Get API Key

Authenticate with the API using a Personal Access Token (PAT) passed in the X-API-Key header.

Creating a Personal Access Token

Sign in to GEN

Go to gen.pro and sign in to your account.
Navigate to API Keys

Open Settings > API Keys from the sidebar.
Create a key

Click Create API Key. Give it a descriptive name (e.g., n8n-production or claude-code).
Copy the key

Your key is displayed once. Copy it immediately and store it somewhere secure.
```
gen_pat_a1b2c3d4e5f6...
```

Using your API key

Pass the key in the X-API-Key header on every request:

curl https://api.gen.pro/v1/me \
  -H "X-API-Key: $GEN_API_KEY"

const response = await fetch("https://api.gen.pro/v1/me", {
  headers: {
    "X-API-Key": process.env.GEN_API_KEY,
  },
});

const user = await response.json();
console.log(user);

import os
import requests

response = requests.get(
    "https://api.gen.pro/v1/me",
    headers={"X-API-Key": os.environ["GEN_API_KEY"]},
)

print(response.json())

A successful response confirms your key is valid:

{
  "id": "user_abc123",
  "email": "you@example.com",
  "name": "Your Name"
}

Managing API keys

You can list, rename, and revoke keys through the API itself:

# List all your keys
curl https://api.gen.pro/v1/persisted_tokens \
  -H "X-API-Key: $GEN_API_KEY"

# Rename a key
curl -X PATCH https://api.gen.pro/v1/persisted_tokens/{token_id} \
  -H "X-API-Key: $GEN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "new-name"}'

# Revoke a key
curl -X DELETE https://api.gen.pro/v1/persisted_tokens/{token_id} \
  -H "X-API-Key: $GEN_API_KEY"

Permissions & access control

Your API key inherits the permissions of the user who created it. Here’s what determines what you can do:

Requirement	What it means
Workspace credits	Auto Content Engine endpoints require active GEN credits on the workspace. No credits → `422 usable_gen_credit_required`.
Owner or Manager role	You can only access agents in workspaces where you are an owner or manager. Viewer and editor roles cannot use the API.
Agent scope	All `/v1/autocontentengine/` requests require an `agent_id` parameter. You can only use agents you have access to.

What each role can do

Action	Owner	Manager	Editor	Viewer
List agents & engines	Yes	Yes	No	No
Create/update content	Yes	Yes	No	No
Trigger generations	Yes	Yes	No	No
Create/delete agents	Yes	Yes	No	No
Delete organization	Yes	No	No	No
Manage API keys	Yes	Yes	Yes	Yes

Security best practices

Never commit keys to source control. Use environment variables or a secrets manager.
Use separate keys per integration. Create one key for n8n, another for Claude Code, etc. If one is compromised, revoke it without disrupting others.
Rotate keys regularly. Create a new key, update your integrations, then revoke the old one.
Restrict access. Only share keys with people and systems that need them.

# Store your key in an environment variable
export GEN_API_KEY="gen_pat_a1b2c3d4e5f6..."

# Or use a .env file (make sure it's in .gitignore)
echo "GEN_API_KEY=gen_pat_a1b2c3d4e5f6..." >> .env

JWT Authentication

For frontend integrations, you can authenticate with a JWT token instead of an API key:

curl https://api.gen.pro/v1/me \
  -H "Authorization: Bearer <jwt-token>"

JWTs are issued during user login through the GEN web app and are validated against the GEN user database.

When to use each method:

Method	Best for
API Key (PAT)	Server-to-server, scripts, MCP, CLI tools, n8n
JWT	Frontend apps, browser-based integrations

Agent Chat API Authentication

The Agent Chat API at agent.gen.pro accepts the same authentication methods:

X-API-Key header with your PAT
Authorization: Bearer header with a JWT

Real-time progress streams are addressed by the run-specific firebase_path returned from POST /v1/agent/run. Treat that path as sensitive application data.