API Key Generator
Generate secure, random API keys in your browser. Pick a key prefix (sk_, pk_, api_, or your own), choose an alphanumeric, hex, or base64url format, set the length and how many keys to create, and get cryptographically random keys built with the Web Crypto API. Nothing is uploaded.
100% private. Keys are generated locally with the cryptographically secure Web Crypto API (crypto.getRandomValues). Nothing is sent to a server.
The API Key Generator creates strong, random API keys directly in your browser. Choose a recognizable prefix such as sk_ for a secret key or pk_ for a publishable key, or set your own. Pick an alphanumeric, hexadecimal, or base64url character set, decide how long each key should be and how many you need, and generate them instantly. Every key is built from cryptographically secure random bytes using the Web Crypto API, and nothing ever leaves your device.
What is an API key generator?
An API key is a long, hard-to-guess string that an application sends with each request to identify and authenticate itself to a service. An API key generator produces those strings for you, made from random characters so they cannot be predicted or brute-forced. Good keys are long, drawn from a large character set, and generated from a cryptographically secure source of randomness rather than from a simple random function. This tool does exactly that, and lets you add a human-readable prefix so you can tell at a glance whether a key is a secret or publishable one.
How to generate an API key
Choose a prefix and format, set the length and quantity, and generate. You can copy a single key or a whole batch at once.
- Pick a key prefix preset (sk_, pk_, api_), enter a custom prefix, or choose no prefix.
- Select the character format: alphanumeric, hexadecimal, or base64url.
- Set the key length and the number of keys to create.
- Click Generate to produce cryptographically random keys.
- Use Copy to put the keys on your clipboard.
How long should an API key be?
A practical minimum is around 32 characters from a large alphabet, which already gives well over 128 bits of entropy and is effectively impossible to guess. Longer keys add more entropy at the cost of being harder to handle. The entropy readout under the output estimates how many bits each key carries for the length and format you chose, so you can pick a size that is comfortably strong for your use case.
Why use this API key generator?
- Cryptographically secure: keys come from crypto.getRandomValues, not Math.random.
- Recognizable prefixes (sk_, pk_, api_) or your own custom prefix.
- Alphanumeric, hexadecimal, or base64url character formats.
- Adjustable length and bulk generation of up to 100 keys at once.
- Live entropy estimate so you know how strong each key is.
- Fully client-side: keys are generated locally and never uploaded.
Frequently asked questions
Are the keys generated securely?
Yes. Each key is built from random bytes produced by crypto.getRandomValues, the browser's cryptographically secure random number generator, and a rejection-sampling step removes modulo bias so every character is uniformly random. This is the same class of randomness recommended for tokens and secrets, and is far stronger than Math.random.
Are the keys sent to a server?
No. Generation happens entirely in your browser using local JavaScript and the Web Crypto API. The keys are never transmitted, stored, or logged. You can confirm this by watching your browser's network tools while you generate keys.
What do the sk_ and pk_ prefixes mean?
They are a common convention: sk_ marks a secret key that must stay private on your server, and pk_ marks a publishable key that is safe to expose in client code. The prefix is just a label to help you and your team recognize a key's purpose at a glance; you can also choose api_, set a custom prefix, or use none at all.
Which format should I choose?
Alphanumeric packs the most entropy per character and works well for general keys. Hexadecimal is handy when you need a key that only uses 0-9 and a-f. Base64URL is compact and safe to drop into URLs and headers because it avoids characters that need escaping. All three are generated the same secure way.
Can I generate several keys at once?
Yes. Set the quantity field to create a batch of up to 100 keys in one click, each independent and unique. Use Copy to grab the whole list at once, which is convenient when you need to provision keys for several environments or services.