Create passwords and check password strength using a public Open Source API

The PasswordUtility API is one of the pet projects I've been working on for a while. Today I'm delighted to announce that the project goes to public availability. The solution hosted in Azure (where else?) and consists of 2 parts:

  • A public facing website where you can test the API features
  • A public API to use in your applications.

The project is fully Open Source and it's driven by the PasswordUtility library hosted on GitHub and readily available to download from NuGet.

If you're interested in knowing how the library works, I've put together a nice write up on GitHub. However, the API does a great job in hiding this away and provides a wrapper around the library by exposing 2 basic methods:

  • validate()
  • generate()

Password validation

Passwords can be good and strong or they can be crap. If you are concerned about your application and want to have a way in measuring password strength, then this is the API for you.

To call the validate method, you need to make a POST request to the following URL:

The method returns a value between 1 and 100 based on the KeePass validation algorithm. The closer to 100, the stronger the password. A password with value over 60 is a strong password in my books.

Password generation

Oftentimes, you want a handy way to generate a random password. If this is a feature that you wish to integrate to your application/website, then you can do this simply by calling the generate method. In effect, you need to make a POST request to the following URL:

The parameters are self-explanatory, but in case you have some doubts:

  • length: the length of characters in the password
  • uppercase: include upper case characters
  • digits: include numbers
  • specialcharacters: include one or more of these: !"#$%&'()*+,-./:;<=>[email protected][\]^_`{|}~

NOTE: lower case characters are included by default.

The response will contain a json payload with the password.

Using the website

The easiest way to see how the library works is to use the website. You can check password strength and generate passwords using the different options available. Since the webpage calls directly to the back-end API, you can fully test the functionality without having to mess with REST calls etc.

Testing the API

There are myriads of tools to test the API and make REST calls. However, for those of us who are too lazy to fire up Fiddler, you can use Swagger to test the API directly from a webpage. Simply navigate to and have a go.

To Do

I will add an SSL to the api to ensure that all calls are made over a secure channel. No point in providing a service that's designed to provide secure passwords through an insecure channel :) Also, feel free to send me any feature requests or suggestions you may have.

The whole website and API are now running on HTTPS and there's a valid SSL to provide end-to-end encryption so you should feel more comfortable using the API.

  • Share this post on