randarium
Keys

API Key Generator

Generate random API keys suitable for service authentication. Choose a prefix (sk, pk, api, or none), set the length, and generate one or many keys at once. All keys are generated using your browser's cryptographic random source.

Also known as: API token · access key · secret key

secure · crypto RNG

Private by design. Your API key is generated locally and never saved, uploaded, or shared — only your settings can be, and only when you choose.

Presets

Output

No output yet — set your options and hit .
About this tool, tips & examples

What it does

The API Key Generator creates random, cryptographically secure API keys suitable for service authentication. Choose a prefix convention — sk for secret keys, pk for public keys, api for generic, or none for raw keys — set the body length from 8 to 128 characters, and generate one key or a whole batch. Every key comes from your browser’s cryptographic RNG.

Common use cases

  • Development and staging — realistic test keys in the same shape as Stripe-style production credentials (sk_…, pk_…).
  • Provisioning — batch-generate keys for multiple services, tenants, or environments in one run.
  • Key rotation exercises — fresh replacement keys during audits and rotation drills.
  • Integration tokens — one-off credentials for webhooks and third-party connections.

Settings

  • Prefixsk, pk, api, or raw (no prefix). Presets cover the common conventions.
  • Length (body) — 8 to 128 characters of random key material. Longer is stronger; 32+ is a sensible floor for real secrets.
  • How many — one key or a batch, exportable as text, CSV, or JSON.
  • Use separator — underscore between prefix and body (sk_xxx vs skxxx).

Privacy note

Everything runs locally in your browser using the Web Crypto API. Keys are never uploaded, logged, saved automatically, or included in share links — only your settings can be saved or shared, never the keys themselves.

FAQ

Why is there no seed option? Secure generators are never seeded. A reproducible key would be a compromised key, so this tool always draws fresh cryptographic randomness.

Are these keys valid for Stripe / AWS / my provider? No — they’re not registered anywhere. They look like real keys (right prefix, right shape), which is exactly what you want for fixtures, demos, and secret-scanner tests. Real providers issue their own keys.

How long should an API key be? Match your real system’s format if you’re testing it; otherwise 32+ characters gives a comfortable security margin for keys you’ll actually use.

Key vs token — which tool do I want? This one for prefixed, provider-style API keys; the Secure Token Generator for raw hex/base64 secrets; the Encryption Key Generator for symmetric key material.