Free
500 calls/month
No credit card
Credential Security Infrastructure for Developers
One API call generates cryptographically secure, compliance-documented passwords your team can use immediately and your auditors can verify.
The credential security problem developers inherit
Developers reach for Math.random() or weak generation functions because the secure path requires too much internal work. Auditors then find the gap six months later. The Six Sense API puts cryptographic security and compliance documentation at the point where credentials are first created, not after the audit starts.
POST /v1/generate
Base URL
https://api.sixsensesolutions.net
Authentication
Authorization: Bearer <api_key>
Endpoint
POST /v1/generate
Response
200 OK
Request example
{
"length": 20,
"quantity": 5,
"options": {
"uppercase": true,
"lowercase": true,
"numbers": true,
"symbols": true,
"exclude_ambiguous": true
},
"compliance": "NIST"
}
Success response example
{
"passwords": [
"xK9#mPqR2vHnYbL4wZ8j",
"Tn5@cFwM7pBsXqJ3eR6y",
"Hm2$kVzN8dGrPuL9wC4x"
],
"meta": {
"length": 20,
"entropy_bits": 120,
"generated_at": "2026-04-09T15:18:11.094Z",
"compliance_profile": "NIST",
"calls_remaining": 49998
}
}
Compliance profiles
| Profile | Minimum Length | Character Requirements | Excludes Ambiguous | Use Case |
|---|---|---|---|---|
| NIST | 15 | Uppercase, lowercase, numbers, symbols | Yes | Regulated teams and audit-heavy environments |
| SOC2 | 12 | Uppercase, lowercase, numbers | Yes | SaaS security controls and SOC2 programs |
| strong | 8 | Caller-defined | Caller-defined | General product and internal credential workflows |
Error codes
| Code | HTTP Status | Meaning |
|---|---|---|
| INVALID_LENGTH | 400 | Length is outside allowed bounds. |
| INVALID_QUANTITY | 400 | Quantity is outside allowed bounds. |
| NO_CHARSET | 400 | No character set options were enabled. |
| INVALID_COMPLIANCE | 400 | Requested compliance profile is not recognized. |
| INVALID_BODY | 400 | Request body is missing or malformed. |
| MISSING_AUTH | 401 | Authorization header is missing or malformed. |
| INVALID_KEY | 401 | API key is not valid. |
| RATE_LIMIT_EXCEEDED | 429 | Monthly usage limit for the key has been reached. |
Pricing tiers
Pro
$29/month
50,000 calls/month
Business
$149/month
500,000 calls/month
Enterprise
Custom pricing
Unlimited calls, compliance documentation, priority support
Code examples
const response = await fetch("https://api.sixsensesolutions.net/v1/generate", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer test_pro_key"
},
body: JSON.stringify({
length: 20,
quantity: 1,
options: {
uppercase: true,
lowercase: true,
numbers: true,
symbols: true,
exclude_ambiguous: true
},
compliance: "NIST"
})
});
const json = await response.json();
console.log(response.status, json.meta.entropy_bits);
import requests
url = "https://api.sixsensesolutions.net/v1/generate"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer test_pro_key"
}
payload = {
"length": 20,
"quantity": 1,
"options": {
"uppercase": True,
"lowercase": True,
"numbers": True,
"symbols": True,
"exclude_ambiguous": True
},
"compliance": "NIST"
}
r = requests.post(url, json=payload, headers=headers, timeout=15)
print(r.status_code, r.json()["meta"]["calls_remaining"])
curl -X POST "https://api.sixsensesolutions.net/v1/generate" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer test_pro_key" \
-d '{
"length": 20,
"quantity": 1,
"options": {
"uppercase": true,
"lowercase": true,
"numbers": true,
"symbols": true,
"exclude_ambiguous": true
},
"compliance": "NIST"
}'