REST API · v1 · JSON

Generate secure passwords
from any app. In 3 lines.

One REST endpoint. No SDK, no install, no account required for the free tier. Send JSON, get passwords back. Works with any language, any framework, any no-code tool.

Start in 30 seconds →Try live tester

Base URL

https://passgeni.ai/api/v1

Method

POST

Format

JSON

Free tier

50 calls/day

Getting started

From zero to working code in 30 seconds.

No account. No signup. No API key needed to try it. Just send a POST request.

Pick your language

Choose any language below. The API accepts plain JSON — no SDK, no library required.

Send one POST request

POST to https://passgeni.ai/api/v1/generate with a JSON body. That's it.

Use the passwords array

The response contains a passwords array, entropy bits, and an audit object. Done.

JavaScript

const res = await fetch("https://passgeni.ai/api/v1/generate", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    apiKey:     process.env.PASSGENI_API_KEY,
    profession: "developer",
    length:     20,
    count:      5,
    compliance: "hipaa",   // team plan only
  }),
});

const { passwords, entropy } = await res.json();
// passwords → ["nX9#kT2@mP5!qR8$", ...]
// entropy   → 131 bits

Smallest possible request — no API key needed

curl -X POST https://passgeni.ai/api/v1/generate -H "Content-Type: application/json" -d '{}'

Returns 1 password, 18 chars. No account, no key, no setup. Free tier: 50 requests/day per IP.

Architecture

What actually happens when you call the API?

📤

You send JSON

A POST request with optional parameters. No SDK, no special headers beyond Content-Type.

🔐

Server generates

Node.js crypto.randomInt() — the same FIPS 140-3 primitive used in TLS — builds your password on our server.

📋

Standards applied

If you pass compliance:'hipaa', we enforce HIPAA §164.312(d) minimum requirements before returning.

📬

You get passwords

A JSON array of passwords plus entropy bits, crack time, and an audit object with the character pool used.

⚠️ API generation is server-side — your password transits our server over HTTPS. For zero-knowledge, client-side generation use the web generator.

What can you build with it?

Plug PassGeni into anything.

Because it's plain JSON over HTTPS, PassGeni works with every language, platform, and no-code tool that can make an HTTP request — which is all of them. Click any integration below to see a working code example.

Also works with

ZapierMaken8nGitHub ActionsAWS LambdaVercel EdgeCloudflare WorkersPostmanInsomniaLaravelDjangoRailsSpring BootGo stdlibRust reqwest

Security

Authentication

Pass your API key as apiKey in the request body. Free tier requests need no key at all.

Authentication — body field

// Authenticated (Team plan)
{ "apiKey": "pg_live_abc123...", "count": 10 }

// Anonymous (free tier — no key needed, 50 calls/day)
{ "count": 1 }

🔒 Never put your API key in front-end code, browser JS, or a public GitHub repo. Use an environment variable (process.env.PASSGENI_API_KEY). Rotate from your dashboard if compromised.

Quotas

Rate limits

Plan	Calls/day	Per request	Compliance	Cost
Free	`50/day (IP)`	`10`	—	$0
Team	`5,000/day`	`500`	All 6	$29/mo

Rate limit headers (every response)

X-RateLimit-Limit:     5000
X-RateLimit-Remaining: 4995
X-RateLimit-Reset:     1735689600000  // Unix ms — midnight UTC

Request body

Parameters

All parameters are optional. An empty body {} returns one 18-character password with sensible defaults.

apiKeystring

default: null

Your Team key. Leave blank for free tier (50 calls/day).

professionstring

default: "developer"

Seeds the generator: developer · doctor · finance · designer · legal · educator

lengthnumber

default: 18

Password length. Range 8–32. Compliance presets enforce a higher minimum.

countnumber

default: 1

How many passwords to return. Free: max 10. Team: max 500 per request.

compliancestring

default: null

hipaa · pci · soc2 · iso · nist · dod — Team plan only. Enforces the exact standard.

modestring

default: "password"

"password" for standard, "passphrase" for memorable word-based credentials.

quantumboolean

default: false

Post-quantum mode: 512-bit entropy, expanded symbol set, 20-char minimum.

Response format

Response schema

Every successful response is HTTP 200 with this JSON structure:

200 OK — example response

{
  "passwords":  ["nX9#kT2@mP5!qR8$vZ", "Bz7!deploy#K3@stack9"],
  "count": 2,
  "entropy": 131,
  "length": 20,
  "compliance": "hipaa",
  "mode": "password",
  "quantum": false,
  "tier": "team",
  "generated": "2026-04-11T14: 23: 11.442Z",
  "audit": {
    "entropySource": "Node.js crypto.randomInt() — FIPS 140-3 aligned",
    "characterPool": "lower+upper+numbers+symbols",
    "clientSide": false,
    "serverContact": true
  }
}

passwords

Array of generated password strings

entropy

Bits of entropy in the first password

tier

"free" or "team" — shows which rate limit applied

audit

Character pool and entropy source for compliance evidence

Error handling

Error codes

Status	Error	What to do
`400`	`Bad request`	Check that length and count are numbers, not strings.
`403`	`Forbidden`	You passed a compliance preset without a Team API key.
`405`	`Method not allowed`	Use POST. GET is not accepted on this endpoint.
`429`	`Rate limit exceeded`	Wait for X-RateLimit-Reset, or upgrade for 5,000/day.
`500`	`Generation failed`	Retry once. If it persists, email hello@passgeni.ai.

429 — rate limit response body

{
  "error": "Rate limit exceeded",
  "limit": 50,
  "resetAt": "2026-04-12T00: 00: 00.000Z",
  "upgrade": "https://passgeni.ai/pricing"
}

Ready-to-run examples

Code examples

All examples work out of the box. Replace pg_live_your_key_here with your API key for Team features.

JavaScript

const res = await fetch("https://passgeni.ai/api/v1/generate", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    apiKey:     process.env.PASSGENI_API_KEY,
    profession: "developer",
    length:     20,
    count:      5,
    compliance: "hipaa",   // team plan only
  }),
});

const { passwords, entropy } = await res.json();
// passwords → ["nX9#kT2@mP5!qR8$", ...]
// entropy   → 131 bits

Interactive

Live tester — run a real request

This sends a real API request right now. Free tier: no key needed. The response is the actual JSON your code would receive.

LIVE API TESTER — runs a real request

apiKey — optional, leave blank for free tier

profession

compliance team only

length: 18

count: 3

Plans

Plans & pricing

Free

$0forever

✓50 API calls / day

✓Max 10 per request

✓No API key needed

✓Password mode only

✓All 6 profession seeds

✓No compliance presets

14-DAY FREE TRIAL

Team

$29/month

✓5,000 API calls / day

✓Max 500 per request

✓All 6 compliance presets

✓Passphrase mode

✓Post-quantum mode

✓5 dashboard seats

✓CSV bulk export

✓API key rotation

Start free trial →

Questions? Email hello@passgeni.ai — we reply within 24 hours.

Generate secure passwordsfrom any app. In 3 lines.