pages/generate-content/api-key.txt

route: /gemini-api/docs/generate-content/api-key
title: Using Gemini API keys
description: Get your Gemini API key and start building in less than 5 minutes.

Note: This version of the page covers the previous generateContent API. We recommend using the new Interactions API for access to all the latest features and models. You can use the toggle on this page to switch to the Interactions API version of this page.
To use the Gemini API, you must authenticate your requests. You can
authenticate using a standard or authorization API key.
Create or view a Gemini API Key
API key types: Standard versus Authorization
API keys provide access to the Gemini API, but their security characteristics
differ. The Gemini API is transitioning from standard API keys to authorization
keys to improve security:
Standard API keys: Associate requests with a Google Cloud project for
billing and quota purposes. Standard keys don't identify a caller, which
limits the granularity of permissions and access control they can support.
Authorization (auth) keys: Bound directly to a Google Cloud service
account. When you use an authorization key, your requests are processed
under the identity of that bound service account, enabling granular access
control. Authorization keys are restricted to the Generative Language API
(Gemini API) by default and provide fast-acting leaked key enforcement that
quickly stops the usage of leaked keys detected by our systems.
To ensure secure usage, Gemini API will move from Standard keys to Auth keys:
Auth keys default: All new API keys created in Google AI Studio
are automatically created as auth keys.
On June 19, 2026: The Gemini API will reject requests
from unrestricted standard keys. Standard API keys that have explicit
restrictions applied will continue to work. This restriction prevents the
unauthorized use of keys that might be shared publicly or linked to other
services.
On September 2026: the Gemini API will reject requests from Standard
keys. You must migrate to auth keys
before this date to avoid service interruption. Make sure to migrate to
auth keys before September 2026.
Note: Requests authenticated by authorization keys are not recorded in
Google Cloud service account usage metrics.
Managing API keys in Google AI Studio
You can manage your projects and keys directly in Google AI Studio.
Google Cloud projects
Every Gemini API key is associated with a Google Cloud project.
Google Cloud projects manage billing, collaborators, and permissions. Google AI
Studio provides a lightweight interface to access these projects.
Default project: If you are a new user, Google AI Studio automatically
creates a default Google Cloud project and API key after you accept the
Terms of Service. You can rename this project by navigating to the
Projects view in your dashboard.
Existing projects: If you already have a Google Cloud account, AI
Studio does not create a default project. Instead, you must import your
existing projects.
Importing projects
By default, Google AI Studio does not display all of your Google Cloud
projects. You must import the projects you want to use:
Go to Google AI Studio.
Open the Dashboard from the left panel and select Projects.
Click the Import projects button.
Search for and select the Google Cloud project you want to import, then
click Import.
Once imported, navigate to the API Keys page in the dashboard to
create a key in that project.
Troubleshooting key creation permissions
If the Create API key button is unavailable and displays the message:
"You do not have permission to create a key in this project", you lack the
required IAM permissions.
Ask your Google Cloud project or organization administrator to grant you a role
containing the following permissions (such as Project Editor):
resourcemanager.projects.get: Allows AI Studio to verify the project.
apikeys.keys.create: Allows key generation.
serviceusage.services.enable: Ensures the Generative Language API is
enabled.
iam.serviceAccounts.create: Required to create the linked service account.
iam.serviceAccountApiKeyBindings.create: Binds the service account to the
API key.
If you cannot get administrative access, you can create a new Google Cloud
project that is not associated with an organization to generate your keys.
Setting up your environment
Once you have a key, configure your environment to use it securely in your
applications.
Use environment variables (Recommended)
Set the environment variable GEMINI_API_KEY or GOOGLE_API_KEY. The Gemini
API client libraries automatically detect and use these variables. If both are
set, GOOGLE_API_KEY takes precedence.
Select your operating system to set the variable:
Linux/macOS - Bash
Verify if you have a bash configuration file:
~/.bashrc
If not, create one and open it:
touch ~/.bashrc && open ~/.bashrc
Add the export command at the end of the file:
export GEMINI_API_KEY=<YOUR_API_KEY_HERE>
Save the file, then apply the changes:
source ~/.bashrc
macOS - Zsh
Verify if you have a zsh configuration file:
~/.zshrc
If not, create one and open it:
touch ~/.zshrc && open ~/.zshrc
Add the export command:
export GEMINI_API_KEY=<YOUR_API_KEY_HERE>
Save the file, then apply the changes:
source ~/.zshrc
Windows
Search for "Environment Variables" in the Windows search bar.
Click Environment Variables in the System Properties dialog.
Under User variables or System variables, click New....
Set the variable name to GEMINI_API_KEY and the value to your API key.
Click OK to save. Open a new terminal session to load the variable.
Provide the API key explicitly in code
You can pass the API key explicitly when initializing the client. Only do this
if you cannot use environment variables.
Python
from google import genai
client = genai.Client(api_key="YOUR_API_KEY")
response = client.models.generate_content(
model="gemini-3.5-flash",
contents="Explain how AI works in a few words"
)
print(response.text)
JavaScript
import { GoogleGenAI } from "@google/genai";
const ai = new GoogleGenAI({ apiKey: "YOUR_API_KEY" });
async function main() {
const response = await ai.models.generateContent({
model: "gemini-3.5-flash",
contents: "Explain how AI works in a few words",
});
console.log(response.text);
}
main();
Go
package main
import (
"context"
"fmt"
"log"
"google.golang.org/genai"
)
func main() {
ctx := context.Background()
client, err := genai.NewClient(ctx, &genai.ClientConfig{
APIKey: "YOUR_API_KEY",
Backend: genai.BackendGeminiAPI,
})
if err != nil {
log.Fatal(err)
}
result, err := client.Models.GenerateContent(
ctx,
"gemini-3.5-flash",
genai.Text("Explain how AI works in a few words"),
nil,
)
if err != nil {
log.Fatal(err)
}
fmt.Println(result.Text())
}
Java
package com.example;
import com.google.genai.Client;
import com.google.genai.types.GenerateContentResponse;
public class GenerateTextFromTextInput {
public static void main(String[] args) {
Client client = Client.builder().apiKey("YOUR_API_KEY").build();
GenerateContentResponse response =
client.models.generateContent(
"gemini-3.5-flash",
"Explain how AI works in a few words",
null);
System.out.println(response.text());
}
REST
curl "https://generativelanguage.googleapis.com/v1beta/models/gemini-3.5-flash:generateContent" -H 'Content-Type: application/json' -H "x-goog-api-key: YOUR_API_KEY" -X POST -d '{
"contents": [
{
"parts": [
{
"text": "Explain how AI works in a few words"
}
]
}
]
}'
Security and secret management
Treat your Gemini API key like a password. If compromised, others can consume
your project's quota, incur unexpected billing charges, and access private
resources.
Critical security rules
Keep keys confidential: Never check API keys into source control systems
like Git.
Never expose keys client-side in production: Do not hardcode API keys
directly in web or mobile apps. Keys compiled in client-side code can be
extracted by users. To secure client-side apps, run a backend proxy
server to make the actual API calls.
Secret management best practices
Environment variables: Read keys from e
…