Skip to main content
To use the Modal Client SDKs, you need to authenticate with Modal. There are two methods: interactive setup using the Modal CLI, or manual configuration using environment variables. The easiest way to authenticate is using the Modal CLI’s interactive setup:
1

Install the Python SDK

The Modal CLI is part of the Python SDK:
pip install modal
2

Run the setup command

Run the setup wizard to authenticate:
python3 -m modal setup
This will:
  • Open your browser to log in or create a Modal account
  • Generate API credentials
  • Save them to ~/.modal.toml
3

Verify authentication

Test that authentication is working:
import modal

client = modal.Client()
print("Authentication successful!")
The configuration file is saved to ~/.modal.toml by default. You can customize this location using the MODAL_CONFIG_PATH environment variable.

Method 2: Environment variables

For automated environments, CI/CD pipelines, or production deployments, use environment variables:
1

Get your API credentials

Log in to your Modal dashboard and create a new token. You’ll receive:
  • A Token ID (starts with ak-)
  • A Token Secret (starts with as-)
Store your token secret securely. It will only be shown once and provides full access to your Modal account.
2

Set environment variables

Export the credentials as environment variables:
export MODAL_TOKEN_ID=ak-YOUR_TOKEN_ID_HERE
export MODAL_TOKEN_SECRET=as-YOUR_TOKEN_SECRET_HERE
For production, add these to your deployment environment or secrets manager.
3

Verify authentication

The SDKs will automatically detect and use these environment variables:
import modal

# Credentials are automatically loaded from environment variables
client = modal.Client()
print("Authentication successful!")

Programmatic authentication

You can also pass credentials directly when creating a client: 
import { ModalClient } from "modal";

const modal = new ModalClient({
  tokenId: "ak-YOUR_TOKEN_ID_HERE",
  tokenSecret: "as-YOUR_TOKEN_SECRET_HERE"
});
Avoid hardcoding credentials in your source code. Use environment variables or a secrets manager instead.

Configuration file location

By default, the SDKs look for credentials in ~/.modal.toml. You can customize this location: 
export MODAL_CONFIG_PATH=/path/to/custom/modal.toml
The configuration file format:
~/.modal.toml
[default]
token_id = "ak-YOUR_TOKEN_ID_HERE"
token_secret = "as-YOUR_TOKEN_SECRET_HERE"

Credential precedence

The SDKs check for credentials in this order:
  1. Programmatic credentials passed to the client constructor
  2. Environment variables (MODAL_TOKEN_ID and MODAL_TOKEN_SECRET)
  3. Configuration file at ~/.modal.toml or $MODAL_CONFIG_PATH

Managing multiple accounts

If you need to work with multiple Modal accounts, you can:
  1. Use different configuration file paths with MODAL_CONFIG_PATH
  2. Create separate environment variable sets for each account
  3. Pass different credentials programmatically to different client instances

Troubleshooting

Authentication errors

If you see authentication errors:
1

Check credentials

Verify that your MODAL_TOKEN_ID and MODAL_TOKEN_SECRET are set correctly:
echo $MODAL_TOKEN_ID
echo $MODAL_TOKEN_SECRET
2

Verify token is active

Log in to your Modal dashboard and confirm the token is still active and not expired.
3

Check config file

If using a config file, verify it exists and has the correct format:
cat ~/.modal.toml
4

Re-run setup

If all else fails, re-run the setup process:
python3 -m modal setup

Permission errors

If you get permission errors when accessing resources:
  • Verify that your token has the necessary permissions
  • Check that you’re using the correct workspace/organization
  • Ensure the resources you’re trying to access exist and you have access to them

Security best practices

Never commit credentials

Add .modal.toml and credential files to .gitignore

Use environment variables

In production, use secrets managers or environment variables

Rotate tokens regularly

Generate new tokens periodically and revoke old ones

Use minimal permissions

Create tokens with only the permissions you need

Next steps

Now that you’re authenticated, you’re ready to start building:

Quick start guide

Build your first Modal application

Build docs developers (and LLMs) love

Get started for freeTalk to us