Random Token Generator

Generate cryptographically secure random tokens and API keys in hex, base64, alphanumeric, or URL-safe formats. Free, 100% in your browser.

 
  
 
 
  
 
Reference
  
What is a random token?
 
A random token is a string of characters generated using a cryptographically secure random number generator (CSPRNG). Tokens are used as API keys, session identifiers, CSRF tokens, password reset links, and other security-sensitive values where unpredictability is critical. This tool uses the Web Crypto API (crypto.getRandomValues) to ensure true cryptographic randomness — the generated tokens are as secure as those produced by server-side tools like OpenSSL.
 
Token formats
 
Hex — each byte encoded as two hexadecimal characters (0-9, a-f). Output is 2× the byte length. Widely used for hash-like tokens. Base64 — standard Base64 encoding, ~33% longer than raw bytes. Uses A-Z, a-z, 0-9, +, /. URL-Safe Base64 — replaces + with - and / with _, safe for URLs and filenames without encoding. Alphanumeric — uses only A-Z, a-z, 0-9. Easier to copy and share but slightly less entropy per character than Base64.
 
Common use cases
 
API keys — generate unique keys for authenticating API clients. Session tokens — create secure session identifiers for web applications. CSRF tokens — protect forms against cross-site request forgery. Password reset links — generate one-time-use tokens for email verification and password resets. Encryption keys — produce random keys for symmetric encryption (AES, etc.).
 
Privacy
 
All token generation uses the Web Crypto API and runs 100% in your browser. No tokens are sent to any server — they never leave your device.
  
    
    
 ← Back to all tools