To use the Gemini API, you need an API key. You can create a key with a few clicks in Google AI Studio.
Get a Gemini API key in Google AI Studio
Send your first Gemini API request
You can use a curl command to verify your setup:
curl \
-H 'Content-Type: application/json' \
-d '{"contents":[{"parts":[{"text":"Explain how AI works"}]}]}' \
-X POST 'https://generativelanguage.googleapis.com/v1beta/models/gemini-1.5-flash:generateContent?key=YOUR_API_KEY'
Keep your API key secure
It's important to keep your Gemini API key secure. Here are a few things to keep in mind when using your Gemini API key:
The Google AI Gemini API uses API keys for authorization. If others get access to your Gemini API key, they can make calls using your project's quota, which could result in lost quota or additional billing charges (if billing is enabled). API keys also guard access to tuned models and files.
When you click Get API key in Google AI Studio, you choose whether to provision a Gemini API key in a new or existing Google Cloud project. The API keys list in Google AI Studio shows all the API keys that AI Studio has provisioned for use with the Google AI Gemini API (along with all their associated Google Cloud projects).
- However, any API keys within the Google Cloud project can potentially be used to call the Google AI Gemini API. You can view and manage all your project's API keys in the APIs & Services > Credentials panel in the Google Cloud console.
Adding API key restrictions can help limit the surface area usable through each API key. By default, the Gemini API key generated by Google AI Studio can only be used with the Google AI Gemini API (officially called the "Generative Language API" or
generativelanguage.googleapis.com
).- If there are any API keys within your Google Cloud project that lack API restrictions or any API keys that have allowlisted the Generative Language API, then those keys can be used with the Google AI Gemini API. It's best practice to restrict each API key to only the APIs that you call using that key.
- Note that even with API key restrictions, if a malicious actor obtains your API key, they can use it to make calls using your project's quota for all the APIs allowlisted for that API key.
You're responsible for keeping your Gemini API key secure.
- Do NOT check Gemini API keys into source control.
- Client-side applications (Android, Swift, web, and Dart/Flutter) risk exposing API keys, so we do not recommend using the Google AI client SDKs in production apps to call the Google AI Gemini API directly from your mobile and web apps. Check out the SDK quickstarts to learn language-specific best practices for securing your API key.
For some general best practices, you can also review this support article.
Next steps
- Check out the API quickstarts to get started building.