diff --git a/op/op.UsrMgr.php b/op/op.UsrMgr.php
index 5ffa12770..259102f04 100644
--- a/op/op.UsrMgr.php
+++ b/op/op.UsrMgr.php
@@ -497,6 +497,35 @@ else if ($action == "edituser") {
 	$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_edit_user')));
 	add_log_line(".php&action=edituser&userid=".$userid);
 }
+
+// modify user ------------------------------------------------------------
+else if ($action == "addapikey") {
+
+	/* Check if the form data comes from a trusted request */
+	if(!checkFormKey('addapikey')) {
+		UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
+	}
+
+	if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
+		UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
+	}
+	
+	$userid=$_POST["userid"];
+	$editedUser = $dms->getUser($userid);
+	
+	if (!is_object($editedUser)) {
+		UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
+	}
+
+	$apikey   = $_POST["apikey"];
+
+	$newapikey = $dms->addApiKey($apikey, $editedUser);
+	if ($newapikey) {
+	}
+	else UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
+
+
+}
 else UI::exitError(getMLText("admin_tools"),getMLText("unknown_command"));