Identifiers Tokens Snippets
Custom Code Snippets — Identifiers & Tokens
Copy-paste examples for generating unique IDs, short codes, idempotency keys, and one-time codes inside a Custom Code workflow step. The sandbox exposes crypto.randomUUID() and crypto.getRandomValues(typedArray) for cryptographically-strong randomness — use these, not Math.random(), for anything that has to be unguessable.
A note on limits: crypto.getRandomValues caps at 65,536 bytes per call. That's plenty for tokens; if you need more, call it in a loop.
Generate a UUID
returnData("id", crypto.randomUUID());Build a short order code (e.g. "ORD-AB12CD")
const bytes = new Uint8Array(3);
crypto.getRandomValues(bytes);
const code = Array.from(bytes)
.map(b => b.toString(16).padStart(2, "0"))
.join("")
.toUpperCase();
returnData("order_code", `ORD-${code}`);6-digit numeric code (for SMS verification)
// 000000-999999, leading zeros preserved.
const bytes = new Uint8Array(4);
crypto.getRandomValues(bytes);
const n = (bytes[0] | (bytes[1] << 8) | (bytes[2] << 16)) >>> 0;
const code = String(n % 1_000_000).padStart(6, "0");
returnData("verification_code", code);
returnData("expires_at", DateTime.format(DateTime.addMinutes(DateTime.now(), 10), "YYYY-MM-DD HH:mm:ss"));Human-readable token (no ambiguous characters)
// Skips 0/O and 1/I/L so users don't fat-finger.
const ALPHABET = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
const length = Number(params["length"]) || 8;
const bytes = new Uint8Array(length);
crypto.getRandomValues(bytes);
let token = "";
for (const b of bytes) token += ALPHABET[b % ALPHABET.length];
returnData("token", token);Idempotency key for an outgoing API call
// Stable across retries within the same workflow run by including the record id.
const key = `${record.id || "norec"}-${DateTime.format(DateTime.now(), "YYYYMMDD")}-${crypto.randomUUID().slice(0, 8)}`;
returnData("idempotency_key", key);Combine record fields into a stable, slugged code
// Predictable code: customer slug + invoice number, e.g. "acme-corp-INV-001234"
const customer = Str.slug(record.customer_name || "unknown");
const number = String(record.invoice_number || "0").padStart(6, "0");
returnData("invoice_code", `${customer}-INV-${number}`);Base64-URL-safe token from random bytes
// Useful for email verification links — short and URL-safe.
const bytes = new Uint8Array(32);
crypto.getRandomValues(bytes);
const b64 = btoa(String.fromCharCode(...bytes))
.replace(/\+/g, "-")
.replace(/\//g, "_")
.replace(/=+$/, "");
returnData("token", b64);
returnData("verify_url", `${getAppDetails("base_url", "")}/verify?t=${b64}`);Promo / coupon code
// "WELCOME-7K9P2" style code with a recognizable prefix.
const prefix = String(params["prefix"] || "WELCOME").toUpperCase();
const bytes = new Uint8Array(3);
crypto.getRandomValues(bytes);
const ALPHABET = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
let suffix = "";
for (const b of bytes) suffix += ALPHABET[b % ALPHABET.length] + ALPHABET[(b * 7) % ALPHABET.length];
returnData("coupon", `${prefix}-${suffix.slice(0, 5)}`);Stable hash from a string
// Deterministic 32-bit hash for bucketing / dedupe keys (NOT for security).
function hash32(s) {
let h = 0;
for (let i = 0; i < s.length; i++) {
h = ((h << 5) - h + s.charCodeAt(i)) | 0;
}
return Math.abs(h);
}
returnData("dedupe_key", hash32(`${record.email || ""}|${record.created_at || ""}`).toString(36));Generate a tracking-number-style code
// "TBASE-2026-04-26-9F1A2B" — date-based prefix + random suffix.
const datePart = DateTime.format(DateTime.now(), "YYYY-MM-DD");
const bytes = new Uint8Array(3);
crypto.getRandomValues(bytes);
const suffix = Array.from(bytes).map(b => b.toString(16).padStart(2, "0")).join("").toUpperCase();
returnData("tracking_number", `TBASE-${datePart}-${suffix}`);Correlation ID for cross-system tracing
// Glue together the workflow run, the record, and a fresh UUID
// so you can grep a single chain across logs everywhere.
const correlationId = [
getAppDetails("slug", "app"),
record.id || "norec",
crypto.randomUUID().slice(0, 8)
].join(":");
returnData("correlation_id", correlationId);
console.log("Correlation ID:", correlationId);Generate N tokens at once (e.g. invite codes)
// Inputs: count (custom_val 25)
const count = Math.max(1, Math.min(500, Number(params["count"]) || 25));
const tokens = [];
for (let i = 0; i < count; i++) tokens.push(crypto.randomUUID());
returnData("tokens", tokens);
returnData("count", tokens.length);Build a shareable record link with a signed-ish token
// Quick "secret link" pattern — the token is unguessable, but anyone
// with the link can view. For real signed JWTs, use an external service.
const token = crypto.randomUUID();
const link = `${getAppDetails("base_url", "")}/share/${record.id}?t=${token}`;
returnData("share_token", token);
returnData("share_link", link);
returnData("expires_at", DateTime.format(DateTime.addDays(DateTime.now(), 7), "YYYY-MM-DD HH:mm:ss"));
We'd love to hear your feedback.