Best way to generate an API key?

I'm in the middle of creating an API for our app and wanted to get
some feedback on the best way to generate unique APIKEY's for each
account. Similar to Basecamp's API keys for example.

md5 hash of username:password? base64 encoding? random string of
characters?

Thanks in advance.

I would use a completely random hex code. I would seriously avoid hashing the username & password, that leaves all your users vunerable to a dictionary attack.

Thanks Joe,

Yeah from what I've seen so far many people use a SHA1 hex code based
on Time.now plus some other random numbers.

Thanks Joe,

Yeah from what I've seen so far many people use a SHA1 hex code based
on Time.now plus some other random numbers.

You could have a look at the code rails uses for generating the
secrets used for forgery protection (rake secret)

Fred

You could use UUIDs.

http://blog.labnotes.org/2005/10/18/ruby-uuid-generator/
http://en.wikipedia.org/wiki/UUID