diff --git a/api.php b/api.php
index d8f9e1d..67ad0e2 100644
--- a/api.php
+++ b/api.php
@@ -47,6 +47,43 @@ if ( !$isApiRequest )
   }
 }
 
+// --- API routing (ordersPRO) ---
+if ( $isApiRequest )
+{
+  if ( !headers_sent() )
+    header( 'Content-Type: application/json; charset=utf-8' );
+
+  try
+  {
+    $mdb = new medoo( [
+      'database_type' => 'mysql',
+      'database_name' => $database[ 'name' ],
+      'server'        => $database[ 'host' ],
+      'username'      => $database[ 'user' ],
+      'password'      => $database[ 'password' ],
+      'charset'       => 'utf8'
+    ] );
+
+    $settingsRepo = new \Domain\Settings\SettingsRepository( $mdb );
+    $router = new \api\ApiRouter( $mdb, $settingsRepo );
+    $router->handle();
+  }
+  catch ( \Throwable $e )
+  {
+    if ( !headers_sent() )
+      header( 'Content-Type: application/json; charset=utf-8' );
+
+    http_response_code( 500 );
+    echo json_encode( [
+      'status' => 'error',
+      'code' => 'INTERNAL_ERROR',
+      'message' => 'Internal server error'
+    ], JSON_UNESCAPED_UNICODE );
+  }
+
+  exit;
+}
+
 $mdb = new medoo( [
     'database_type' => 'mysql',
     'database_name' => $database[ 'name' ],
@@ -59,14 +96,6 @@ $mdb = new medoo( [
 $settingsRepo = new \Domain\Settings\SettingsRepository( $mdb );
 $settings = $settingsRepo->allSettings();
 
-// --- API routing (ordersPRO) ---
-if ( $isApiRequest )
-{
-  $router = new \api\ApiRouter( $mdb, $settingsRepo );
-  $router->handle();
-  exit;
-}
-
 // --- Ekomi CSV export ---
 if ( \Shared\Helpers\Helpers::get( 'ekomi_csv' ) )
 {
diff --git a/autoload/Domain/Settings/SettingsRepository.php b/autoload/Domain/Settings/SettingsRepository.php
index 883c4ec..f352a89 100644
--- a/autoload/Domain/Settings/SettingsRepository.php
+++ b/autoload/Domain/Settings/SettingsRepository.php
@@ -71,6 +71,7 @@ class SettingsRepository
             'infinitescroll' => $this->isEnabled($values['infinitescroll'] ?? null) ? 1 : 0,
             'own_gtm_js' => $values['own_gtm_js'] ?? '',
             'own_gtm_html' => $values['own_gtm_html'] ?? '',
+            'api_key' => $values['api_key'] ?? '',
         ];
 
         $warehouseMessageZero = $values['warehouse_message_zero'] ?? [];
diff --git a/autoload/admin/Controllers/SettingsController.php b/autoload/admin/Controllers/SettingsController.php
index 855ad25..d06e0c3 100644
--- a/autoload/admin/Controllers/SettingsController.php
+++ b/autoload/admin/Controllers/SettingsController.php
@@ -471,8 +471,7 @@ class SettingsController
                 'label' => 'Htaccess cache',
                 'tab' => 'system',
             ]),
-            FormField::text('api_key', [
-                'label' => 'Klucz API (ordersPRO)',
+            FormField::custom('api_key', $this->renderApiKeyField($data['api_key'] ?? ''), [
                 'tab' => 'system',
             ]),
 
@@ -560,4 +559,23 @@ class SettingsController
 
         return $data;
     }
+
+    private function renderApiKeyField(string $value): string
+    {
+        $escaped = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
+
+        $js = "var c='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',"
+            . "k='';for(var i=0;i<32;i++){k+=c.charAt(Math.floor(Math.random()*c.length));}"
+            . "document.getElementById('api_key').value=k;";
+
+        return '<div class="form-group row">'
+            . '<label class="col-lg-4 control-label">Klucz API:</label>'
+            . '<div class="col-lg-8">'
+            . '<div class="input-group">'
+            . '<input type="text" id="api_key" class="form-control" name="api_key" value="' . $escaped . '" />'
+            . '<span class="input-group-addon btn btn-info" onclick="' . htmlspecialchars($js, ENT_QUOTES, 'UTF-8') . '">Generuj</span>'
+            . '</div>'
+            . '</div>'
+            . '</div>';
+    }
 }
diff --git a/autoload/api/ApiRouter.php b/autoload/api/ApiRouter.php
index 06119dc..ef8aedd 100644
--- a/autoload/api/ApiRouter.php
+++ b/autoload/api/ApiRouter.php
@@ -46,7 +46,7 @@ class ApiRouter
             }
 
             $controller->$action();
-        } catch (\Exception $e) {
+        } catch (\Throwable $e) {
             self::sendError('INTERNAL_ERROR', 'Internal server error', 500);
         }
     }
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index b0c9a0a..58dba18 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -4,6 +4,15 @@ Logi zmian z migracji na Domain-Driven Architecture. Najnowsze na gorze.
 
 ---
 
+## ver. 0.317 (2026-02-23) - Klucz API: przycisk generowania + fix zapisu
+
+- **FIX**: `SettingsRepository::saveSettings()` — pole `api_key` brakowało w whiteliście zapisywanych pól, przez co wartość była tracona przy każdym zapisie (TRUNCATE + insert)
+- **NEW**: Pole "Klucz API" w ustawieniach — przycisk "Generuj" do losowego 32-znakowego klucza alfanumerycznego, usunięto "(ordersPRO)" z nazwy
+- **FIX**: `api.php` — routing API przeniesiony przed ładowanie globalnych settings (wczesne wyjście), obsługa błędów przez `\Throwable`
+- **FIX**: `ApiRouter` — catch `\Throwable` zamiast `\Exception` dla pełniejszego łapania błędów
+
+---
+
 ## ver. 0.316 (2026-02-23) - Migracja brakującej kolumny type w custom fields
 
 - **FIX**: Dodanie brakującej kolumny `type` w tabeli `pp_shop_products_custom_fields` — kolumna była używana w kodzie od v0.277 ale nigdy nie miała migracji ALTER TABLE, przez co instancje ze starszą bazą dostawały `PDOException: Column not found: 1054 Unknown column 'type'` przy zapisie produktu
diff --git a/updates/versions.php b/updates/versions.php
index b615d42..f588557 100644
--- a/updates/versions.php
+++ b/updates/versions.php
@@ -1,5 +1,5 @@
 <?
-$current_ver = 316;
+$current_ver = 317;
 
 for ($i = 1; $i <= $current_ver; $i++)
 {