Securityflags: g

Generic API Key

Match generic long alphanumeric tokens (32+ chars) typical of API keys and access tokens.

Try it in RegexPro →

Available in

JSSupported

JavaScript / ECMAScript

Browser-native RegExp. Default if you don't pick.

PYSupported

Python (re)

CPython stdlib `re`. Unicode-aware `\w` and `\d` by default.

GOSupported

Go (RE2)

Linear-time matching. No backreferences or lookarounds.

Pattern

regexengine-agnostic

\b[A-Za-z0-9_\-]{32,}\b   (flags: g)

Raw source: \b[A-Za-z0-9_\-]{32,}\b

How it works

Word-bounded sequence of 32 or more letters, digits, underscores, or hyphens. Broad by design — pair with context (e.g. api_key=) to reduce false positives.

Examples

Input

sk_test_abcdef0123456789abcdef0123456789abcd

Matches

sk_test_abcdef0123456789abcdef0123456789abcd

Input

short

No match

—

Common use cases

•Secret scanning in git repos
•DLP for accidental commits
•Log redaction pipelines
•Security audit of config files

Related patterns

Stripe API Key

Security

Match Stripe API keys: secret (sk_), publishable (pk_), or restricted (rk_), in test or live mode.

AWS Access Key ID

Security

Match AWS access key IDs (both long-term AKIA and temporary ASIA prefixes).

SSH Public Key

Security

Match SSH public keys in OpenSSH `authorized_keys` format, including the optional comment field.

GitHub Personal Access Token

Security

Match GitHub Personal Access Tokens (classic + fine-grained) and OAuth tokens by their `ghX_` prefix.

←PreviousJWT Token

All patterns

NextBitcoin Address→