Numbers

API Token Pair Generator

Used by developers, writers, and creators worldwide.

An API token pair generator creates matching public and secret key pairs that mirror the authentication patterns used by production services like Stripe, Twilio, and SendGrid. Each pair has a public key that identifies the client and a secret key that signs or authenticates requests — structure developers need constantly but rarely have good dummy data for. Set your own prefix (pk, api, pub, or pk_test_ to match Stripe's format exactly), choose token length, and generate up to dozens of pairs at once. At the default 32 characters, each token carries roughly 190 bits of alphanumeric entropy — enough to pass most validation regex in a real codebase without modification.

Loading usage…

How many pairs

Public key prefix

Token length (chars)

Free forever — no account required

How to use

Choose your options above
Click Generate
Copy your result

Detailed instructions

Set the prefix field to match your system's naming convention, such as pk, api, or pk_test_.
Adjust the token length to match your system's validation requirements — 32 is a safe default.
Set the count to how many pairs you need, then click Generate to produce all pairs at once.
Copy individual pairs or the full list and paste them into your config file, seed script, or documentation.

Use Cases

•Populating a Postman environment with realistic pk/sk credential pairs before real keys are provisioned
•Seeding a multi-tenant Postgres fixture with per-account token pairs for local integration tests
•Building an API key management UI in Figma or Storybook with plausible-looking credentials in every field
•Writing SDK documentation or README examples that show structurally correct public and secret key formats
•Testing prefix and length validation regex in a Jest or Cypress suite without touching production secrets

Tips

→Use pk_live_ and pk_test_ prefixes to generate separate fixture sets for production-mirror and test environments.
→Set length to exactly match your regex validator so generated keys pass format checks without editing.
→Generate 10+ pairs at once when seeding a multi-tenant database — each pair is independent and ready to assign.
→Pair this with a .env template: generate keys here, paste them in, and commit the template without values.
→Avoid length values below 24 characters — short keys look unrealistic and may fail minimum-entropy checks in auth libraries.
→For SDK documentation, use a consistent prefix like pk_example_ to make it obvious these are not real credentials.

FAQ

what's the difference between a public key and a secret key in an API token pair

The public key identifies who is making a request and is safe to log or include in client-side code. The secret key authenticates the request and must stay server-side only — exposing it is equivalent to handing over full account access. Services like Stripe use distinct prefixes (pk_ vs sk_) so developers can tell the two apart at a glance, which is exactly what this generator replicates.

are these generated tokens safe to use in a production API

No. The generator uses a non-cryptographic random source, so tokens are suitable only for development, testing, documentation, and demos. For production, generate keys with a CSPRNG: Node.js crypto.randomBytes(), Python's secrets module, or an equivalent platform primitive. Never commit real secret keys to source control — use environment variables or a secrets manager like AWS Secrets Manager or Doppler.

what token length should I use for realistic mock api keys

The default 32 characters is a solid choice — alphanumeric tokens at that length carry roughly 190 bits of entropy, which exceeds NIST recommendations and passes most key-length validators unchanged. Use 48 or 64 characters if your codebase has stricter length checks, or if you want mock data that survives a real validation pipeline without any tweaking.