API Key Generator

Generate production-ready API keys with prefixes, separators, and various formats used by Stripe, GitHub, and major APIs.

About API Key Generator

API keys are authentication credentials used to identify and authorize clients making requests to an API. Well-designed API key formats include a prefix that identifies the key type (sk_ for secret key, pk_ for public key, ghp_ for GitHub personal access tokens), an optional environment indicator (live vs test), and a random component generated from a cryptographically secure source.

Prefixed API keys are easier to identify in logs, rotate when compromised, scan for in code repositories (GitHub can automatically detect and alert on accidentally committed secret keys), and scope to specific environments. Stripe's key format (sk_live_xxx and sk_test_xxx) is considered an industry best practice for this reason.

FAQ

How should API keys be stored?
Never store API keys in plain text. Hash them with bcrypt or Argon2 before storing in the database, similar to passwords. Store only the hash and optionally the last 4 characters of the key for display. This way, even if your database is breached, the keys cannot be used.
What prefix convention should I use?
Common conventions: sk_ (secret key), pk_ (public key), ak_ (API key), tok_ (token). Adding an environment suffix helps: sk_live_ for production, sk_test_ for development. Some organizations use their company abbreviation as the prefix for easy identification in logs.

Related Tools

Token GeneratorSecurity ToolsUUID GeneratorSecurity ToolsPassword GeneratorSecurity ToolsHMAC GeneratorSecurity ToolsJWT GeneratorSecurity Tools