API Reference

Programmatic access to TofuPass password generation. No API keys, no rate limiting drama, no account required.

Base URL
https://tofupass.com/api
GET /api/password Get a single password

Returns a single cryptographically generated password at the Firm strength level. No parameters required.

Request
# Using curl
curl https://tofupass.com/api/password

# Using JavaScript fetch
const res = await fetch('https://tofupass.com/api/password');
const password = await res.text();
// → "!HappyTiger83"
Response
200 OK 
!HappyTiger83

Content-Type: text/plain

GET /api/passphrase Get a passphrase

Returns a hyphen-separated passphrase generated from a pool of 4,000+ curated words. Control word count with the count parameter.

Query Parameters
Name
Type
Default
Description
count
integer
4
Number of words (4–30)
Request
# Default (4 words)
curl https://tofupass.com/api/passphrase

# Custom word count
curl https://tofupass.com/api/passphrase?count=6

# JavaScript fetch
const res = await fetch('https://tofupass.com/api/passphrase?count=4');
const phrase = await res.text();
Responses
200 OK 
blooming-tiger-cosmic-leaf
400 Bad Request count out of range (must be 4–30) 
count must be between 4 and 30
GET /api/stats Usage statistics

Returns aggregate usage statistics for the TofuPass API. These are general counters, and no user or session data is tracked.

Request
curl https://tofupass.com/api/stats
Response
200 OK 
{
  "generated_passwords": 12453,
  "generated_passphrases": 3821,
  "total_api_calls": 16274
}

Content-Type: application/json

Privacy Guarantee

All API responses are generated in real-time using a cryptographically secure RNG. No passwords or user data are ever logged, stored, or transmitted beyond the immediate response. Served over HTTPS with Cloudflare protection.

Open Source (GPL v3)

This API server is open-source. Audit it, self-host it, or fork it on GitHub. The frontend site is too. Both under GPL v3.