Skip to main content
Back to Numbers generators

Numbers

API Key Generator

Used by developers, writers, and creators worldwide.

An API key generator built for developers who need correctly formatted authentication tokens without writing a script or spinning up a server. This tool produces keys in four real-world formats: 64-character hex strings, 32-character alphanumeric tokens, Stripe-style prefixed keys like `sk_live_...`, and segmented keys for human-readable distribution. Everything runs in the browser — nothing is logged or sent anywhere. Format matters more than most developers realize. Hex keys map cleanly to 256 bits of entropy and suit HMAC signing. Alphanumeric keys are easier to read and copy. Prefixed keys encode scope and environment directly in the token, which cuts the cost of production mistakes. Set a custom prefix — `myapp_prod_` or `api_v2_` — and generate up to several keys at once for seeding, documentation, or config files.

Loading usage…

Free forever — no account required

How to use

  1. Choose your options above
  2. Click Generate
  3. Copy your result

Detailed instructions

  1. Select a key format from the dropdown: Hex (64 chars), Alphanumeric, Prefixed, or Segmented.
  2. If you chose Prefixed format, type your custom prefix (e.g., `myapp_prod_`) into the prefix field.
  3. Set the count field to how many keys you need — use 1 for a single token or higher to batch-generate.
  4. Click Generate to produce the keys, then copy individual keys or the full list for use in your project.

Use Cases

  • Seeding a Postgres staging database with realistic API key fixtures for 50 test users
  • Generating Stripe-style sk_live_ and sk_test_ tokens to document a SaaS billing integration
  • Creating 256-bit hex webhook secrets for HMAC-SHA256 signature validation in Express
  • Populating .env files and GitHub Actions secrets during local and CI/CD environment setup
  • Producing segmented keys in xxxx-xxxx format for license key documentation or Storybook examples

Tips

  • For webhook secrets specifically, use the Hex format — most HMAC validation libraries expect raw hex strings.
  • Prefix naming convention: use `_test_` vs `_live_` suffixes so engineers immediately know the key's environment without checking docs.
  • Generate a batch of 10 keys at once when seeding a test database — it's faster than running the tool repeatedly.
  • Alphanumeric keys are safer to include in URLs or QR codes since they avoid hex-only ambiguity with look-alike characters.
  • When writing API documentation, use segmented-format keys as examples — the visual breaks make them easier to scan and clearly fictional.
  • Rotate generated keys by regenerating the same format and prefix; consistent formatting makes regex-based key detection in logs reliable.

FAQ

what format should i use for an api key in my rest api

For general-purpose REST APIs, 32-character alphanumeric keys are a solid default — they're readable and carry enough entropy for most use cases. If you're signing webhooks or need HMAC compatibility, go with 64-character hex, which maps directly to 256 bits and is natively supported by Node's `crypto.createHmac`.

are these generated api keys safe to use in production

They have the right entropy for many scenarios, but production keys should be generated server-side using a CSPRNG — Node's `crypto.randomBytes`, Python's `secrets.token_hex`, or equivalent. Use this tool for development, testing, seeding, and documentation, then replace keys with server-generated ones before going live.

what does the sk_live prefix mean and should i use a prefix for my own api

Popularized by Stripe, prefixes like `sk_live_` encode key type and environment directly in the token so developers can identify scope at a glance — reducing the risk of using a test key in production. For your own API, a short prefix like `myapp_prod_` or `api_v2_` is worth adding; use the custom prefix field to match your naming convention exactly.