Skip to main content
When your app needs to generate text with AI or send an email, it normally has to talk to an outside service like OpenAI or Resend, and each of those services requires you to sign up, verify your details, and create an API key before anything works. Genie removes that step. Every project with Genie Cloud enabled comes with working credentials for these services already wired in, so AI features and transactional email work the first time Genie builds them — without you registering anywhere.
Built-in AI and email require Genie Cloud to be connected to your project. If it is not enabled yet, see Genie Cloud to set it up first.

What you get out of the box

When Genie Cloud is provisioned for your project, Genie automatically adds a set of ready-to-use credentials to your project secrets. You do not have to create them, and you do not have to paste them anywhere — Genie’s generated code reads them on its own.

AI text (OpenAI)

Generate text, summaries, chat replies, and other AI content. Backed by OpenAI through Genie.

Email (Resend)

Send transactional email — confirmations, notifications, contact-form messages — through Resend.

ML inference (Hugging Face)

Run machine-learning models for tasks like classification or image work through Hugging Face.
These show up in your Secrets tab as the following entries, already filled in:
SecretWhat it powers
OPENAI_API_KEYAI text generation
RESEND_API_KEYSending email
HF_TOKENHugging Face model inference
You will also see matching OPENAI_BASE_URL, RESEND_BASE_URL, and HF_ENDPOINT entries. These tell your app to route requests through Genie. Leave them as they are unless you are switching to your own key (see Bringing your own key below).
Just describe what you want — “summarise each support ticket”, “email me when someone submits the form”, “tag uploaded photos” — and Genie builds the feature using these built-in credentials. You do not need to mention API keys at all.

How it works

Your app never holds a real OpenAI or Resend key. Instead, the credentials Genie seeds are project-specific access tokens that point at Genie’s secure relay. When your app makes a request:
1

Your app calls the service

Your generated code calls OpenAI, Resend, or Hugging Face as normal, using the seeded credentials.
2

Genie authenticates and forwards it

The request reaches Genie, which verifies it belongs to your project and then forwards it to the real provider using Genie’s own provider key.
3

The response streams back

The provider’s reply is passed straight back to your app, unchanged. AI responses stream token by token just as they would directly.
This design keeps the real provider keys on Genie’s side — they are never placed in your project where they could be read or leaked — while still attributing every request to your project so usage can be measured fairly.

Usage and limits

The built-in credentials are included with Genie Cloud at no extra, per-request charge today. Each request your app makes through them is recorded — provider, endpoint, status, and timing — so Genie can monitor the service and so usage can be attributed to your project. That recorded usage is not currently metered or billed back to you per request: it does not draw down your credits and does not appear as a line item on your invoice. The practical limit on the built-in credentials is a per-project rate limit (a cap on requests per minute), not a usage charge. Normal app traffic stays well under it; if you expect heavy, sustained volume, bring your own key or contact support to raise the limit.
Per-request metering and billing for built-in AI and email usage may be introduced in the future. If that changes, it will be reflected here and on the Credits and Plans pages. To keep your costs fully predictable and under your own control, bring your own key — those requests are billed by the provider directly to you.

Limits of the built-in credentials

The included credentials are tuned for the common case — getting features working instantly and affordably. A few constraints come with that:

AI model

The built-in OpenAI credential is limited to Genie’s default model, which is selected to be fast and cost-effective for typical app features. If your app requests a different model, the request is rejected. To use a specific or more powerful model, bring your own OpenAI key.

Email sender address

Email sent through the built-in Resend credential must use Genie’s verified sending address: 
noreply@email.genie-app.de
If you try to send from any other address, the request is rejected with a clear message. This is because email providers only allow sending from domains that have been verified, and email.genie-app.de is the domain Genie has verified for shared use. To send from your own address or domain — for example hello@yourcompany.combring your own Resend key.
If your app’s emails need to come from your own brand’s address, set up your own Resend key before launch. The built-in sender is great for testing and internal notifications, but recipients will see noreply@email.genie-app.de as the sender.

Bringing your own key

You can replace any of the built-in credentials with your own at any time. This is the right move when you want a specific AI model, your own email domain, your own usage limits, or provider billing in your own account.
1

Create a key with the provider

Sign up with OpenAI, Resend, or Hugging Face and create an API key. For Resend, verify your sending domain in their dashboard first.
2

Open your project Secrets

In your project, open Settings → Secrets. See Secrets for details.
3

Replace the value

Edit the relevant secret — OPENAI_API_KEY, RESEND_API_KEY, or HF_TOKEN — and paste your own key in place of the built-in one.
4

Save

Save the secret. Genie automatically updates the matching base-URL entry to point at the provider directly, so your app talks to the provider with your key instead of going through Genie’s relay. No code changes are needed.
Once you have switched, requests for that provider go straight from your app to the provider, are billed to your own account, and are no longer subject to Genie’s model allowlist, sender-address restriction, or rate limit. The other built-in credentials you did not change keep working as before.
Switching back to the built-in credential later is done by re-running provisioning for the project (the Re-run bootstrap button in the Cloud tab re-seeds the built-in values). A dedicated one-click reset is on the roadmap.

Troubleshooting

What you seeLikely causeWhat to do
AI requests fail with an “invalid model” errorYour app asked for a model the built-in credential does not allowSwitch the feature to Genie’s default model, or bring your own OpenAI key
Email is rejected with a sender/domain errorThe app is sending from an address other than noreply@email.genie-app.deUse the built-in sender address, or bring your own Resend key with a verified domain
A service stops working after you edited a secretThe built-in credential was changed or cleared by mistakeRe-run bootstrap from the Cloud tab to restore the built-in values, or paste a valid key of your own
Requests start failing under heavy loadYou hit the per-project rate limitReduce request volume, bring your own key, or contact support to raise the limit
Ask Genie in the project chat — “why is my email failing?” or “switch my app to my own OpenAI key” — and it can inspect your secrets and the relevant code and walk you through the fix.