Try DeepSeek-R1 on Modal! View example

Proxy auth tokens (beta)

To prevent users outside of your workspace from discovering and triggering web endpoints that you create, Modal will check for two headers: Modal-Key and Modal-Secret on HTTP requests to the endpoint. You can populate these headers with tokens created under Settings > Proxy Auth Tokens.

By default, web endpoints created by the web_endpoint, asgi_app, wsgi_app, or web_server decorators are publicly available. The optional field requires_proxy_auth protects your web endpoint by verifying a key and a token are passed in the Modal-Key and Modal-Secret headers. Requests without those headers will receive the HTTP error 401 Unauthorized unless valid credentials are supplied.

import modal

@app.function()
@modal.web_endpoint(requires_proxy_auth=True)
def app():
    return "hello world"

To trigger the endpoint, create a Proxy Auth Token, which will generate a token ID and token secret that you use to prove the authorization of your request. In requests to the web endpoint, add the Modal-Key and Modal-Secret HTTP headers and supply your token in the header value.

export TOKEN_ID=wk-1234abcd
export TOKEN_SECRET=ws-1234abcd
curl -H "Modal-Key: $TOKEN_ID" \
     -H "Modal-Secret: $TOKEN_SECRET" \
     https://my-secure-endpoint.modal.run

Everyone within the workspace of the web endpoint can manage the tokens that will be accepted as valid authentication.

Proxy-Authorization header

Previously, Modal Proxy Auth tokens used the verified the Proxy-Authorization header, returning a 407 Proxy Unauthorized HTTP error in case the token isn’t valid. We have since made an update to use Modal-Key and Modal-Secret instead. Proxy-Authorization is still supported but will be deprecated sometime in the future.

The Proxy-Authorization header uses the Basic authentication scheme and expect base64 encoding of [TOKEN_ID]:[TOKEN_SECRET] for the credentials. For example:

export TOKEN_ID=wk-1234abcd
export TOKEN_SECRET=ws-1234abcd
curl https://my-secure-endpoint.modal.run -H "Proxy-Authorization: Basic $(echo -n $TOKEN_ID:$TOKEN_SECRET | base64)"