diff --git a/controllers/GenericEntityApiController.php b/controllers/GenericEntityApiController.php
index f3b72afa..d2733275 100644
--- a/controllers/GenericEntityApiController.php
+++ b/controllers/GenericEntityApiController.php
@@ -13,6 +13,9 @@ class GenericEntityApiController extends BaseApiController
 
 		if ($this->IsValidEntity($args['entity']))
 		{
+			if($this->IsEntityWithEditRequiresAdmin($args['entity']))
+				User::checkPermission($request, User::PERMISSION_ADMIN);
+
 			$requestBody = $request->getParsedBody();
 
 			try
@@ -49,6 +52,8 @@ class GenericEntityApiController extends BaseApiController
 
 		if ($this->IsValidEntity($args['entity']))
 		{
+			if($this->IsEntityWithEditRequiresAdmin($args['entity']))
+				User::checkPermission($request, User::PERMISSION_ADMIN);
 			$row = $this->getDatabase()->{$args['entity']}
 			($args['objectId']);
 			$row->delete();
@@ -68,6 +73,8 @@ class GenericEntityApiController extends BaseApiController
 
 		if ($this->IsValidEntity($args['entity']))
 		{
+			if($this->IsEntityWithEditRequiresAdmin($args['entity']))
+				User::checkPermission($request, User::PERMISSION_ADMIN);
 			$requestBody = $request->getParsedBody();
 
 			try
@@ -223,6 +230,10 @@ class GenericEntityApiController extends BaseApiController
 	{
 		parent::__construct($container);
 	}
+	private function IsEntityWithEditRequiresAdmin($entity)
+	{
+		return !in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->EntityEditRequiresAdmin->enum);
+	}
 
 	private function IsEntityWithPreventedListing($entity)
 	{
diff --git a/grocy.openapi.json b/grocy.openapi.json
index b8d587b1..b569a82a 100644
--- a/grocy.openapi.json
+++ b/grocy.openapi.json
@@ -3483,6 +3483,12 @@
 					"meal_plan"
 				]
 			},
+			"EntityEditRequiresAdmin": {
+				"type": "string",
+				"enum": [
+					"api_keys"
+				]
+			},
 			"StockTransactionType": {
 				"type": "string",
 				"enum": [