NanoID Generator

NanoID Generator

Generate compact, URL-safe NanoIDs with a custom length and alphabet.

⚙️

Configuration

4 21 (default) 64
1 5k 10k

URL-safe, 64 characters (A-Za-z0-9_-)

🎲

Collision Probability

< 1e-15%

Generating 1 billion IDs

Time to 1% Risk

Millions of years

at 1,000 IDs/second

NanoID vs UUID

NanoID (21)UUID v4
Length21 chars36 chars
Entropy126 bits122 bits
URL-safe✓ YesWith encoding
Customizable✓ Length & alphabet✗ Fixed format

Features

  • Generate compact, URL-safe NanoIDs with configurable length (4–64 chars)
  • Pre-set alphabets: Default (64 chars), URL-safe alphanumeric, Hexadecimal, Numbers only
  • Fully custom alphabet support — define your own character set
  • Generate 1 to 10,000 IDs per run with chunked rendering
  • Real-time collision probability and time-to-collision calculator
  • Comparison table: NanoID vs UUID v4
  • Export as .txt or .json

Common Use Cases

  • Short, URL-safe slugs for links, blog posts, or shareable IDs
  • Session tokens or API keys with configurable entropy
  • File or object names in content delivery networks (e.g., S3 keys)
  • Ticket numbers or order IDs with custom alphanumeric alphabets
  • React component keys or DOM element IDs with guaranteed uniqueness
  • Random tokens for one-time password (OTP) systems (numbers-only alphabet)

What is NanoID?

NanoID is a tiny, secure, URL-friendly unique string ID generator. At its default size of 21 characters using a 64-character alphabet, it achieves 126 bits of entropy — matching or exceeding UUID v4 (122 bits) in a smaller, more compact form.

Unlike UUID, NanoID lets you control both the length and the alphabet. A 10-character ID from a 64-char alphabet gives ~60 bits. A 21-character ID gives ~126 bits. The collision probability calculator in this tool makes it easy to tune these parameters for your specific scale requirements.

NanoID uses crypto.getRandomValues in the browser (or crypto.randomBytes in Node.js) for cryptographically secure randomness, and avoids modulo bias through rejection sampling.

Examples

Valid - Default (21 chars, 64 alphabet)
V1StGXR8_Z5jdHi6B-myT
Valid - Short URL slug (10 chars)
IRFa-VaY2b
Valid - Hex ID (16 chars)
a4f9e3b20c81d7f5
Valid - Numeric token (6 chars)
482917

Frequently Asked Questions

How many characters should I use for a NanoID?

Use the collision probability calculator to decide. For most applications, 21 characters (default) gives ~126 bits of entropy — virtually impossible to collide. For less critical use cases like short URLs, 10–12 characters with the URL-safe alphabet gives ~60–72 bits — sufficient for typical web traffic. Decrease length only if collision probability at your expected scale remains acceptable.

Is NanoID more secure than UUID v4?

They are comparable. UUID v4 has 122 random bits; default NanoID (21 chars, 64-char alphabet) has 126 bits. Both use cryptographically secure randomness. NanoID's advantage is its smaller footprint and customizable format — not a significant security improvement over UUID v4.

Can I use NanoID for session tokens or API keys?

Yes, with caveats. A 21-character NanoID has 126 bits of entropy, which is strong enough for most session tokens. For high-security API keys, consider 32+ characters to provide 192+ bits of entropy. Use the URL-safe alphabet to avoid encoding issues in headers. Always transmit over HTTPS and hash the token before storing it in your database.

What is modulo bias and does NanoID avoid it?

Modulo bias occurs when using randomByte % alphabetSize to pick a random character — certain characters are slightly more likely than others if the byte range is not evenly divisible by the alphabet size. NanoID avoids this using rejection sampling: it generates extra random bytes and discards those outside the valid range, ensuring each character is chosen with equal probability.

Why choose NanoID over UUID?

NanoID advantages:

  • 21 chars vs 36 chars (UUID with hyphens) — 40% shorter for the same entropy
  • No hyphens — one token type instead of multiple UUID-specific field names
  • Customizable alphabet — use only numbers, only hex, etc.
  • URL-safe by default — no encoding needed
UUID advantage: ubiquitous standard support, especially in SQL databases with native UUID types.

💡 Tips

  • For URL slugs and short links, 10–12 characters with the URL-safe alphabet strikes a good balance between brevity and safety.
  • Always check the collision probability for your expected daily/monthly volume — the calculator shows you whether your configuration is safe at scale.
  • For numeric OTPs (one-time passwords), use the "Numbers Only" preset with 6–8 characters. Remember numeric-only IDs have lower entropy per character.
  • Custom alphabets excluding confusing characters (like 0/O or 1/l) improve human readability for codes that users read aloud or type manually.
  • Never store a NanoID token directly as a password or secret — always hash it first (e.g., with SHA-256) before persisting to a database.