> ## Documentation Index
> Fetch the complete documentation index at: https://docs.brx.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate API Key

> Generates a new API key for the authenticated user

This endpoint generates a new API key for the authenticated user. API keys can be used to authenticate API requests instead of using Firebase authentication. This is useful for server-to-server communication or for integrating BRX with other applications. The generated API key will have the same permissions as the authenticated user.

## Request

This endpoint does not require any parameters.

### Example Request

```json theme={null}
{}
```

## Response

<ResponseField name="UpdateKeyResponse" type="object">
  <Expandable title="properties">
    <ResponseField name="generated" type="boolean">
      Indicates whether the API key was successfully generated
    </ResponseField>

    <ResponseField name="apiKey" type="string">
      The generated API key (only included in the response if the key was successfully generated)
    </ResponseField>
  </Expandable>
</ResponseField>

### Example Response

```json theme={null}
{
  "UpdateKeyResponse": {
    "generated": true,
    "apiKey": "brx_api_12345678-90ab-cdef-1234-567890abcdef"
  }
}
```

## Error Codes

<ResponseField name="401" type="object">
  Unauthorized - Authentication credentials are missing or invalid
</ResponseField>

<ResponseField name="403" type="object">
  Forbidden - The authenticated user does not have permission to generate API keys
</ResponseField>

<ResponseField name="429" type="object">
  Too Many Requests - The user has exceeded the API key generation rate limit
</ResponseField>

<ResponseField name="500" type="object">
  Internal Server Error - An unexpected error occurred on the server
</ResponseField>

## Notes

* API keys are used to authenticate API requests instead of using Firebase authentication.
* API keys have the same permissions as the authenticated user who generated them.
* API keys should be kept secure and not shared with unauthorized users.
* If an API key is compromised, it should be deleted using the [Delete API Key](/api-reference/endpoint/delete-key) endpoint.
* There is a rate limit on API key generation to prevent abuse. If you exceed this limit, you will receive a 429 Too Many Requests response.
* To list all API keys for the authenticated user, use the [List API Keys](/api-reference/endpoint/list-keys) endpoint.
* To delete an API key, use the [Delete API Key](/api-reference/endpoint/delete-key) endpoint.

## Authentication

To use an API key for authentication, include it in the `key` header of your API requests:

```
key: brx_api_12345678-90ab-cdef-1234-567890abcdef
```

API keys can be used for all API endpoints that support authentication.