|
|
Using Gemini API keys | Google AI for Developers Skip to main content / English Deutsch Español – América Latina Français Indonesia Italiano Polski Português – Brasil Shqip Tiếng Việt Türkçe Русский עברית العربيّة فارسی हिंदी বাংলা ภาษาไทย 中文 – 简体 中文 – 繁體 日本語 한국어 Sign in Gemini 2.5 Flash Image (aka Nano Banana) is now available in the Gemini API! Learn more Home Gemini API Gemini API docs Send feedback Using Gemini API keys To use the Gemini API, you need an API key. You can create a key for free with a few clicks in Google AI Studio . Once you have an API key, you have the following options to connect to the Gemini API: Setting your API key as an environment variable Providing your API key explicitly For initial testing, you can hard code an API key, but this should only be temporary since it's not secure. You can find examples for hard coding the API key in Providing API key explicitly section. Setting the API key as an environment variable If you set the environment variable GEMINI_API_KEY or GOOGLE_API_KEY , the API key will automatically be picked up by the client when using one of the Gemini API libraries . It's recommended that you set only one of those variables, but if both are set, GOOGLE_API_KEY takes precedence. If you're using the REST API, or JavaScript on the browser, you will need to provide the API key explicitly. Here is how you can set your API key locally as the environment variable GEMINI_API_KEY with different operating systems. Linux/macOS - Bash Bash is a common Linux and macOS terminal configuration. You can check if you have a configuration file for it by running the following command: ~/.bashrc If the response is "No such file or directory", you will need to create this file and open it by running the following commands, or use zsh : touch ~/.bashrc open ~/.bashrc Next, you need to set your API key by adding the following export command: export GEMINI_API_KEY = <YOUR_API_KEY_HERE> After saving the file, apply the changes by running: source ~/.bashrc macOS - Zsh Zsh is a common Linux and macOS terminal configuration. You can check if you have a configuration file for it by running the following command: ~/.zshrc If the response is "No such file or directory", you will need to create this file and open it by running the following commands, or use bash : touch ~/.zshrc open ~/.zshrc Next, you need to set your API key by adding the following export command: export GEMINI_API_KEY = <YOUR_API_KEY_HERE> After saving the file, apply the changes by running: source ~/.zshrc Windows Search for "Environment Variables" in the search bar. Choose to modify System Settings . You may have to confirm you want to do this. In the system settings dialog, click the button labeled Environment Variables . Under either User variables (for the current user) or System variables (applies to all users who use the machine), click New... Specify the variable name as GEMINI_API_KEY . Specify your Gemini API Key as the variable value. Click OK to apply the changes. Open a new terminal session (cmd or Powershell) to get the new variable. Providing the API key explicitly In some cases, you may want to explicitly provide an API key. For example: You're doing a simple API call and prefer hard coding the API key. You want explicit control without having to rely on automatic discovery of environment variables by the Gemini API libraries You're using an environment where environment variables are not supported (e.g web) or you are making REST calls. Below are examples for how you can provide an API key explicitly: Python from google import genai client = genai . Client ( api_key = " YOUR_API_KEY " ) response = client . models . generate_content ( model = "gemini-2.5-flash" , contents = "Explain how AI works in a few words" ) print ( response . text ) JavaScript import { GoogleGenAI } from "@google/genai" ; const ai = new GoogleGenAI ({ apiKey : " YOUR_API_KEY " }); async function main () { const response = await ai . models . generateContent ({ model : "gemini-2.5-flash" , contents : "Explain how AI works in a few words" , }); console . log ( response . text ); } main (); Go package main import ( "context" "fmt" "log" "google.golang.org/genai" ) func main () { ctx := context . Background () client , err := genai . NewClient ( ctx , & genai . ClientConfig { APIKey : " YOUR_API_KEY " , Backend : genai . BackendGeminiAPI , }) if err != nil { log . Fatal ( err ) } result , err := client . Models . GenerateContent ( ctx , "gemini-2.5-flash" , genai . Text ( "Explain how AI works in a few words" ), nil , ) if err != nil { log . Fatal ( err ) } fmt . Println ( result . Text ()) } Java package com.example ; import com.google.genai.Client ; import com.google.genai.types.GenerateContentResponse ; public class GenerateTextFromTextInput { public static void main ( String [] args ) { Client client = Client . builder (). apiKey ( " YOUR_API_KEY " ). build (); GenerateContentResponse response = client . models . generateContent ( "gemini-2.5-flash" , "Explain how AI works in a few words" , null ); System . out . println ( response . text ()); } } REST curl "https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent" \ -H 'Content-Type: application/json' \ -H "x-goog-api-key: YOUR_API_KEY " \ -X POST \ -d '{ "contents": [ { "parts": [ { "text": "Explain how AI works in a few words" } ] } ] }' Keep your API key secure Treat your Gemini API key like a password. If compromised, others can use your project's quota, incur charges (if billing is enabled), and access your private data, such as files. Critical security rules Never commit API keys to source control. Do not check your API key into version control systems like Git. Never expose API keys on the client-side. Do not use your API key directly in web or mobile apps in production. Keys in client-side code (including our JavaScript/TypeScript libraries and REST calls) can be extracted. Best practices Use server-side calls with API keys The most secure way to use your API key is to call the Gemini API from a server-side application where the key can be kept confidential. Use ephemeral tokens for client-side access (Live API only): For direct client-side access to the Live API, you can use ephemeral tokens. They come with lower security risks and can be suitable for production use. Review ephemeral tokens guide for more information. Consider adding restrictions to your key: You can limit a key's permissions by adding API key restrictions . This minimizes the potential damage if the key is ever leaked. For some general best practices, you can also review this support article . Send feedback Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates. Last updated 2025-09-09 UTC. |
