diff --git a/src/FusionAuthClient.ts b/src/FusionAuthClient.ts
index 4a2c8b0..ec2187f 100644
--- a/src/FusionAuthClient.ts
+++ b/src/FusionAuthClient.ts
@@ -164,6 +164,26 @@ export class FusionAuthClient {
         .go();
   }
 
+  /**
+   * Creates an API key. You can optionally specify a unique Id for the key, if not provided one will be generated.
+   * an API key can only be created with equal or lesser authority. An API key cannot create another API key unless it is granted 
+   * to that API key.
+   * 
+   * If an API key is locked to a tenant, it can only create API Keys for that same tenant.
+   *
+   * @param {UUID} keyId (Optional) The unique Id of the API key. If not provided a secure random Id will be generated.
+   * @param {APIKeyRequest} request The request object that contains all of the information needed to create the APIKey.
+   * @returns {Promise<ClientResponse<APIKeyResponse>>}
+   */
+  createAPIKey(keyId: UUID, request: APIKeyRequest): Promise<ClientResponse<APIKeyResponse>> {
+    return this.start<APIKeyResponse, Errors>()
+        .withUri('/api/api-key')
+        .withUriSegment(keyId)
+        .withJSONBody(request)
+        .withMethod("POST")
+        .go();
+  }
+
   /**
    * Creates an application. You can optionally specify an Id for the application, if not provided one will be generated.
    *
@@ -661,6 +681,20 @@ export class FusionAuthClient {
         .go();
   }
 
+  /**
+   * Deletes the API key for the given Id.
+   *
+   * @param {UUID} keyId The Id of the authentication API key to delete.
+   * @returns {Promise<ClientResponse<void>>}
+   */
+  deleteAPIKey(keyId: UUID): Promise<ClientResponse<void>> {
+    return this.start<void, Errors>()
+        .withUri('/api/api-key')
+        .withUriSegment(keyId)
+        .withMethod("DELETE")
+        .go();
+  }
+
   /**
    * Hard deletes an application. This is a dangerous operation and should not be used in most circumstances. This will
    * delete the application, any registrations for that application, metrics and reports for the application, all the
@@ -1575,6 +1609,22 @@ export class FusionAuthClient {
         .go();
   }
 
+  /**
+   * Updates an authentication API key by given id
+   *
+   * @param {UUID} keyId The Id of the authentication key. If not provided a secure random api key will be generated.
+   * @param {APIKeyRequest} request The request object that contains all of the information needed to create the APIKey.
+   * @returns {Promise<ClientResponse<APIKeyResponse>>}
+   */
+  patchAPIKey(keyId: UUID, request: APIKeyRequest): Promise<ClientResponse<APIKeyResponse>> {
+    return this.start<APIKeyResponse, Errors>()
+        .withUri('/api/api-key')
+        .withUriSegment(keyId)
+        .withJSONBody(request)
+        .withMethod("POST")
+        .go();
+  }
+
   /**
    * Updates, via PATCH, the application with the given Id.
    *
@@ -2078,6 +2128,20 @@ export class FusionAuthClient {
         .go();
   }
 
+  /**
+   * Retrieves an authentication API key for the given id
+   *
+   * @param {UUID} keyId The Id of the API key to retrieve.
+   * @returns {Promise<ClientResponse<APIKeyResponse>>}
+   */
+  retrieveAPIKey(keyId: UUID): Promise<ClientResponse<APIKeyResponse>> {
+    return this.start<APIKeyResponse, Errors>()
+        .withUri('/api/api-key')
+        .withUriSegment(keyId)
+        .withMethod("GET")
+        .go();
+  }
+
   /**
    * Retrieves a single action log (the log of a user action that was taken on a user previously) for the given Id.
    *
@@ -3796,6 +3860,22 @@ export class FusionAuthClient {
         .go();
   }
 
+  /**
+   * Updates an API key by given id
+   *
+   * @param {UUID} apiKeyId The Id of the API key to update.
+   * @param {APIKeyRequest} request The request object that contains all of the information used to create the API Key.
+   * @returns {Promise<ClientResponse<APIKeyResponse>>}
+   */
+  updateAPIKey(apiKeyId: UUID, request: APIKeyRequest): Promise<ClientResponse<APIKeyResponse>> {
+    return this.start<APIKeyResponse, Errors>()
+        .withUri('/api/api-key')
+        .withUriSegment(apiKeyId)
+        .withJSONBody(request)
+        .withMethod("PUT")
+        .go();
+  }
+
   /**
    * Updates the application with the given Id.
    *
@@ -4398,6 +4478,49 @@ export enum Algorithm {
   none = "none"
 }
 
+/**
+ * domain POJO to represent AuthenticationKey
+ *
+ * @author sanjay
+ */
+export interface APIKey {
+  id?: UUID;
+  insertInstant?: number;
+  key?: string;
+  keyManager?: boolean;
+  lastUpdateInstant?: number;
+  metaData?: APIKeyMetaData;
+  permissions?: APIKeyPermissions;
+  tenantId?: UUID;
+}
+
+export interface APIKeyMetaData {
+  attributes?: Record<string, string>;
+}
+
+export interface APIKeyPermissions {
+  endpoints?: Record<string, Array<string>>;
+}
+
+/**
+ * Authentication key request object.
+ *
+ * @author Sanjay
+ */
+export interface APIKeyRequest {
+  apiKey?: APIKey;
+  sourceKeyId?: UUID;
+}
+
+/**
+ * Authentication key response object.
+ *
+ * @author Sanjay
+ */
+export interface APIKeyResponse {
+  apiKey?: APIKey;
+}
+
 /**
  * @author Daniel DeGroff
  */