API

This site uses a basic API to generate passwords via AJAX callbacks. You can access the same API to automatically generate passwords.

Requirements

General Form

All API requests come in the following form: /api/v1/<style>/<format>?p=x&c=1

Example

/api/v1/passphrase/plain?pc=10&wc=8&sp=y&maxCh=64

Conventions

Formats

Plain

Passwords are returned one per line as plain text.
New line characters follow the Windows conventions: CR LF or 0x0a0d.
Text is encoded as UTF8.

JSON

Passwords are returned in a JSON object.
Text is encoded as UTF8.
Example JSON:

{
    "pws" : [
        "jeanne stars corollary resented",
        "orderly churchill assays atlas",
        "mingled physical ranged founded",
        "loving 257 conceal lowell"
    ]
}

XML

Passwords are returned as an XML document, as serialised by XmlSerializer to an array of strings.
Text is encoded as UTF8.
Example XML:

<?xml version="1.0" encoding="utf-8" ?>
<arrayofstring xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <string>paralleled amen tensions 442</string>
    <string>submit contented compassion metabolism</string>
    <string>ally chi halted fury</string>
    <string>naturally spatial retrieved indirect</string>
</arrayofstring>

Combinations

Every style returns information about the number of possible combinations based on particular parameters. This gives consumers of passwords the best possible information about how good their generated passwords actually are.

Unlike the URLs which generate passwords, combinations can be cached for a short time as they do not change frequently (appropriate HTTP headers are set).

Combinations URL: /api/v1/<style>/combinations

The combinations URL accepts the same parameters, defaults and limits as a normal API call, except the count of passwords to generate is ignored (as it is not relevant).

Combinations are always returned as JSON.

Combinations JSON

There are two forms of combinations returned. One is a single, exact number of combinations. The other represents a range with minimum, maximum and an average. Examples of both are shown below:

{
    // Number of combinations as a double precision float
    "combinations": 8.1534557478023493E+45,        
    // Password rating from 0 to 7, where 0 is worst and 7 is best.
    "rating": 7,            
    // 'combinations' field written out in full.
    "formatted": "8,153,455,747,802,350,000,000,000,000,000,000,000,000,000,000",
    // 'combinations' field in scientific notation.
    "base10": "8.15E+045",
    // 'combinations' field as bits of entropy (2 log n)
    "base2": "152.51"
}
{
    // The range version of combinations uses the same fields as the normal one.
    // But there are three copies of them.

    // Represents the best case or maximum possible number of combinations.
    "upper" : {
        "combinations": 2.4799773965933433E+37,
        "rating": 6,
        "formatted": "24,799,773,965,933,400,000,000,000,000,000,000,000",
        "base10": "2.48E+037",
        "base2":"124.22"
    },

    // Represents the worst case or minimum possible number of combinations.
    "lower" : {
        "combinations": 23758059300.0,
        "rating": 1,
        "formatted": "23,758,059,300",
        "base10": "2.38E+010",
        "base2": "34.47"
    },

    // Represents the average or normal number of combinations.
    "middle": {
        "combinations": 1.4828073978368688E+23,
        "rating": 4,
        "formatted": "148,280,739,783,687,000,000,000",
        "base10": "1.48E+023",
        "base2": "76.97"
    }
}

Password Ratings

The following table lists the meaning of each password rating in combinations results. These are loosely based on time to crack given 1 billion attempts per second in an offline attack.

Number Name Range of Combinations (base 2) Range of Combinations (base 10)
0 Unusable up to 232 up to 4.29E+09
1 Inadequate 232 plus 1 ... 242 4.29E+09 plus 1 ... 4.40E+12
2 Passable 242 plus 1 ... 252 4.40E+12 plus 1 ... 4.50E+15
3 Adequate 252 plus 1 ... 266 4.50E+15 plus 1 ... 7.38E+19
4 Strong 266 plus 1 ... 280 7.38E+19 plus 1 ... 1.21E+24
5 Fantastic 280 plus 1 ... 2112 1.21E+24 plus 1 ... 5.19E+33
6 Unbreakable 2112 plus 1 ... 2146 5.19E+33 plus 1 ... 8.92E+43
7 Overkill 2146 plus 1 ... ∞ 8.92E+43 plus 1 ... ∞

Style Reference

Lists all parameters for each style.

Readable Passphrase

Base URL: /api/v1/readablepassphrase/

Example URL: /api/v1/readablepassphrase/json?pc=10&s=RandomLong

Example result (using default settings): the statesman will burgle amidst lucid sunlamps

Returns one or more passphrases. Each is based on a grammatical template.

Parameter Description Data Type Default Range Comments
s Phrase Strength String Random Random | RandomShort | RandomLong | RandomForever | Normal | Strong | Insane | ... There are more phrase strengths available under Base Strengths. One of the first 4 are recommended unless you have very specific purposes in mind.
pc Count of passphrases to generate (phrase count) Integer 1 1-50  
sp Include spaces between words Boolean True Y | N | T | F | 1 | 0 By default, phrases have spaces between words, but WiFi passwords cannot have spaces so this removes them.
minCh Minimum characters (length) of passphrase to generate Integer 1 1-9999  
maxCh Minimum characters (length) of passphrase to generate Integer 9999 1-9999 Using minCh and maxCh you can restrict the final length of passphrases. WiFi has a maximum length of 63 characters, so you can use this to restrict the passphrase length.
noFake Remove fake words from passphrases Boolean False Y | N | T | F | 1 | 0 The dictionary contains fake words from thisworddoesnotexist.com. This option can exclude those words from the generated passphrases. Enabling this option slightly reduces the entropy of passphrases.
whenNum Where to add numbers to the passphrase String Never Never | StartOfWord | EndOfWord | StartOrEndOfWord | EndOfPhrase | Anywhere  
nums Number of numbers to add Integer 0 0-9999 The whenNum and nums parameters control the numeric mutator. They allow you to add numbers to a passphrase to meet complexity requirements.
whenUp Where to add upper case letters to the passphrase String Never Never | StartOfWord | WholeWord | RunOfLetters| Anywhere  
ups Number of upper case letters / words / runs to add Integer 0 0-9999 The whenUp and ups parameters control the upper case mutator. They allow you to change letters to upper case in a passphrase to meet complexity requirements.

Dictionary Passphrase

Base URL: /api/v1/passphrase/

Example URL: /api/v1/passphrase/json?pc=10&wc=6

Example result (using default settings): correct horse battery staple

Returns one or more passphrases. Each is based on randomly chosen words from a dictionary of 0 words.

Parameter Description Data Type Default Range Comments
wc Word Count (length) Integer 4 1-16  
pc Count of passphrases to generate (phrase count) Integer 1 1-50  
sp Include spaces between words Boolean True Y | N | T | F | 1 | 0 By default, phrases have spaces between words, but WiFi passwords cannot have spaces so this removes them.
minCh Minimum characters (length) of passphrase to generate Integer 1 1-9999  
maxCh Minimum characters (length) of passphrase to generate Integer 9999 1-9999 Using minCh and maxCh you can restrict the final length of passphrases. WiFi has a maximum length of 63 characters, so you can use this to restrict the passphrase length.
whenNum Where to add numbers to the passphrase String Never Never | StartOfWord | EndOfWord | StartOrEndOfWord | EndOfPhrase | Anywhere  
nums Number of numbers to add Integer 0 0-9999 The whenNum and nums parameters control the numeric mutator. They allow you to add numbers to a passphrase to meet complexity requirements.
whenUp Where to add upper case letters to the passphrase String Never Never | StartOfWord | WholeWord | RunOfLetters| Anywhere  
ups Number of upper case letters / words / runs to add Integer 0 0-9999 The whenUp and ups parameters control the upper case mutator. They allow you to change letters to upper case in a passphrase to meet complexity requirements.

Pronounceable Password

Base URL: /api/v1/pronounceable/

Example URL: /api/v1/pronounceable/json?c=10&sc=5

Example result (using default settings): psu-zigh-soorh-alung

Returns one or more pronounceable passwords. Each is based on alternating vowel and consonant sounds.

Parameter Description Data Type Default Range Comments
sc Syllable Count (length) Integer 4 1-32 A syllable is a consonant and vowel pair.
c Count of passwords to generate Integer 1 1-50  
dsh Include hyphens (dashes) between words Boolean True Y | N | T | F | 1 | 0 By default, dashes are inserted between syllables to make them easier to read / memorise.

PIN

Base URL: /api/v1/pin/

Example URL: /api/v1/pin/json?c=10&l=6

Example result (using default settings): 9237

Returns one or more PINs. Each contains digits from 0-9.

Parameter Description Data Type Default Range Comments
l Digit count (length) Integer 4 1-128  
c Count of PINs to generate Integer 1 1-50  

Pattern

Base URL: /api/v1/pattern/

Example URL: /api/v1/pattern/json?c=10&l=6

Example result (using default settings): 7,5,9,8,6

Returns one or more Patterns, entered on touch enabled devices by connecting dots from a grid.

Patterns are represented as a sequence of numbers representing each dot on the grid, where the top left dot is 1 and the sequence continues down and left. Eg:

1 2 3
4 5 6
7 8 9

 

Parameter Description Data Type Default Range Comments
ps Number of points to connect (length) Integer 5 1-64 May be restricted by the grid size; eg, on a 3x3 grid, there are only 9 points you can join.
c Count of Patterns to generate Integer 1 1-50  
gs Grid size Integer 3 1-8 Size of the grid as an NxN square. This is usually controlled by your device.

Alpha-Numeric

Base URL: /api/v1/alphanumeric/

Example URL: /api/v1/alphanumeric/json?c=10&l=12

Example result (using default settings): RcJd04QI

Returns one or more passwords. Each contains one or more characters from the range [a-zA-z0-9].

Parameter Description Data Type Default Range Comments
l Length of each password (in characters) Integer 8 1-128  
c Count of passwords to generate Integer 1 1-50  
sym Include special symbols Boolean False Y | N | T | F | 1 | 0 By default, passwords are made from [a-zA-z0-9]. Setting this to true adds the following: !@#$%^&*()`-=~_+[]\;',./{}|:"<>?. Note that space (U+0020) is not included.

Unicode

Base URL: /api/v1/unicode/

Example URL: /api/v1/unicode/json?c=10&l=16&bmp=T

Example result (using default settings): ㈒୫❫✤ʁⲮ₪Ǧ

Returns one or more Unicode passwords. Each contains Unicode code points from U+0001 - U+FFFF (or U+10FFFF if including characters outside the base multilingual plane). Only code points from the following Unicode categories are included:

Also, code points in the range U+D800 - U+DFFF are excluded as they are invalid surrogate pairs.

Parameter Description Data Type Default Range Comments
l Code point count (length) Integer 8 1-64 Be aware that total combinations for lengths greater than 32 can return infinity because they exceed the maximum combinations which can be represented by a double precision float.
c Count of passwords to generate Integer 1 1-50  
bmp Only include code points from the basic multilingual plane Boolean True Y | N | T | F | 1 | 0 True will restrict to maximum code point U+FFFF. False restricts to U+10FFFF.
asian Include East Asian characters Boolean False Y | N | T | F | 1 | 0 True allows characters of category OtherLetter. This increases the number of code points dramatically, but tends to swamp the password with East Asian characters.

Hex

Base URL: /api/v1/hex/

Example URL: /api/v1/hex/json?c=10&l=16

Example result (using default settings): 3629c4f4a7c1e32f

Returns one or more hex strings. Each contains the digits 0-9 and a-f.

Parameter Description Data Type Default Range Comments
l Digit count (length) Integer 8 1-128 Be aware that total combinations for lengths greater than 96 return infinity because they exceed the maximum combinations which can be represented by a double precision float.
c Count of hex strings to generate Integer 1 1-50