tokens
per month
for FREE

Max 10 Token Requests
per hour

Best For Testing One Token Server and 10

HexaEight Sessions Authentications
per month

Pro Plan 


Per Month

1000 Client Tokens
per month
+ $0.003 each other

6000 Machine Tokens
per month
+ $0.001 each other

Max 100 Token Requests
per minute

Supports Machine Tokens For Two Token Servers And
100 Sessions Authentication per minute

Mega Plan


Pay Only

$0.003 per
Client Token

$0.001 per
Machine Token

Token Requests

Unlimited Machine Tokens and HexaEight Session Authentications

By clicking Subscribe above, you'll be directed to our partner portal, RAPID API, which is the world's largest API hub. From there, you can choose and subscribe to any of our plans

 Hosted Token Server ADD-ON
Subscribe Via PayPal

If you don't have the infrastructure to host our Token Server, we can host one for you for as low as $3 per month. You can then feed the Rapid API Key and use this Token Server for authentication in Unlimited Applications.

Additional Questions?

If you have more questions feel free to Contact Us and we will be happy to help you.

Privacy Policy

Terms of Use

© Copyright 2023 HexaEight - All Rights Reserved
HexaEight Trademark is held by HexaEight. Various trademarks are held by their respective owners.