API and Architecture

Technical overview of how the website works and how to reuse secure password generation logic in your own projects.

Website architecture

The website is static and lightweight. Password generation runs in-browser and does not depend on backend services.

Cryptographic module

We use window.crypto.getRandomValues() to produce strong randomness and avoid predictable patterns.

Quick integration

You can reuse the generator function in any web app and customize length, character sets, and policy rules.

Minimal example

function generatePassword(length = 16, options = {}) {
  const sets = {
    lower: "abcdefghijklmnopqrstuvwxyz",
    upper: "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
    numbers: "0123456789",
    symbols: "!@#$%^&*()-_=+[]{};:,.?/"
  };

  let charset = "";
  for (const [key, enabled] of Object.entries(options)) {
    if (enabled && sets[key]) charset += sets[key];
  }
  if (!charset) throw new Error("Select at least one character type");

  const bytes = new Uint32Array(length);
  window.crypto.getRandomValues(bytes);

  let output = "";
  for (let i = 0; i < length; i += 1) {
    output += charset[bytes[i] % charset.length];
  }
  return output;
}

Technical FAQ

Does SafeKey store passwords?

No. Generation happens locally and we do not persist passwords on the server.

Is there a public REST endpoint?

Not currently. We prioritize privacy and client-side execution.

Can I audit the algorithm?

Yes. The implementation runs in JavaScript and can be inspected in the browser.