Token & Random String Generator

Generate cryptographically secure tokens, UUIDs v4, API keys, and custom random strings using your browser's built-in crypto API.

UUID v4

Standard universally unique identifier

Hex Token

Random hexadecimal string

Base64 Token

URL-safe Base64 random string

Alphanumeric

Letters and numbers only

Numeric PIN

Digits only — OTP / PIN code

Custom Charset

Define your own character set

Length

Custom Charset

Batch Count

Generated Token

Click Generate to create a token

Batch Results

About Token & Random String Generator

Generates cryptographically secure random strings using crypto.getRandomValues() — the same Web Crypto API used by browsers for security-sensitive operations. This is far more secure than Math.random() which is not cryptographically safe.

Token Type Guide

UUID v4 — 128-bit identifier, standard format for database IDs · Hex — ideal for API tokens, session IDs · Base64 URL-safe — compact tokens for JWTs and cookies · Alphanumeric — readable codes for vouchers, invite links · Numeric PIN — OTP codes, PINs

How to Use

Set the Token Length (number of characters or bytes).
Choose the Character Set: alphanumeric, hexadecimal, Base64, or custom.
Set how many tokens to Generate at once.
Click Generate — tokens appear instantly.
Click any token or Copy All to copy them.

How It Works

Tokens are generated using crypto.getRandomValues() for cryptographically secure randomness. The random bytes are mapped to the selected character set. For hex tokens, bytes are converted to their 2-character hex representation.

Example

Generate a 32-character hex API key: a3f9c21b8d4e7f56a2b1c8d3e4f5a6b7. Use this as a secret key, session token, or CSRF token in your application. Each generation produces a unique, unpredictable value.

Frequently Asked Questions

Yes. All tokens are generated using window.crypto.getRandomValues(), which provides cryptographically strong random values suitable for use in security tokens, session IDs, and API keys. This is the browser's CSPRNG (Cryptographically Secure Pseudo-Random Number Generator).

UUID v4 (Universally Unique Identifier version 4) is a 128-bit randomly generated identifier formatted as 8-4-4-4-12 hexadecimal characters. The probability of two UUIDs colliding is astronomically small, making them safe as unique database keys.

For API keys and session tokens, 32 bytes (256 bits) of entropy is generally recommended. A 32-character hex string provides 128 bits; a 43-character Base64 URL-safe string provides ~256 bits. For OTP codes, 6–8 digits is standard.

No. All generation happens entirely in your browser. Nothing is transmitted, logged, or stored anywhere outside your device.