> For the complete documentation index, see [llms.txt](https://docs.toucanai.cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.toucanai.cloud/embed/authentication/how-to/generate-an-api-key.md).

# Generate an API key

{% hint style="info" %}
**Target Audience**: Developers & Non technical users
{% endhint %}

### Goal

Obtain an API key to securely authenticate server-side requests to Toucan AI.

***

### Prerequisites

* A [Toucan AI account](/getting-started/quick-start/subscribe-to-toucan.md) with active access.
* Permissions to modify user profile and security settings.

***

### Steps

#### 1. Open security settings

* Locate the user profile icon (containing your initials) in the bottom-left corner of the Toucan AI interface.
* Click the icon and select the **Account settings** from the navigation menu.

#### 2. Navigate to API keys

* Scroll to the **API Keys** section.
* This area displays existing keys and allows for the creation of new credentials.

#### 3. Generate the key

* Click the **Create API Key** button.
* Toucan AI will generate and display a new unique string.

#### 4. Secure the credential

* Copy the key immediately and save it in a secure environment, such as a password manager or your application’s environment variables (`.env`).

{% hint style="danger" %}
**Security Alert**: Never expose this key in client-side code, public repositories, or frontend scripts, as it grants administrative access to generate session tokens.
{% endhint %}

<figure><img src="/files/rjrsP8YNo3k5Lyeak5Ze" alt="API Keys"><figcaption></figcaption></figure>

***

#### API key functionality

The API key acts as a master credential for the following backend operations:

* **Token Generation**: Requesting signed session tokens for embedded dashboards and the AI assistant.
* **Access Control**: Defining user permissions and roles within the generated tokens.
* **Data Filtering**: Passing attributes for Row-Level Security (RLS) enforcement.

***

### Conclusion

The API key is now active and stored for backend use. This credential serves as the foundation for authenticating your users and delivering personalized analytics experiences.

**Suggested Next Step**: [How-to: Generate a token](/embed/authentication/how-to/authentication-and-tokens.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.toucanai.cloud/embed/authentication/how-to/generate-an-api-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.