On the Google Developer Community #gemini-api Discord channel, there have been a rise in the number of problems of people generating keys. Folks would say something like:
"I'm using MakerSuite with Gemini and I deleted an API Key. I went to create a new one, but I'm getting an error saying the caller does not have permission. What does that mean and how can I get a key?"
It took a few days to figure out what was going on, but we think we have a good solution. Let's take a look at what is going on, why, and what you can do about it.
API Keys and What Is Causing This
API Keys are a basic authorization system that lets Google authorize developers to access the Generative AI platform API, including API access to the Gemini model. Getting a key should be fairly easy - you select "Get API Key" at the Google AI Studio website and can then copy the key. You can then use this key in your code when you try to access the API.
Google uses this key to get a good idea how many different projects are accessing Gemini and makes sure it isn't being abused. Abuse prevention is important because the free tier for Gemini is limited to 60 queries per minute. It also leads to the problem people are now encountering.
Previously, you were able to create an unlimited number of keys. However, Google has apparently limited this to one key per project, probably as part of a plan to make sure people don't use multiple keys to get around the rate limit.
There appears to be a bug, however, where you can delete an API Key... but you won't be able to create a new one because Google thinks the key still exists.
In a way - it does.
The API Keys are actually associated with a Google Cloud project that gets created when you create a new key (the "Create API key in new project" button in the screen shot above). The MakerSuite console, however, hides this information behind the scenes to make it easier for developers to get started. When you delete a key, Google Cloud makes it so it can't be used - but also allows you to "undelete" it within 30 days in case there was a mistake. We'll use this fact to get your key back so you can use it.
Getting the Key Back
To get the key back, we'll go into the Google Cloud Console credentials page and restore the deleted key.
Go directly to the credentials page in Google Cloud Console at https://console.cloud.google.com/apis/credentials
- Make sure the account is the same as the one you're using for MakerSuite. You should be able to see the account in the upper right hand corner.
- If you have more than one project, make sure you're using the right one. The default keys are created in a project named "Generative Language Client", but you may have done it in a different project.
Select the "Restore Deleted Credentials" link.
For the key with the name "Generative Language API Key", select the "RESTORE" link.
Then click the back arrow to leave the "Deleted credentials" page.
On the Credentials page, you'll see that the credential has been restored.
Creating a new API Key
In some cases, however, you actually want to keep the key deleted and need a new one. For example, you may have accidentally included the API Key in code that you posted on GitHub, and now need to invalidate it so nobody else can use it. But that means you'll need a new one.
You won't be able to use the Google AI Studio page to do this, but you will be able to do it through the Google Cloud Console page.
As above, you would go directly to the credentials page in Google Cloud Console at https://console.cloud.google.com/apis/credentials
This time, however, you would select the "Create Credentials" link along the top and in the drop-down menu select "API key"
We want to restrict this so it can only use the Generative Language API, so we'll select the radio button to "Restrict key" and then make sure we locate and check the box next to "Generative Language API" and click on OK.
We can also do other things from this page, such as change the name so it will be more obvious what it is used for, but that isn't necessary.
Instead, we'll just save these settings.
While the key will show up in the Google Cloud Console, it won't appear in the MakerSuite Google AI Studio key page. Instead, if you want to manage this key in the future, you'll need to do it from this page.
Conclusion
As I hope you've seen, while the MakerSuite Google AI Studio page simplifies managing your API Key for Gemini, you may sometimes need to use the Google Cloud Console Credentials page to address some issues you may encounter. Hopefully, this guide has made it relatively easy to navigate these tasks.If you have found this useful, please let me know. You can find my contact information on my website, prisoner.com. Or feel free to join the #gemini-api channel on the Google Developer Community Discord server.
My thanks to the Googlers who have assisted in helping diagnose the problem and all the members of the #gemini-api channel who reported the problem and helped test this solution.
