Introduction

Welcome to the TofuPass API! You can use our free API to programmatically generate secure passwords and passphrases. The API is designed to be simple, straightforward, and requires no authentication.

All generator responses are returned as text/plain.

Password API

This endpoint generates a standard TofuPass password, which consists of two words, a special character, and a two-digit number in a random arrangement.

Endpoint:

Method: GET

Example Response:

Passphrase API

This endpoint generates a strong, memorable passphrase by joining random words with hyphens. You can customize the number of words in the passphrase.

Endpoint:

Method: GET

Query Parameters:

• count (optional, number): Specifies the number of words to include in the passphrase.
  • Must be a number between 4 and 30.
  • If not provided, it defaults to 4.
  • If an invalid number is provided, the API will return a 400 Bad Request error.

Usage Examples:

• Default (4 words):
  https://tofupass.com/api/passphrase
  Example Response: Fabulous-Eagle-Rocket-Taco
• Custom word count (e.g., 6 words):
  https://tofupass.com/api/passphrase?count=6
  Example Response: Vivid-Castle-Pizza-Orbit-Seeker-Jungle
• Invalid request:
  https://tofupass.com/api/passphrase?count=2
  Example Response (Status 400): Error: The "count" parameter must be a number between 4 and 30.

Statistics API

For administrative purposes, this endpoint provides a simple, privacy-respecting count of total API calls since the last server restart. No user data is logged.

Endpoint:

Method: GET

Example Response (JSON):

{
  "generated_passwords": 152,
  "generated_passphrases": 341,
  "total_api_calls": 493
}

Security and Privacy

The API generation process occurs on our server using Node.js's built-in crypto module to ensure cryptographically secure randomness.

In line with our privacy policy, we do not log or store any generated passwords, passphrases, or API request data. All responses are sent securely over an HTTPS connection.