diff --git a/htdocs/core/ajax/security.php b/htdocs/core/ajax/security.php
index 066e5b7812d..0056120c6bd 100644
--- a/htdocs/core/ajax/security.php
+++ b/htdocs/core/ajax/security.php
@@ -53,7 +53,7 @@ top_httphead();
 
 // Registering the location of boxes
 if (isset($_GET['action']) && !empty($_GET['action'])) {
-	if ($_GET['action'] == 'getrandompassword' && $user->admin) {
+	if ($_GET['action'] == 'getrandompassword' && ($user->admin || $user->rights->api->apikey->generate)) {
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
 		$generic = $_GET['generic'] ? true : false;
 		echo getRandomPassword($generic);
diff --git a/htdocs/core/modules/modApi.class.php b/htdocs/core/modules/modApi.class.php
index ffd274c7096..60145c73e1d 100644
--- a/htdocs/core/modules/modApi.class.php
+++ b/htdocs/core/modules/modApi.class.php
@@ -134,16 +134,18 @@ class modApi extends DolibarrModules
 
 		// Permissions
 		$this->rights = array(); // Permission array used by this module
+		$this->rights_admin_allowed = 1; // Admin is always granted of permission (even when module is disabled)
+		
 		$r = 0;
 
 		// Add here list of permission defined by an id, a label, a boolean and two constant strings.
 		// Example:
-		// $this->rights[$r][0] = $this->numero + $r;	// Permission id (must not be already used)
-		// $this->rights[$r][1] = 'Permision label';	// Permission label
-		// $this->rights[$r][3] = 0; 					// Permission by default for new user (0/1)
-		// $this->rights[$r][4] = 'level1';				// In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
-		// $this->rights[$r][5] = 'level2';				// In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
-		// $r++;
+		$this->rights[$r][0] = $this->numero + $r;	// Permission id (must not be already used)
+		$this->rights[$r][1] = 'Générer / modifier la clé API des utilisateurs';	// Permission label
+		$this->rights[$r][3] = 0; 					// Permission by default for new user (0/1)
+		$this->rights[$r][4] = 'apikey';				// In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+		$this->rights[$r][5] = 'generate';				// In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+		$r++;
 
 
 		// Main menu entries
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 8d03d1d1cfb..f12060e9f50 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -1805,7 +1805,7 @@ if ($action == 'create' || $action == 'adduserldap') {
 			print '</tr>'."\n";
 
 			// API key
-			if (!empty($conf->api->enabled) && ($user->id == $id || $user->admin)) {
+			if (!empty($conf->api->enabled) && ($user->id == $id || $user->admin || $user->rights->api->apikey->generate)) {
 				print '<tr><td>'.$langs->trans("ApiKey").'</td>';
 				print '<td>';
 				if (!empty($object->api_key)) {
@@ -2328,7 +2328,7 @@ if ($action == 'create' || $action == 'adduserldap') {
 			print "</td></tr>\n";
 
 			// API key
-			if (!empty($conf->api->enabled) && ($user->id == $id || $user->admin)) {
+			if (!empty($conf->api->enabled) && ($user->id == $id || $user->admin || $user->rights->api->apikey->generate)) {
 				print '<tr><td>'.$langs->trans("ApiKey").'</td>';
 				print '<td>';
 				print '<input class="minwidth300" maxsize="32" type="text" id="api_key" name="api_key" value="'.$object->api_key.'" autocomplete="off">';