API Key Generator

Generate random API keys with customizable prefix, format, separators, and character sets.

  1. Home
  2. > Hash & Security >
  3. API Key Generator

Configuration

Generated API Keys

Configure your key and click Generate.

How to Use This API Key Generator

  1. Choose or type a prefix — Select a preset (Stripe-style, API, etc.) or type your own.
  2. Select format — Hex (compact), Base62 (case-sensitive), Base64 URL Safe, or mixed alphanumeric.
  3. Set segments — Number of groups (1–8). More segments = longer, more secure keys.
  4. Set segment length — Characters per segment (2–16). Total key length = prefix + (segments × segLength) + separators.
  5. Pick a separator — Underscore, hyphen, dot, colon, or none.
  6. Toggle uppercase — Optionally force uppercase characters.
  7. Generate — Creates 5 unique keys at once. Copy individual or all.

API Key Best Practices

  • Use a prefix — Prefixes make it easy to identify key types (e.g., sk_live_ for secret live keys, pk_test_ for publishable test keys).
  • Minimum 128 bits of entropy — A 32-character hex key provides 128 bits. The default configuration (4 segments × 8 chars = 32 chars hex) meets this.
  • Hash stored keys — When storing API keys in your database, hash them (e.g., with SHA-256) so that a data breach doesn't expose raw keys.
  • Rotate keys regularly — Rotate API keys every 90–365 days. Invalidate old keys immediately after rotation.
  • Use separate keys — Different keys for development, staging, and production environments. Use read-only keys for public-facing clients.

Frequently Asked Questions

How long should an API key be?

Aim for at least 128 bits of entropy. The default config produces a 32-character hex key (128 bits). For higher security, increase segments or segment length. Stripe uses 32-character hex keys for secret keys (sk_live_ + 24 chars).

Is this safe for production API keys?

Yes. This tool uses the Web Crypto API (crypto.getRandomValues()), which is the same cryptographic random number generator used by operating systems and security software. Keys are generated locally in your browser and never sent to any server.

Why use a prefix?

Prefixes help identify key types at a glance. For example, Stripe uses sk_live_ (secret key live), pk_test_ (publishable key test), and whsec_ (webhook secret). Prefixes also allow automated systems to detect and handle different key types.

How is this different from the Random Token Generator?

The Random Token Generator focuses on raw tokens with configurable length and format. The API Key Generator adds prefixes, segments, separators, and uppercase-only mode — features specifically designed for generating production-ready API keys that follow common industry patterns.

Help2Code Logo
Menu
Blog
Encoder & Decoder
Utility
General
Image Tools
PDF Tools
Minifier
Web Dev
Laravel
Tailwind