🔑

Generate Key

Generate random API keys, UUIDs, nanoids, or secret tokens.

GET 1 credit /v1/auth/generate-key

curl "https://auth.toolkitapi.io/v1/auth/generate-key?type=api-key&length=32&prefix=sk_live_" \
  -H "Authorization: Bearer YOUR_API_KEY"

import httpx

resp = httpx.get(
    "https://auth.toolkitapi.io/v1/auth/generate-key?type=api-key&length=32&prefix=sk_live_",
)
print(resp.json())

const resp = await fetch("https://auth.toolkitapi.io/v1/auth/generate-key?type=api-key&length=32&prefix=sk_live_", {
});
const data = await resp.json();
console.log(data);

# See curl example

Response 200 OK

{
  "key": "sk_live_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6",
  "type": "api-key",
  "entropy_bits": 128.0
}

Try It Live

Description

Generate random API keys, UUIDs, nanoids, or secret tokens.

How to Use

1

1. Set the `type` query parameter to one of: `api-key`, `uuid-v4`, `nanoid`, or `secret`.

2

2. Optionally set `length` to control key length (defaults vary by type). Range: 8–256.

3

3. Optionally add a `prefix` (e.g., `sk_live_`) to namespace the key.

4

4. Send a GET request and use the `key` from the response.

About This Tool

The Generate Key endpoint creates cryptographically secure random keys and identifiers. It supports four key types: hex-based API keys, UUID v4 identifiers, alphanumeric nanoids, and URL-safe secret tokens.

All keys are generated using Python's `secrets` module, which provides cryptographically strong random numbers suitable for managing sensitive data. Each response includes an entropy estimate so you can assess the key's resistance to brute-force attacks.

An optional prefix parameter lets you add a namespace or environment indicator (e.g., `sk_live_`, `pk_test_`) — a common pattern for API keys used by services like Stripe and OpenAI.

Why Use This Tool

API key issuance — Generate keys for developer-facing APIs with environment prefixes
Session identifiers — Create unique, unpredictable session tokens
Database primary keys — Use UUID v4 or nanoid as distributed-safe primary keys
Webhook secrets — Generate random secrets for webhook signature verification
One-time tokens — Create URL-safe tokens for password resets or email verification
Configuration secrets — Generate random secrets for encryption keys or salts

Frequently Asked Questions

What's the difference between the key types?

`api-key` generates hex characters (0-9, a-f). `uuid-v4` generates a standard UUID with 122 bits of randomness. `nanoid` uses alphanumeric characters (A-Z, a-z, 0-9) and is compact. `secret` generates URL-safe Base64 tokens with the highest entropy per character.

How much entropy do I need?

128 bits of entropy is considered sufficient for most security applications. For long-lived production API keys, aim for 128+ bits. The default lengths for each type already provide strong entropy.

Are the keys truly random?

Yes. All keys are generated using `secrets.token_hex`, `uuid.uuid4`, or `secrets.choice` — all backed by the operating system's cryptographic random number generator.

Start using Generate Key now

Get your free API key and make your first request in under a minute.

Get Free API Key View Docs