Generate short unique ids from integers

available in JavaScript, Ruby, Python, Java, Scala, PHP, Perl, Perl 6, Swift, Clojure, Objective-C, C, C++11, D, F#, Go, Erlang, Lua, Haskell, Elixir, Rust, Smalltalk, ColdFusion, Groovy, Kotlin, Nim, VBA, Haxe, Crystal, Elm, ActionScript, CoffeeScript, Bash, R, TSQL, PostgreSQL and for .NET

Hashids is a small open-source library that generates short, unique, non-sequential ids from numbers.

It converts numbers like 347 into strings like “yr8”, or array of numbers like [27, 986] into “3kTMd”.

You can also decode those ids back. This is useful in bundling several parameters into one or simply using them as short UIDs.

check out the demo

Are you also using Hashids? Add your project.

  • Codepen
  • Be My Eyes
  • Pathbrite
  • ZenLocator
  • Laravel bin
  • HTML Muncher
  • Digestif
  • Laravel.fr
  • Jiecao.fm

PostgreSQL version

SELECT hash_encode(123, 'this is my salt', 10); -- Result: 4xpAYDx0mQ
SELECT hash_decode('4xpAYDx0mQ', 'this is my salt', 10); -- Result: 123

Implemented by Vahagn Mkrtchyanhttps://github.com/iCyberon/pg_hashids


  1. Create short unique ids from numbers (positive numbers & zero).
  2. Allow custom alphabet as well as salt — so ids are unique only to you.
  3. Incremental input is mangled to stay unguessable.
  4. Code is tiny (~350 lines), fast and does not depend on external libraries.

Compatibility table

Current stable version across implementations is 1.0. We're in the process of updating all versions to 1.0, so please be patient. Versions are tagged as major.minor.patch — we try to follow SemVer but be sure to check the changelog of each library for details.

Since produced ids might differ after updates, be sure to include exact version of Hashids, so you don't unknowingly change your existing ids. For example for npm use:

JSON"dependencies": {
  "hashids": "1.0.0"

And not: "hashids": "~1.0.0"

  • JavaScript
    Perl 6
  • 1.0.* (stable)
  • 0.3.* (prev)

How does it work?

Hashids works similarly to the way integers are converted to hex, but with a few exceptions:

  1. The alphabet is not base16, but base base62 by default.
  2. The alphabet is also shuffled based on salt.

This JavaScript function shows regular conversion of integers to hex. It's part of Hashids (although this is a modified example):

JavaScriptfunction toHex(input) {

  var hash = "",
    alphabet = "0123456789abcdef",
    alphabetLength = alphabet.length;

  do {
    hash = alphabet[input % alphabetLength] + hash;
    input = parseInt(input / alphabetLength, 10);
  } while (input);

  return hash;



bouncercat awesomed by cameronmcefee

We need ids to be nice and friendly especially if they end up being in the URL.

Therefore, the algorithm tries to avoid generating most common English curse words by never placing the following letters (and their uppercase equivalents) next to each other:

c, s, f, h, u, i, t

This is done by using them as separators.

Are there any alternatives?

Yes, there are a few and you should pick the most appropriate for the job. Hashids is not perfect for everything.

  1. Base64 encode. This is the most straightforward approach — most languages have these functions. If you don't need all the fancy extras Hashids has to offer, this method will work just fine. It'll probably be faster too. Read more.
  2. Generate ids based on timestamp. If you can afford certain degree of collisions, you could compose an id that's built on the fly. Use a counter (if you have one) + timestamp (even better if in milliseconds) + some system value (either an IP address or some machine id) + a random integer. Many big companies implement this approach because it works well in distributed systems. These ids are generated independently of each other and the risk of collisions is so tiny it's negligible.
  3. If you need your ids to consist of only numbers, check out Optimus. It's based on Knuth's integer hash method and produces obfuscated integer ids (and does it faster too). There are PHP and Go implementations.
  4. Check out how others do it:

    - How does Instagram generate ids?

  5. Know of another method? Tell me @IvanAkimov or ivanbarreleyecom

What not to do

  1. Do not try to encode negative numbers. It won't work. The library currently supports only positive numbers and zero. If you're trying to use numbers as flags for something, simply designate the first N number of digits as internal flags.
  2. Do not encode strings. We've had several requests to add this feature — "it seems so easy to add". We will not add this feature for security purposes, doing so encourages people to encode sensitive data, like passwords. This is the wrong tool for that.
  3. Do not encode sensitive data. This includes sensitive integers, like numeric passwords or PIN numbers. This is not a true encryption algorithm. There are people that dedicate their lives to cryptography and there are plenty of more appropriate algorithms: bcrypt, md5, aes, sha1, blowfish. Here's a full list.


There are no collisions because the method is based on integer to hex conversion. As long as you don't change constructor arguments midway, the generated output will stay unique to your salt.

Additionally, we encourage you to pre-generate a large number of ids for testing purposes — to analyze their uniqueness, whether they look random enough for your project and what your upper integer limit is (which usually depends on your system/language).

Please note that generated ids are case-sensitive by default ("Aaa" is not the same id as "aaa").

Why "hashids"?

Originally the project referred to generated ids as hashes, and obviously the name hashids has the word hash in it. Technically, these generated ids cannot be called hashes since a cryptographic hash has one-way mapping (cannot be decrypted).

However, when people search for a solution, like a "youtube hash" or "bitly short id", they usually don't really care of the technical details. So hashids stuck as a term — an algorithm to obfuscate numbers.

Decoding without salt

Do you have a question or comment that involves "security" and "hashids" in the same sentence? Don't use Hashids. Here are some ways to decode:

  1. Use a brute-force attack. These ids are short, get a big dictionary and this shouldn't be too hard.
  2. Use an even faster method with this blog post.
  3. Know of another method? Tell me @IvanAkimov and I'll post it here.

How to contribute

If you've found a bug, please open a github issue in the appropriate repository. Bonus points if you submit a pull request with it.

If an implementation in your favorite language is missing, feel free to port it over from one of the existing versions. There's still plenty of languages to contribute in: Julia, Nu, Io, Racket, Scheme, Tcl, Dylan, Lolcode?

We try to keep the library versions compatible. If you see an outdated version in an existing implementation, please open a github issue in that repository — show your +1 support for that issue.

If you have a new library, plugin or extension ping me @IvanAkimov. You can also reach me at ivanbarreleyecom

codercat by cameronmcefee

Are you using Hashids?

Whether it's an open-source project or a commercial product, tell us at https://github.com/hashids/hashids.github.io/wiki/Who's-Using-Hashids !

Hashids elsewhere

If you have a question about Hashids, a lot has already been answered. Try checking one of these:


Many thanks to the numerous folks that have implemented the different versions, plugins, extensions as well as to those that have suggested general improvements.


All hashids libraries are under MIT license. You can use them in open source projects and commercial products. Don't break the Internet. Kthxbye.