API Key Generator

A good API key is cryptographically random, sufficiently long (32-64 characters minimum), uses a large character set, and includes a recognizable prefix for identification. For example, "sk_live_a3f8b2c1..." is clearly a live secret key. Prefixes help teams identify key types and environments without exposing the secret portion.

A minimum of 32 characters using alphanumeric characters provides about 190 bits of entropy — effectively unguessable. Most major APIs use 32-64 character keys. Shorter keys increase collision risk; longer keys add no practical security benefit but increase storage and transmission overhead.

Yes — the tool uses the Web Crypto API (crypto.getRandomValues()) for all random number generation. This is the same source used for TLS key generation in browsers. The output is suitable for production API keys, bearer tokens, webhook secrets, and encryption keys.

Yes — specify a prefix like "sk_live_", "pk_test_", or "whsec_" that will be prepended to the random portion. Prefixes help identify key types, environments (live vs test), and services at a glance. The prefix is not included in the entropy calculation — only the random portion matters for security.

Generate keys in hexadecimal (0-9, a-f), base62 (0-9, A-Z, a-z), base64, or base64url (URL-safe) encoding. Base62 is the most common for API keys — it is URL-safe, case-sensitive, and compact. Hexadecimal is useful for HMAC secrets and encryption keys.