Token generator

Why this token generator?

Secure mode uses CSPRNG (crypto.getRandomValues) by default.
Generate base64url, hex, or custom-charset tokens from one page.
See approximate entropy and collision risk for your settings.
Share settings safely: share URLs never include generated tokens.

How to use (3 steps)

Choose a format (base64url / hex / custom charset).
Set length and count, then generate.
Copy, download, or share settings-only URL.

Generate

Pick a format and length, generate a batch, then copy, download, or share settings (never tokens).

Format Count 1–1000 per batch. Auto-generate is limited for large batches. Bytes 1–1024 bytes (hex/base64url). 32 bytes (256 bits) is a common baseline for API keys.

Unique (no duplicates in output)

Prefix (optional) Suffix (optional)

Advanced (seeded / charset options)

RNG mode Padding

Embed this tool

This tool runs in your browser. Generated tokens are not sent to any server.

Share URL contains settings only (never tokens).

Recommended token workflow

Pick the right randomness mode

Use Secure mode for API keys, invite codes, reset links, or anything that grants access. Use Seeded mode only when you need repeatable fixtures for tests, docs, or demos.

Match the length and encoding to the destination

32 bytes is a practical starting point for many tokens. Hex is easy to inspect, base64url is shorter for links and config files, and custom alphabets are useful only when another system requires a restricted character set.

Share settings, not secrets

The share URL stores generator settings only. Generated tokens stay in your browser, so copy the final token into your vault or target system instead of pasting it into tickets, chats, or URLs.

Quick checks before you ship

Confirm the receiving system accepts the selected alphabet and length.
Use Secure mode for anything that authenticates or authorizes access.
Regenerate immediately if a token was pasted into logs, screenshots, or a public URL.

Frequently asked questions

Is this secure?

Secure mode uses crypto.getRandomValues. Seeded mode is for reproducible tests only and is not secure.

How many bytes should I use for an API key?

A common baseline is 32 bytes (256 bits). For higher security margins, you can use 48 or 64 bytes.

What is base64url?

Base64url is base64 modified for URLs: + becomes -, / becomes _, and padding (=) can be removed.

Are generated tokens stored or uploaded?

No. Everything runs locally in your browser. Tokens are not uploaded and are not saved by default.

Why doesn’t the share URL include tokens?

Putting secrets in URLs can leak through history, logs, and referrers. This tool shares settings only, never tokens.

Why this token generator?

How to use (3 steps)

Token generator

Results

Recommended token workflow

Pick the right randomness mode

Match the length and encoding to the destination

Share settings, not secrets

Quick checks before you ship

Frequently asked questions

Related

Next steps

Related tools

Related calculators