MrHaseeb
Book Call

API Key Generator

Generate hex, base64, or URL-safe keys using the Web Crypto API.

When to use this tool

  • Provisioning a fresh API key for a service without using an unvetted CLI.
  • Seeding a development `.env` with strong random values.
  • Generating a one-time secret for a cron job or webhook URL.

How it works

  1. Pick an encoding: hex, base64, or URL-safe.
  2. Pick a length appropriate for your threat model.
  3. Generate the key.
  4. Copy and store it in a secrets manager — never commit it.

Privacy: This tool runs entirely in your browser. Your input is not sent to our servers.

Generated key

Advertisement

Frequently asked questions

What entropy source is used?

The Web Crypto API's `crypto.getRandomValues`. Output is cryptographically strong random bytes.

How long should my API key be?

256 bits (32 bytes) is a safe default for most authentication tokens. Use 512 bits if the secret protects long-lived access.

Is a UUIDv4 safe as an API key?

UUIDv4 provides 122 bits of randomness. It is acceptable for low-risk keys; use 256-bit keys for anything production-sensitive.