diff --git a/api/generate_api_key.py b/api/generate_api_key.py
new file mode 100644
index 0000000..fbd415b
--- /dev/null
+++ b/api/generate_api_key.py
@@ -0,0 +1,24 @@
+import argparse
+import os
+
+import itsdangerous
+
+
+def generate(secret_key, username, expiration):
+    s = itsdangerous.TimedJSONWebSignatureSerializer(secret_key, expires_in=expiration)
+    return s.dumps(username)
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('username', metavar='USERNAME', help='user name')
+    parser.add_argument('expiration', metavar='EXPIRATION', type=int,
+                        help='expiration time in seconds')
+    args = parser.parse_args()
+    secret_key = os.getenv('SECRET_KEY')
+    api_key = generate(secret_key, args.username, args.expiration)
+    print(api_key.decode('utf-8'))
+
+
+if __name__ == '__main__':
+    main()