API Key Format Validator

Validate the format of OpenAI, Anthropic, and other LLM API keys.

Checks an LLM API key's prefix, length, and character set against the known formats for OpenAI, Anthropic, Cohere, Mistral, Groq, and Google. Format-only — there are no network calls, so your key is never sent anywhere. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Does this verify the key actually works?

No. It only checks that the format matches a known provider pattern — prefix, length, and allowed characters. A correctly formatted key can still be revoked or invalid; only a real API call confirms it works, which this tool deliberately does not do.

API key format validator

Before you wire a key into an app or paste it into a config, it helps to confirm it is even the right shape — a truncated copy-paste or the wrong provider’s key is a common, frustrating source of 401 errors. This tool checks an API key’s prefix, length, and character set against the documented formats for the major LLM providers, entirely in your browser with no network calls.

How it works

The tool runs your key against a table of provider patterns. Each pattern specifies a required prefix (such as sk-, sk-ant-, or gsk_), an expected character set, and a plausible length range. It reports the first provider whose prefix matches, then verifies the remaining structure and flags any mismatch — for example a key that starts like an OpenAI key but is far too short to be valid. OpenAI’s several variants (classic, sk-proj-, and sk-svcacct-) are distinguished and labeled. Because the check is purely structural, no request is ever made to any provider.

Recognised key formats

ProviderKey prefixNotes
OpenAI (standard)sk-Classic 51-character key
OpenAI (project key)sk-proj-Scoped to a specific OpenAI project
OpenAI (service account)sk-svcacct-Restricted key; may lack billing/metering scope
Anthropicsk-ant-All Claude API keys begin with this
Cohere(alphanumeric, no standard prefix)Validated by length and character set
Mistral(alphanumeric)Various lengths; validated structurally
Groqgsk_Groq’s published prefix
Google AI StudioAIzaUsed for Gemini API access

Why format checks are valuable

Catching truncated keys. The single most common cause of a correct-looking 401 error is a key shortened during copy-paste — either trailing characters cut off in a text box or a newline inserted mid-key. A length check catches this instantly without touching the API.

Distinguishing key types before use. OpenAI’s sk-svcacct- restricted keys lack certain API scopes (such as metering and fine-tuning). Recognising the variant before you build your integration avoids a mysterious permission error later.

Confirming you have the right provider’s key. When multiple LLM providers are in play, it is easy to paste Anthropic’s sk-ant- key into an OpenAI field. The prefix check makes the mismatch obvious immediately.

Tips and notes

  • Format is necessary, not sufficient. A well-formed key can still be revoked or scoped wrong; only a real API call confirms it works, which this tool deliberately does not make.
  • Watch for trailing whitespace. Some password managers pad keys with a space or newline. The validator trims these before checking, and flags if trimming was needed.
  • Restricted keys are limited. OpenAI sk-svcacct- and similar restricted keys may lack scopes (for example metering) that your call needs — check the key’s permissions in the provider dashboard.
  • Nothing leaves the page. With zero network calls it is safe to validate a production key here.