Authentication

Passing the key

Every request to the fal queue includes a header of the form Authorization: Key <your key>. The official SDKs pick this up from the FAL_KEY environment variable automatically when you run your own server.

How this site's playground authenticates

The playground on this site does not read any server environment variable. Visitors bring their own key by opening the Settings dialog in the top bar and pasting a value that starts with fal_. The key is stored in your browser's localStorage, attached to each proxy request as an x-fal-user-key header, and used to bill your own fal account. You can clear or replace it from the same dialog at any time.

Without a saved key the playground shows an "add your fal API key" card and refuses to submit. Operators of this site do not configure keys for anyone else.

How to configure keys in your own app

When you build a server of your own that calls Kling 3.0 Pro, the canonical pattern is a FAL_KEY environment variable on the host that runs your code. The SDKs pick it up automatically, the browser never sees it, and you rotate it from the same dashboard.

1# .env.local (Next.js, or any server env)
2FAL_KEY=fal_...  # never expose to the browser

For a quick local experiment where you are the only user, setting NEXT_PUBLIC_FAL_KEY makes the key available in the browser bundle. Only use this for local hacking against your own machine. Rate-limit it on the fal dashboard before it ever lives in a real commit.

1# .env.local (prototype only; this key lands in the browser bundle)
2NEXT_PUBLIC_FAL_KEY=fal_...