Token Generator
Generate secure random tokens in hex, base64, or alphanumeric.
e3892c5468a695a6bda1ae1bc60c1e53How to Use
- Select the output encoding (hex, base64, or alphanumeric) and the token length in bytes.
- Click Generate. The token is created using the Web Crypto API (crypto.getRandomValues), ensuring cryptographically secure randomness.
- Copy the token and use it as an API key, session token, CSRF token, password reset link, or any other security-sensitive random value.
Frequently Asked Questions
- What is the difference between hex, base64, and alphanumeric?
- Hex encodes each byte as 2 characters (0-9, a-f) — verbose but universally safe in URLs and code. Base64 encodes 3 bytes as 4 characters using A-Z, a-z, 0-9, +, / — more compact. Alphanumeric uses only A-Z, a-z, 0-9 — the safest for URLs, filenames, and systems with character restrictions.
- How long should my token be?
- 32 bytes (256 bits of entropy) is sufficient for most use cases including API keys and session tokens. For high-security contexts like password reset tokens, 32 bytes is the minimum. 16 bytes (128 bits) is acceptable for short-lived tokens with additional expiry controls.
- Is this cryptographically secure?
- Yes — the generator uses the browser's CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) via crypto.getRandomValues, which is the same API used by browsers for TLS and other security-critical operations. The output is suitable for security tokens.