For initial testing, you can hard code an API key, but this should only be
temporary since it's not secure. You can find examples for hard coding the API
key in Providing API key explicitly section.
Setting API key as environment variable
If you set the environment variable GEMINI_API_KEY or GOOGLE_API_KEY, the
API key will automatically be picked up by the client when using one of the
Gemini API libraries. It's recommended that you
set only one of those variables, but if both are set, GOOGLE_API_KEY takes
precedence.
If you're using the REST API, or JavaScript on the browser, you will need to
provide the API key explicitly.
Here is how you can set your API key locally as the environment variable
GEMINI_API_KEY with different operating systems.
Linux/macOS - Bash
Bash is a common Linux and macOS terminal configuration. You can check if
you have a configuration file for it by running the following command:
~/.bashrc
If the response is "No such file or directory", you will need to create this
file and open it by running the following commands, or use zsh:
touch~/.bashrcopen~/.bashrc
Next, you need to set your API key by adding the following export command:
exportGEMINI_API_KEY=<YOUR_API_KEY_HERE>
After saving the file, apply the changes by running:
source~/.bashrc
macOS - Zsh
Zsh is a common Linux and macOS terminal configuration. You can check if
you have a configuration file for it by running the following command:
~/.zshrc
If the response is "No such file or directory", you will need to create this
file and open it by running the following commands, or use bash:
touch~/.zshrcopen~/.zshrc
Next, you need to set your API key by adding the following export command:
exportGEMINI_API_KEY=<YOUR_API_KEY_HERE>
After saving the file, apply the changes by running:
source~/.zshrc
Windows
Search for "Environment Variables" in the system settings
Edit either "User variables" (for current user) or "System variables"
(for all users - use with caution).
Create the variable and add export GEMINI_API_KEY=your_key_here
Apply the changes
Providing API key explicitly
In some cases, you may want to explicitly provide an API key. For example:
You're doing a simple API call and prefer hard coding the API key.
You want explicit control without having to rely on automatic discovery of
environment variables by the Gemini API libraries
You're using an environment where environment variables are not supported
(e.g web) or you are making REST calls.
Below are examples for how you can provide an API key explicitly:
Python
fromgoogleimportgenaiclient=genai.Client(api_key="YOUR_API_KEY")response=client.models.generate_content(model="gemini-2.5-flash",contents="Explain how AI works in a few words")print(response.text)
JavaScript
import{GoogleGenAI}from"@google/genai";constai=newGoogleGenAI({apiKey:"YOUR_API_KEY"});asyncfunctionmain(){constresponse=awaitai.models.generateContent({model:"gemini-2.5-flash",contents:"Explain how AI works in a few words",});console.log(response.text);}main();
Go
packagemainimport("context""fmt""log""google.golang.org/genai")funcmain(){ctx:=context.Background()client,err:=genai.NewClient(ctx,&genai.ClientConfig{APIKey:"YOUR_API_KEY",Backend:genai.BackendGeminiAPI,})iferr!=nil{log.Fatal(err)}result,err:=client.Models.GenerateContent(ctx,"gemini-2.5-flash",genai.Text("Explain how AI works in a few words"),nil,)iferr!=nil{log.Fatal(err)}fmt.Println(result.Text())}
Java
packagecom.example;importcom.google.genai.Client;importcom.google.genai.types.GenerateContentResponse;publicclassGenerateTextFromTextInput{publicstaticvoidmain(String[]args){Clientclient=Client.builder().apiKey("YOUR_API_KEY").build();GenerateContentResponseresponse=client.models.generateContent("gemini-2.5-flash","Explain how AI works in a few words",null);System.out.println(response.text());}}
REST
curl"https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent?key=$YOUR_API_KEY"\-H'Content-Type: application/json'\-XPOST\-d'{ "contents": [ { "parts": [ { "text": "Explain how AI works in a few words" } ] } ] }'
Keep your API key secure
Treat your Gemini API key like a password. If compromised, others can use your
project's quota, incur charges (if billing is enabled), and access your
private data, such as files.
Critical security rules
Never commit API keys to source control. Do not check your API key into version control systems like Git.
Never expose API keys on the client-side. Do not use your API key directly
in web or mobile apps in production. Keys in client-side code
(including our JavaScript/TypeScript libraries and REST calls) can be
extracted.
Best practices
Use server-side calls with API keys The most secure way to use your API
key is to call the Gemini API from a server-side application where the key
can be kept confidential.
Use ephemeral tokens for client-side access (Live API only): For direct
client-side access to the Live API, you can use ephemeral tokens. They come with
lower security risks and can be suitable for production use. Review
ephemeral tokens guide for more information.
Consider adding restrictions to your key: You can limit a key's permissions
by adding API key restrictions.
This minimizes the potential damage if the key is ever leaked.
For some general best practices, you can also review this
support article.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-21 UTC."],[],[],null,["# Using Gemini API keys\n\nTo use the Gemini API, you need an API key. You can create a key for free with a\nfew clicks in [Google AI Studio](https://aistudio.google.com/app/apikey).\n\nOnce you have an API key, you have the following options to connect to the\nGemini API:\n\n- [Setting your API key as an environment variable](#set-api-env-var)\n- [Providing your API key explicitly](#provide-api-key-explicitly)\n\nFor initial testing, you can hard code an API key, but this should only be\ntemporary since it's not secure. You can find examples for hard coding the API\nkey in [Providing API key explicitly](#provide-api-key-explicitly) section.\n\nSetting API key as environment variable\n---------------------------------------\n\nIf you set the environment variable `GEMINI_API_KEY` or `GOOGLE_API_KEY`, the\nAPI key will automatically be picked up by the client when using one of the\n[Gemini API libraries](/gemini-api/docs/libraries). It's recommended that you\nset only one of those variables, but if both are set, `GOOGLE_API_KEY` takes\nprecedence.\n\nIf you're using the REST API, or JavaScript on the browser, you will need to\nprovide the API key explicitly.\n\nHere is how you can set your API key locally as the environment variable\n`GEMINI_API_KEY` with different operating systems. \n\n### Linux/macOS - Bash\n\nBash is a common Linux and macOS terminal configuration. You can check if\nyou have a configuration file for it by running the following command: \n\n ~/.bashrc\n\nIf the response is \"No such file or directory\", you will need to create this\nfile and open it by running the following commands, or use `zsh`: \n\n touch ~/.bashrc\n open ~/.bashrc\n\nNext, you need to set your API key by adding the following export command: \n\n export GEMINI_API_KEY=\u003cYOUR_API_KEY_HERE\u003e\n\nAfter saving the file, apply the changes by running: \n\n source ~/.bashrc\n\n### macOS - Zsh\n\nZsh is a common Linux and macOS terminal configuration. You can check if\nyou have a configuration file for it by running the following command: \n\n ~/.zshrc\n\nIf the response is \"No such file or directory\", you will need to create this\nfile and open it by running the following commands, or use `bash`: \n\n touch ~/.zshrc\n open ~/.zshrc\n\nNext, you need to set your API key by adding the following export command: \n\n export GEMINI_API_KEY=\u003cYOUR_API_KEY_HERE\u003e\n\nAfter saving the file, apply the changes by running: \n\n source ~/.zshrc\n\n### Windows\n\n1. Search for \"Environment Variables\" in the system settings\n2. Edit either \"User variables\" (for current user) or \"System variables\" (for all users - use with caution).\n3. Create the variable and add `export GEMINI_API_KEY=your_key_here`\n4. Apply the changes\n\nProviding API key explicitly\n----------------------------\n\nIn some cases, you may want to explicitly provide an API key. For example:\n\n- You're doing a simple API call and prefer hard coding the API key.\n- You want explicit control without having to rely on automatic discovery of environment variables by the Gemini API libraries\n- You're using an environment where environment variables are not supported (e.g web) or you are making REST calls.\n\nBelow are examples for how you can provide an API key explicitly: \n\n### Python\n\n from google import genai\n\n client = genai.Client(api_key=\"\u003cvar translate=\"no\"\u003eYOUR_API_KEY\u003c/var\u003e\")\n\n response = client.models.generate_content(\n model=\"gemini-2.5-flash\", contents=\"Explain how AI works in a few words\"\n )\n print(response.text)\n\n### JavaScript\n\n import { GoogleGenAI } from \"@google/genai\";\n\n const ai = new GoogleGenAI({ apiKey: \"\u003cvar translate=\"no\"\u003eYOUR_API_KEY\u003c/var\u003e\" });\n\n async function main() {\n const response = await ai.models.generateContent({\n model: \"gemini-2.5-flash\",\n contents: \"Explain how AI works in a few words\",\n });\n console.log(response.text);\n }\n\n main();\n\n### Go\n\n package main\n\n import (\n \"context\"\n \"fmt\"\n \"log\"\n \"google.golang.org/genai\"\n )\n\n func main() {\n ctx := context.Background()\n client, err := genai.NewClient(ctx, &genai.ClientConfig{\n APIKey: \"\u003cvar translate=\"no\"\u003eYOUR_API_KEY\u003c/var\u003e\",\n Backend: genai.BackendGeminiAPI,\n })\n if err != nil {\n log.Fatal(err)\n }\n\n result, err := client.Models.GenerateContent(\n ctx,\n \"gemini-2.5-flash\",\n genai.Text(\"Explain how AI works in a few words\"),\n nil,\n )\n if err != nil {\n log.Fatal(err)\n }\n fmt.Println(result.Text())\n }\n\n### Java\n\n package com.example;\n\n import com.google.genai.Client;\n import com.google.genai.types.GenerateContentResponse;\n\n public class GenerateTextFromTextInput {\n public static void main(String[] args) {\n Client client = Client.builder().apiKey(\"\u003cvar translate=\"no\"\u003eYOUR_API_KEY\u003c/var\u003e\").build();\n\n GenerateContentResponse response =\n client.models.generateContent(\n \"gemini-2.5-flash\",\n \"Explain how AI works in a few words\",\n null);\n\n System.out.println(response.text());\n }\n }\n\n### REST\n\n curl \"https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent?key=$\u003cvar translate=\"no\"\u003eYOUR_API_KEY\u003c/var\u003e\" \\\n -H 'Content-Type: application/json' \\\n -X POST \\\n -d '{\n \"contents\": [\n {\n \"parts\": [\n {\n \"text\": \"Explain how AI works in a few words\"\n }\n ]\n }\n ]\n }'\n\nKeep your API key secure\n------------------------\n\nTreat your Gemini API key like a password. If compromised, others can use your\nproject's quota, incur charges (if billing is enabled), and access your\nprivate data, such as files.\n\n### Critical security rules\n\n- **Never commit API keys to source control.** Do not check your API key into version control systems like Git.\n\n- **Never expose API keys on the client-side.** Do not use your API key directly\n in web or mobile apps in production. Keys in client-side code\n (including our JavaScript/TypeScript libraries and REST calls) can be\n extracted.\n\n### Best practices\n\n- **Use server-side calls with API keys** The most secure way to use your API\n key is to call the Gemini API from a server-side application where the key\n can be kept confidential.\n\n- **Use ephemeral tokens for client-side access (Live API only):** For direct\n client-side access to the Live API, you can use ephemeral tokens. They come with\n lower security risks and can be suitable for production use. Review\n [ephemeral tokens](/gemini-api/docs/ephemeral-tokens) guide for more information.\n\n- **Consider adding restrictions to your key:** You can limit a key's permissions\n by adding [API key restrictions](https://cloud.google.com/api-keys/docs/add-restrictions-api-keys#add-api-restrictions).\n This minimizes the potential damage if the key is ever leaked.\n\nFor some general best practices, you can also review this\n[support article](https://support.google.com/googleapi/answer/6310037)."]]
