xtract.bot

Password generate

Try it interactively →

POST /api/password-generate1 quota unit per call · cache hits free

Generate strong random passwords. Configurable length (4–1024), uppercase / lowercase / digits / symbols toggles, exclude visually-ambiguous characters, bulk generation. Cryptographically secure.

Generates one or more cryptographically random passwords using the platform's secure random source (modulo-bias corrected so every character is equally likely). Options: - `length` (default 16): characters per password, 4–1024. - `upper` / `lower` / `digits` / `symbols` (default true): which character classes to include. At least one must be enabled. - `excludeAmbiguous` (default false): drop visually-similar characters (`0` `O`, `1` `l` `I`, etc.) so the password is easier to type by hand. - `count` (default 1): generate multiple passwords in one call. The response includes Shannon entropy in bits so you can confirm the password is strong enough for your context.

Inputs

NameTypeDefaultDescription
lengthnumber (4…1024)16Characters per password.
upperbooleantrueInclude uppercase A–Z.
lowerbooleantrueInclude lowercase a–z.
digitsbooleantrueInclude digits 0–9.
symbolsbooleantrueInclude symbols.
excludeAmbiguousbooleanfalseDrop visually-ambiguous characters (0/O/I/l/1/|). Useful for human-typed passwords.
countnumber (1…100)1How many passwords to generate in one call.

Response

Modes: json. Cache: not cacheable.

Every response carries x-cache (HIT / MISS / BYPASS), x-cache-signature (stable across identical inputs), and the rate-limit headers listed below.

Quota & limits

Cost per call1 unit against the 10,000-unit monthly quota. Cache hits are free — only cache misses decrement.
Burst limit200 requests per rolling minute, shared across all tools.
Max request size4 KiB (base64 inflates file payloads ~33% — the limit applies to the decoded bytes).
Max response size256 KiB
Timeout5s wall clock.
Rate-limit headersX-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Burst-Limit on every response; X-Quota-Warning once 80% of the monthly quota is spent; Retry-After on 429s.

Errors

Errors are JSON with an error string; schema failures add a details object (Zod's flattened field errors).

StatusWhenBody
400Input fails the tool's schema (wrong type, missing required field, malformed base64) or the file bytes can't be parsed as the expected format.{ "error": "invalid inputs", "details": { "fieldErrors": { … } } }
401Missing or invalid X-Api-Key / X-Account-Id headers (or no session when called from the browser).{ "error": "unauthorized" }
404Unknown tool id, or calling /api/* on the website hostname instead of api.xtract.bot.{ "error": "not found" }
413Request body over the tool's max request size, or an image header declaring more megapixels than the tool's pixel budget.{ "error": "…exceeds maxRequestBytes…" }
415Content-Type isn't application/json on the json-body transport.{ "error": "unsupported content-type; expected application/json" }
429Monthly quota or the 200/min burst limit exhausted. Check Retry-After and the X-RateLimit-* headers.{ "error": "monthly quota exceeded", "monthRemaining": 0, … }
5xxConversion engine failure. Safe to retry; if it persists, the input is hitting a bug — please report it.{ "error": "…" }

Code samples

Built from the default-16-char example.


curl -X POST https://api.xtract.bot/api/password-generate \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -H "X-Account-Id: $XTRACT_ACCOUNT_ID" \
  -H "X-Api-Key: $XTRACT_API_KEY" \
  -d '{
  "length": 16
}'