Search tools

Find a tool by name or what it does.

API Key Generator

Generate cryptographically random API keys and tokens in hex, base62, or base64url, with control over length, an optional prefix, and bulk output.

API key

Very strong ~191 bits

Generated on your device. Nothing is sent or stored.

Format

Number of random characters in each key, not counting the prefix.

Prepended to every key to match a naming scheme like sk_ or pk_live_. Fixed text, so it adds no strength.

Amount

How to generate an API key online

  1. Get a key instantly

    A random key appears the moment the page loads, ready to copy.

  2. Choose a format

    Pick hex, base62, or base64url depending on what your service accepts.

  3. Set length and prefix

    Drag the length slider and add an optional prefix like sk_ so keys match your naming scheme.

  4. Copy or regenerate

    Copy one key or a whole batch, or regenerate to roll fresh values.

Why use this tool

Three key formats

Generate keys as hexadecimal, base62 letters and digits, or URL-safe base64url, so the output fits whatever your service expects.

Custom prefix

Prepend a label like sk_ or pk_live_ to every key to match the convention used by your API.

Adjustable length and strength

Set the number of random characters from 16 to 96 and watch the estimated bits of strength update as you go.

Bulk generation

Create 1, 5, or 20 keys at once and copy them individually or all together for seeding environments or issuing credentials.

URL and header safe

Every format avoids characters that need escaping, so keys drop straight into request headers, query strings, and .env files.

Generated on your device

Keys come from a cryptographically secure random source and are never sent, stored, or logged anywhere.

About this tool

This API key generator creates random keys and tokens on your device for use as secret keys, access tokens, or bearer credentials. Choose from three formats: hexadecimal, base62 with letters and digits, or URL-safe base64url. Every character is drawn uniformly from the chosen alphabet using a cryptographically secure random source, the same quality of randomness browsers use for encryption, so each key is unpredictable and free of patterns.

Set the length anywhere from 16 to 96 characters. Strength is shown in bits: a 32 character base62 key carries around 190 bits, far beyond the 128 bits considered strong for a secret. An optional prefix like sk_ or pk_live_ is prepended to every key so the output matches the naming scheme of services that tag keys by type or environment; the prefix is fixed text and does not count toward strength. Bulk mode produces 5 or 20 keys at once for seeding development environments or rotating credentials across services.

Because everything runs in your browser, no server ever sees a key, which is exactly what you want from anything that guards access to an account or an API. Copy a single key or the whole batch, or regenerate to roll new values instantly. Pair it with the password generator for account logins, or the UUID generator when you need unique identifiers rather than secrets.

Frequently asked questions

How are the API keys generated?
Each character is drawn uniformly from the format's alphabet using your browser's cryptographically secure random source, the same quality of randomness used for encryption keys. There is no seed you can predict and no pattern between keys, so the full length of each key is genuine entropy.
What is the difference between hex, base62, and base64url?
Hex uses the 16 digits 0-9 and a-f, so it is widely recognized but longer for the same strength. Base62 uses digits plus upper and lower case letters, giving shorter, readable, URL-safe keys. Base64url adds the - and _ characters for the most compact output. All three are safe in URLs, headers, and .env files.
How strong should an API key be?
128 bits of entropy is the common benchmark for a secret that should be infeasible to guess. The strength readout estimates bits for your current format and length, and a 32 character key in any of the three formats clears 128 bits comfortably. Longer keys add more margin.
What is the prefix for?
Many services tag keys by type or environment, such as sk_ for a secret key or pk_live_ for a live publishable key. The prefix is prepended to every generated key so it fits that convention. Because it is fixed text, it adds no randomness and is not counted in the strength estimate.
Are the keys uploaded or stored anywhere?
No. Keys are generated entirely on your device and never leave your browser. Nothing is uploaded, logged, or saved; once you leave the page the values are gone unless you copied them.
What are the limits?
Keys can be 16 to 96 characters in hex, base62, or base64url, with an optional prefix of up to 32 characters. You can generate 1, 5, or 20 at a time, and because everything runs locally there are no rate limits or quotas.

Related tools