HotBits API Keys HotBits API KeysAs of the end of 2022, the HotBits Radioactive Random Number Generator service has been retired. Please see the “HotBits Radioactive Generator Retired” notice for additional information. You can request random data from the secondary on-chip random source using your API key with “R” as the first character instead of “H”.
In order to obtain random data generated by the HotBits random number generator, you must request an API Key using the API Key Request Form. (“API” stands for “Application Programming Interface”.) Once you receive your API Key, enter it in the box whenever you request random data from HotBits. If you request data from within a program with a URL, the API key is specified by a query field in the URL like:
?apikey=RB10usUsPFyJzKs84zYML85sbBY
Replace the example key (all new keys begin with “RB1”) with the key you are issued.
You do not need an API Key to request pseudorandom data. If the “Pseudorandom data?” box is checked or you enter an API Key of “Pseudorandom”, HotBits will return data generated by a high-quality pseudorandom number generator which is seeded from HotBits-generated data. Pseudorandom data suffice for the vast majority of applications and not only may you obtain it without an API Key, there are no limits on the amount of data you can download within a 24 hour period.
An API key is required to obtain hardware-generated random data because the hardware generator produces a limited number of bytes per second, and this generation rate can be exhausted if it is bombarded with a large number of requests. For more than twenty years, constrained only by a daily quota system enforced by IP address, HotBits users behaved responsibly and there were no problems, but recently, as the Internet Slum continues to become more coarse and stupid, distributed denial of service attacks against HotBits have become increasingly common. Requiring an API Key deters casual bad actors from using the resource in the first place and, more importantly, allows easily shutting off access to any user who behaves irresponsibly, even if they are accessing the site from numerous IP addresses.
When you obtain an API Key, do not publish it or loan it to others. Doing so runs the risk that, should they misbehave and abuse HotBits, the key may be revoked, blocking your own access to the site.