{"slug": "i-created-a-gemini-api-key-and-got-aq-instead-of-aiza", "title": "I Created a Gemini API Key and Got AQ. Instead of AIza", "summary": "Google is transitioning Gemini API keys from the old 'AIza' format to a new 'AQ' format, with keys created in AI Studio now issued as Auth keys. The change, which began rolling out before June 2026, causes compatibility issues: while native Gemini endpoints work fine, OpenAI-compatible endpoints and tools assuming the old format reject the new keys. Google has staged a shutdown of Standard keys, with unrestricted keys rejected after June 19, 2026, and all Standard keys deprecated by September 2026.", "body_md": "I created a free Gemini API key in Google AI Studio. When I went to copy it, I stopped. It started with `AQ.Ab`\n\n. Not the `AIza`\n\nI had been looking at for as long as I can remember.\n\nMy first thought was that something had gone wrong with my account. A leaked key, or a restriction, or some flag on the project. I looked into it, and it was none of that. Google is partway through changing how API keys are issued, and a freshly created key now comes out in the new format. Nothing broke. This is the plan.\n\nThat said, you can't drop the new key into every path and expect it to work. Some routes reject it. I run a WordPress plugin called Rapls AI Chatbot, and one of its no-card onboarding paths uses the Gemini free tier, so the first thing I did was check what was affected. Here is the short version before the details. The new `AQ.`\n\nkey works fine on the native Gemini endpoint. It gets rejected on OpenAI-compatible endpoints and by some third-party tools that assume the `AIza`\n\nformat.\n\nChecked: June 2026\n\nIssued from: Google AI Studio (free tier)\n\nRoutes tested: native`generativelanguage.googleapis.com`\n\nand OpenAI-compatible`/v1beta/openai`\n\nReference: Google docs, \"Using Gemini API keys\"[https://ai.google.dev/gemini-api/docs/api-key]\n\nGoogle is moving Gemini API keys from the old Standard key (`AIza...`\n\n) to a new Auth key (`AQ.Ab...`\n\n). Keys you create in AI Studio now come out as Auth keys automatically. So someone who saw `AIza`\n\nyesterday gets `AQ.`\n\ntoday. That is what happened on my end.\n\nThere are dates attached, and this was the part that mattered most. Starting June 19, 2026, the Gemini API began rejecting requests from unrestricted Standard keys. By the time I am writing this, that deadline has already passed. Then in September 2026, Standard keys get rejected outright. Restricted or not, an `AIza`\n\nStandard key stops working after September.\n\nOne thing worth adding. A Standard key with an explicit restriction keeps working past June 19. So it is not that every `AIza`\n\nkey died on the 19th. The unprotected ones go first, and the rest follow. It is a staged shutdown.\n\nAuth keys behave a little differently in one place. Requests authenticated with an Auth key do not show up in Google Cloud's service account usage metrics. The project and key live on the AI Studio side. If you have been watching requests in the Cloud Console, your numbers may stop adding up, and that is why.\n\nThe format change matters less than the compatibility fallout. The `AQ.`\n\nkey has a few known snags. Here is what I saw in my own testing alongside what people are reporting on the official forum.\n\n| Route | How the key is passed | What the `AQ.` key does |\n|---|---|---|\n| Native Gemini |\n`?key=` query or `x-goog-api-key` header |\nWorks. curl returns 200 |\n| OpenAI-compatible |\n`Authorization: Bearer` to `/v1beta/openai/...`\n|\n400 with `Multiple authentication credentials received` . 401 in some implementations |\n| AIza-assuming third party | Tool expects the `AIza` format internally |\n`401 invalid_api_key` |\n\nNative is fine. If you hit `generativelanguage.googleapis.com`\n\ndirectly and pass the key as a query param or header, `AQ.`\n\ngoes through the same as before. The official SDKs (`google-genai`\n\nand friends) handle that internally, so going through an SDK you probably will not even notice.\n\nThe OpenAI-compatible path is where it jams. Send an `AQ.`\n\nkey with `Authorization: Bearer`\n\nto an OpenAI-compatible endpoint and it can come back with `Multiple authentication credentials received`\n\n, as if you passed credentials twice. In the same family of reports, a key that returns 200 through the native route still comes back as `401 invalid_api_key`\n\nonce a tool quietly routes it through an OpenAI-compatible transport. The nasty part of that second case is that the key is alive, but the error says the key is invalid. Trust the message, blame the key, and you never get out of the loop.\n\nSome desktop tools that assume the `AIza`\n\nformat throw the same 401.\n\nIn my case, the plugin talks to Gemini natively, so the `AQ.`\n\nkey sailed through. To be safe I ran a new `AQ.`\n\nkey through a full round trip, and it sent and received without trouble. I am folding that confirmation into the plugin's guidance in an update going out the next day. If I had been routing through an OpenAI-compatible path, users would have hit a 401 the moment they pasted a new key. With something you ship, your code being correct does not help. What piles up is a stack of \"I entered the key and it will not work\" reports. I was glad I checked first.\n\nThis part I will spell out. If you are running on a key that starts with `AIza`\n\nand it still works, that is not a reason to relax. The dates above are why.\n\nCheck whether the key is restricted. In the AI Studio key list, if a key carries the `Unrestricted`\n\nlabel, that is the kind that stops after June 19. To keep it alive, restrict it. Hover the `Unrestricted`\n\nlabel on the API Keys page, click Add restrictions in the dialog, choose Restrict to Gemini API only, and confirm with Restrict key. Now it is locked to the Gemini API and keeps running past June 19.\n\nThis restriction only buys time. September pulls in Standard keys as a whole, so even a restricted `AIza`\n\nkey eventually stops. Treat it as breathing room for an unhurried migration, nothing more. The destination is the `AQ.`\n\nAuth key.\n\nRestricting a key needs the `apikeys.keys.update`\n\npermission on the relevant Google Cloud project, which the API Keys Admin and Editor roles already include. If your key is shared across other Google APIs (not a setup you want), you restrict it from the Cloud Console rather than AI Studio.\n\nFor what it is worth, the forum also has a separate thread about accounts getting restricted and no longer being able to create `AIza`\n\nkeys at all. The `AQ.`\n\nissuance here is unrelated. It is the format change that applies to everyone. A new key coming out as `AQ.`\n\ndoes not mean something is wrong with your account.\n\nPut together, there is not much to verify on your end. If you are using a new `AQ.`\n\nkey, confirm your traffic goes to the native Gemini endpoint. If you run an OpenAI-compatible path, test on real hardware whether `Authorization: Bearer`\n\naccepts the `AQ.`\n\nkey. If you are still on an `AIza`\n\nkey, restrict it to buy time and move to `AQ.`\n\nbefore September. That is the whole list.\n\nBack to where I started. Staring at `AQ.Ab`\n\nin AI Studio with my hand frozen over the copy button, I suspected the key. What I actually had to fix was not the key. It was how I was handing the key to each route. If you froze at the same screen, point your suspicion at the route first.\n\nReference: Google AI for Developers, \"Using Gemini API keys\" [https://ai.google.dev/gemini-api/docs/api-key](https://ai.google.dev/gemini-api/docs/api-key)", "url": "https://wpnews.pro/news/i-created-a-gemini-api-key-and-got-aq-instead-of-aiza", "canonical_source": "https://dev.to/rapls/i-created-a-gemini-api-key-and-got-aq-instead-of-aiza-3dp3", "published_at": "2026-06-20 02:13:04+00:00", "updated_at": "2026-06-20 03:06:48.989888+00:00", "lang": "en", "topics": ["large-language-models", "developer-tools", "ai-infrastructure"], "entities": ["Google", "Gemini", "Google AI Studio", "Rapls AI Chatbot"], "alternates": {"html": "https://wpnews.pro/news/i-created-a-gemini-api-key-and-got-aq-instead-of-aiza", "markdown": "https://wpnews.pro/news/i-created-a-gemini-api-key-and-got-aq-instead-of-aiza.md", "text": "https://wpnews.pro/news/i-created-a-gemini-api-key-and-got-aq-instead-of-aiza.txt", "jsonld": "https://wpnews.pro/news/i-created-a-gemini-api-key-and-got-aq-instead-of-aiza.jsonld"}}