Every HTTP request made byDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/phpaisdk/fal/llms.txt
Use this file to discover all available pages before exploring further.
aisdk/fal — whether to fal.run for image, speech, or transcription, or to queue.fal.run for video — includes an Authorization header generated by FalOptions::authHeaders(). The header value follows the Key <api-key> scheme required by fal.ai’s REST API. No OAuth flow, token exchange, or session management is involved: the raw API key is sent on each request.
Obtaining an API key
Create a free account at fal.ai and navigate to your dashboard to generate an API key. Keys are prefixed withfal- by convention. Treat them as secrets — anyone who holds a key can make requests billed to your account.
Supplying the key
There are three ways to provide your API key to the provider, listed in recommended order:1. Environment variable FAL_API_KEY (preferred)
Set the variable in your shell, .env file, or deployment environment. The provider reads it automatically when Fal::default() or Fal::create() is called with no apiKey key.
2. Fallback environment variable FAL_KEY
If FAL_API_KEY is not set, the provider falls back to FAL_KEY. This matches the naming convention used by the upstream JavaScript @ai-sdk/fal package and can be useful when sharing environment configuration across runtimes.
3. Programmatic via Fal::create()
Pass the key directly in the config array. This is useful when fetching keys from a secrets manager at runtime, or when you need more than one provider instance with different keys.
Authorization header format
Once the key is resolved,FalOptions::authHeaders() produces the following header, which is merged into every outbound request:
authHeaders() looks like this when no extra headers are configured:
Custom extra headers
You can attach additional HTTP headers to every request by supplying aheaders array in the config. These are merged with the Authorization header by authHeaders() — they do not replace it.
headers collides with Authorization, the headers value will take precedence because array_merge places it after the built-in entry — avoid overriding Authorization unless you know what you are doing.
