Results
Results
| 1 |
About the API Key Generator
About the API Key Generator
Overview
Hardcoding a placeholder like "test123" as a stand-in API key works fine until it leaks into a commit, a log line, or a shared Slack thread — and unlike a real credential, it gives reviewers no signal about what a properly formed key should even look like. This tool generates cryptographically random, properly shaped key candidates on demand in Base62, hex, or UUID v4, with an optional prefix, so local development and onboarding docs can use realistic-looking keys without ever touching production secrets.
How to Use
- 1Pick a key shape from the Format dropdown — Base62, Hex, or UUID v4.
- 2For Base62 or Hex, set how many characters long the key should be in the Length field.
- 3Optionally type a tag like sk_ or api_ into the Prefix field — leave it blank if you don't need one.
- 4Set how many keys you want in the Count field — useful for seeding a batch of test accounts in one pass.
- 5Click Generate, then use the copy menu to grab the results as plain text, an .env block, or an MCP config snippet.
Specifications & Glossary
- Base62: Built from the alphanumeric set
[0-9A-Za-z], this is the format you'll recognize from Stripe-style keys — URL-safe with no characters that need escaping, and dense enough to pack a lot of entropy into a short string. - Hex: Restricted to
[0-9a-f], this is the same alphabet most crypto libraries emit by default — a SHA-256 digest, an HMAC signature, a randomBytes().toString('hex') call — so hex keys drop straight into code that already expects that shape. - UUID v4: Standard RFC 4122 UUID v4 (
xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx) — pick this when the system you're testing against expects a UUID column or type rather than an arbitrary string, since it slots straight into existing primary-key and request-ID fields. - Prefix: A short tag like
sk_,pk_, orapi_lets you tell secret keys apart from publishable ones at a glance — the same convention OpenAI uses with itssk-...keys — so a key pasted into a support ticket or a code review is self-documenting. - Entropy: A 32-character Base62 string carries roughly 190 bits of entropy — log2(62) per character — which is far beyond what any brute-force attack can realistically search, even at scale.
Use Cases
- Generating placeholder authentication tokens and API keys while building or testing a REST API.
- Generating webhook signing secrets for local testing.
- Mocking up customer-facing API keys for a multi-tenant SaaS product before the real issuance flow is built.
- An MCP server's config file (mcp.json or similar) almost always wants an API key or bearer token in its env block — generate one here and copy it straight out as a ready-to-paste MCP Config snippet via the output card's copy menu, instead of hand-typing a fake value that might not match the expected length or charset.