🔧

Token Generator

Generate secure random tokens in hex, base64, or alphanumeric.

e3892c5468a695a6bda1ae1bc60c1e53

How to Use

  1. Select the output encoding (hex, base64, or alphanumeric) and the token length in bytes.
  2. Click Generate. The token is created using the Web Crypto API (crypto.getRandomValues), ensuring cryptographically secure randomness.
  3. Copy the token and use it as an API key, session token, CSRF token, password reset link, or any other security-sensitive random value.

Frequently Asked Questions

What is the difference between hex, base64, and alphanumeric?
Hex encodes each byte as 2 characters (0-9, a-f) — verbose but universally safe in URLs and code. Base64 encodes 3 bytes as 4 characters using A-Z, a-z, 0-9, +, / — more compact. Alphanumeric uses only A-Z, a-z, 0-9 — the safest for URLs, filenames, and systems with character restrictions.
How long should my token be?
32 bytes (256 bits of entropy) is sufficient for most use cases including API keys and session tokens. For high-security contexts like password reset tokens, 32 bytes is the minimum. 16 bytes (128 bits) is acceptable for short-lived tokens with additional expiry controls.
Is this cryptographically secure?
Yes — the generator uses the browser's CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) via crypto.getRandomValues, which is the same API used by browsers for TLS and other security-critical operations. The output is suitable for security tokens.