API Key Generator
Generate random API keys suitable for service authentication. Choose a prefix (sk, pk, api, or none), set the length, and generate one or many keys at once. All keys are generated using your browser's cryptographic random source.
Also known as: API token · access key · secret key
secure · crypto RNG
Private by design. Your API key is generated locally and never saved, uploaded, or shared — only your settings can be, and only when you choose.
Presets
Output
About this tool, tips & examples
What it does
The API Key Generator creates random, cryptographically secure API keys
suitable for service authentication. Choose a prefix convention — sk for
secret keys, pk for public keys, api for generic, or none for raw keys —
set the body length from 8 to 128 characters, and generate one key or a
whole batch. Every key comes from your browser’s cryptographic RNG.
Common use cases
- Development and staging — realistic test keys in the same shape as
Stripe-style production credentials (
sk_…,pk_…). - Provisioning — batch-generate keys for multiple services, tenants, or environments in one run.
- Key rotation exercises — fresh replacement keys during audits and rotation drills.
- Integration tokens — one-off credentials for webhooks and third-party connections.
Settings
- Prefix —
sk,pk,api, or raw (no prefix). Presets cover the common conventions. - Length (body) — 8 to 128 characters of random key material. Longer is stronger; 32+ is a sensible floor for real secrets.
- How many — one key or a batch, exportable as text, CSV, or JSON.
- Use separator — underscore between prefix and body (
sk_xxxvsskxxx).
Privacy note
Everything runs locally in your browser using the Web Crypto API. Keys are never uploaded, logged, saved automatically, or included in share links — only your settings can be saved or shared, never the keys themselves.
FAQ
Why is there no seed option? Secure generators are never seeded. A reproducible key would be a compromised key, so this tool always draws fresh cryptographic randomness.
Are these keys valid for Stripe / AWS / my provider? No — they’re not registered anywhere. They look like real keys (right prefix, right shape), which is exactly what you want for fixtures, demos, and secret-scanner tests. Real providers issue their own keys.
How long should an API key be? Match your real system’s format if you’re testing it; otherwise 32+ characters gives a comfortable security margin for keys you’ll actually use.
Key vs token — which tool do I want? This one for prefixed, provider-style API keys; the Secure Token Generator for raw hex/base64 secrets; the Encryption Key Generator for symmetric key material.