diff --git a/app/settings.rb b/app/settings.rb
index a92c9358..e343582f 100644
--- a/app/settings.rb
+++ b/app/settings.rb
@@ -198,12 +198,12 @@ end
 post '/settings/:username/generate_api_key' do
   require_login
   require_ownership_for_settings
-  is_new = current_site.api_key.nil?
-  current_site.generate_api_key!
+  is_new = @site.api_key.nil?
+  @site.generate_api_key!
 
   msg = is_new ? "New API key has been generated." : "API key has been regenerated."
   flash[:success] = msg
-  redirect "/settings/#{current_site.username}#api_key"
+  redirect "/settings/#{@site.username}#api_key"
 end
 
 post '/settings/change_password' do
diff --git a/tests/acceptance/settings/site_tests.rb b/tests/acceptance/settings/site_tests.rb
index 5a9b4c27..387aad27 100644
--- a/tests/acceptance/settings/site_tests.rb
+++ b/tests/acceptance/settings/site_tests.rb
@@ -145,6 +145,35 @@ describe 'site/settings' do
   end
 end
 
+describe 'api key' do
+  include Capybara::DSL
+
+  before do
+    Capybara.reset_sessions!
+    @site = Fabricate :site
+    @child_site = Fabricate :site, parent_site_id: @site.id
+    page.set_rack_session id: @site.id
+  end
+
+  it 'sets api key' do
+    visit "/settings/#{@child_site[:username]}#api_key"
+    _(@site.api_key).must_be_nil
+    _(@child_site.api_key).must_be_nil
+    click_button 'Generate API Key'
+    _(@site.reload.api_key).must_be_nil
+    _(@child_site.reload.api_key).wont_be_nil
+    _(page.body).must_match @child_site.api_key
+  end
+
+  it 'regenerates api key for child site' do
+    visit "/settings/#{@child_site[:username]}#api_key"
+    @child_site.generate_api_key!
+    api_key = @child_site.api_key
+    click_button 'Generate API Key'
+    _(@child_site.reload.api_key).wont_equal api_key
+  end
+end
+
 describe 'delete' do
   include Capybara::DSL