Dev
Random API Key Generator
Placeholder values like XXXXXXXX or your-api-key-here break middleware tests and confuse teammates reading tutorials. A random API key generator creates properly formatted keys that match the length and character set your validation logic expects — without committing real credentials. Two inputs control the output. Count sets how many keys to generate (1–30). Key Format picks the structure: hex-32 produces a 32-character lowercase hex string; hex-64 doubles that length; alphanumeric-32 uses Base62 for 32 characters; prefixed prepends one of six prefixes (pk_live, sk_live, pk_test, sk_test, api_key, svc_key) followed by 24 alphanumeric characters; stripe-style produces sk_live or sk_test plus two segments matching Stripe's key format. These keys are generated in the browser and not registered with any service. For production secrets use Node's crypto.randomBytes() or a secrets manager.
How to use
- Choose your options above
- Click Generate
- Copy your result
Detailed instructions
- Set the Number of Keys field to how many API keys you want generated in one batch.
- Choose a Key Format from the dropdown: prefixed for Stripe-style keys, hex for AWS-style tokens, or alphanumeric for generic use.
- Click Generate to produce your keys instantly in the output panel.
- Click any individual key to copy it, or copy the full list to paste into your .env file, Postman environment, or documentation.
Use Cases
- •Seeding a staging Postgres database with unique per-user API keys using a Jest beforeAll fixture script
- •Populating Postman environment variables with hex-64 placeholders during early API prototyping
- •Testing prefix-detection middleware by generating batches of Stripe-style sk_test_ keys before the real integration is wired up
- •Writing GitHub tutorial code that shows realistic key examples without exposing any live credentials
- •Fuzzing API key validation regex across 30+ alphanumeric and hex keys to confirm your pattern handles all expected formats
Tips
- →Use the prefixed format when your middleware reads the key prefix to decide env or permission level — realistic prefixes stress-test that logic.
- →Generate 10-20 alphanumeric keys at once and paste them as fixture data in your test suite so each test user gets a distinct, realistic-looking key.
- →If your docs show multiple API calls, use one batch of prefixed keys throughout so examples look like they belong to the same account.
- →Pair generated hex keys with a fake UUID generator to build complete mock authentication payloads for Postman collections.
- →Avoid using the same placeholder key in both your README examples and your actual test fixtures — someone may copy the README value and wonder why it fails.
- →When mocking third-party SDKs locally, match the key length and prefix of the real service so SDK validation helpers don't reject the placeholder before your code even runs.
FAQ
can I safely commit these fake API keys to a public GitHub repo
Yes — these keys are not registered with any service, so committing them carries no security risk. Add a comment labeling them as placeholders so future contributors do not mistake them for real credentials. Never commit real API keys, even if they happen to look similar.
what is the difference between hex and alphanumeric formats for API keys
Hex keys use only characters 0–9 and a–f, matching patterns from AWS, many OAuth providers, and Git commit hashes. Alphanumeric keys include uppercase and lowercase letters as well as digits, giving more entropy per character — useful when your validation logic accepts the full Base62 character set rather than hex only.
are these API keys safe to use in production
No — they are generated in the browser using Math.random() and are not backed by a secure registry or cryptographic RNG. They are suitable for development, testing, and documentation only. For production secrets, use Node's crypto.randomBytes() or a dedicated secrets manager.
what is the stripe-style format and when should I use it
The stripe-style format produces keys like sk_test_AbCdEfGh12345678_Xy4z1234, combining a sk_live or sk_test prefix with two alphanumeric segments. Use it when testing prefix-detection middleware, SDK initialization logic, or UI flows that validate Stripe-style credentials before the real integration is wired up.
You might also like
Popular tools from other categories that share themes with this one.
Try these next
More free tools from other corners of the catalog, picked by shared themes.