API Key Generator
Generate cryptographically random API keys and tokens in hex, base62, or base64url, with control over length, an optional prefix, and bulk output.
API key
Very strong ~191 bits
Generated on your device. Nothing is sent or stored.
Format
Number of random characters in each key, not counting the prefix.
Prepended to every key to match a naming scheme like sk_ or pk_live_. Fixed text, so it adds no strength.
Amount
How to generate an API key online
Get a key instantly
A random key appears the moment the page loads, ready to copy.
Choose a format
Pick hex, base62, or base64url depending on what your service accepts.
Set length and prefix
Drag the length slider and add an optional prefix like sk_ so keys match your naming scheme.
Copy or regenerate
Copy one key or a whole batch, or regenerate to roll fresh values.
Why use this tool
Three key formats
Generate keys as hexadecimal, base62 letters and digits, or URL-safe base64url, so the output fits whatever your service expects.
Custom prefix
Prepend a label like sk_ or pk_live_ to every key to match the convention used by your API.
Adjustable length and strength
Set the number of random characters from 16 to 96 and watch the estimated bits of strength update as you go.
Bulk generation
Create 1, 5, or 20 keys at once and copy them individually or all together for seeding environments or issuing credentials.
URL and header safe
Every format avoids characters that need escaping, so keys drop straight into request headers, query strings, and .env files.
Generated on your device
Keys come from a cryptographically secure random source and are never sent, stored, or logged anywhere.
About this tool
This API key generator creates random keys and tokens on your device for use as secret keys, access tokens, or bearer credentials. Choose from three formats: hexadecimal, base62 with letters and digits, or URL-safe base64url. Every character is drawn uniformly from the chosen alphabet using a cryptographically secure random source, the same quality of randomness browsers use for encryption, so each key is unpredictable and free of patterns.
Set the length anywhere from 16 to 96 characters. Strength is shown in bits: a 32 character base62 key carries around 190 bits, far beyond the 128 bits considered strong for a secret. An optional prefix like sk_ or pk_live_ is prepended to every key so the output matches the naming scheme of services that tag keys by type or environment; the prefix is fixed text and does not count toward strength. Bulk mode produces 5 or 20 keys at once for seeding development environments or rotating credentials across services.
Because everything runs in your browser, no server ever sees a key, which is exactly what you want from anything that guards access to an account or an API. Copy a single key or the whole batch, or regenerate to roll new values instantly. Pair it with the password generator for account logins, or the UUID generator when you need unique identifiers rather than secrets.
Frequently asked questions
- How are the API keys generated?
- Each character is drawn uniformly from the format's alphabet using your browser's cryptographically secure random source, the same quality of randomness used for encryption keys. There is no seed you can predict and no pattern between keys, so the full length of each key is genuine entropy.
- What is the difference between hex, base62, and base64url?
- Hex uses the 16 digits 0-9 and a-f, so it is widely recognized but longer for the same strength. Base62 uses digits plus upper and lower case letters, giving shorter, readable, URL-safe keys. Base64url adds the - and _ characters for the most compact output. All three are safe in URLs, headers, and .env files.
- How strong should an API key be?
- 128 bits of entropy is the common benchmark for a secret that should be infeasible to guess. The strength readout estimates bits for your current format and length, and a 32 character key in any of the three formats clears 128 bits comfortably. Longer keys add more margin.
- What is the prefix for?
- Many services tag keys by type or environment, such as sk_ for a secret key or pk_live_ for a live publishable key. The prefix is prepended to every generated key so it fits that convention. Because it is fixed text, it adds no randomness and is not counted in the strength estimate.
- Are the keys uploaded or stored anywhere?
- No. Keys are generated entirely on your device and never leave your browser. Nothing is uploaded, logged, or saved; once you leave the page the values are gone unless you copied them.
- What are the limits?
- Keys can be 16 to 96 characters in hex, base62, or base64url, with an optional prefix of up to 32 characters. You can generate 1, 5, or 20 at a time, and because everything runs locally there are no rate limits or quotas.
Related tools
Password Generator
Create strong random passwords or memorable passphrases, with control over length, characters, word count, and bulk output.
UUID Generator
Generate version 4 and version 7 UUIDs in bulk, with case and format options.
Hash Generator
Hash text or any file to MD5, SHA-1, SHA-256, and SHA-512, and verify a checksum.
ASCII Table Reference
The full ASCII character set with decimal, hex, octal, binary, and HTML codes. Search by code, character, or name.
Atbash Cipher
Mirror the alphabet so A swaps with Z, B with Y, and so on. Atbash is its own inverse, so one field both encodes and decodes as you type.
Base32 Encoder and Decoder
Encode text to standard Base32 and decode Base32 back to text, following RFC 4648.