# Generate an API key

## Create a new app to generate an API key

By now you've created an org and have successfully logged in as an administrator. Before you can begin making API requests, you will need to first generate an API key.

{% hint style="info" %}
**Note:** For our examples in this guide, we are completing each step in a development environment.
{% endhint %}

To generate an API key, complete the following steps after logging in to your org:

1. Select **Settings** > **Apps** on the left-hand menu.
2. Click **New App**. The Create App screen is displayed.
3. Enter a name for the new app in the Label field.
4. (Optional) Check **Sessions** to create a session-based app.
5. (Optional) Uncheck **CSRF Protection**. If this is checked, you will need to send the `medable-csrf-token` header with each authenticated request.
6. Click **Create App**. The API key appears in the API Key column.

{% hint style="info" %}
**Tip:** CSRF protection is not necessary for this example, but we highly recommend enabling it for production web apps.
{% endhint %}

In our example, we created a new app called NewHealth App with the API key `mwidxhb8ShcqmV1B9iOYJh`.

![Create App](https://1068906237-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Mj66CGXHXfKBN06PGlf%2Fsync%2F7098c5433bdb105c5cd1c13372ad2da49f2ed144.png?generation=1631133262144302\&alt=media)