CtrlK
BlogDocsLog inGet started
Tessl Logo

klingai-install-auth

Set up Kling AI API authentication with JWT tokens. Use when starting a new Kling AI integration or troubleshooting auth issues. Trigger with phrases like 'kling ai setup', 'klingai api key', 'kling ai authentication', 'configure klingai'.

85

Quality

83%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Kling AI Install & Auth

Overview

Kling AI uses JWT (JSON Web Token) authentication. You generate a token from your Access Key (AK) and Secret Key (SK), then pass it as a Bearer token in every request. Tokens expire after 30 minutes.

Base URL: https://api.klingai.com/v1

Prerequisites

  • Kling AI account at klingai.com
  • API access enabled (self-service, no waitlist)
  • Python 3.8+ with PyJWT or Node.js 18+

Step 1 — Get Credentials

  1. Sign in at app.klingai.com/global/dev
  2. Navigate to API Keys in the developer console
  3. Click Create API Key to generate an Access Key + Secret Key pair
  4. Store both values securely — the Secret Key is shown only once
# .env file
KLING_ACCESS_KEY="ak_your_access_key_here"
KLING_SECRET_KEY="sk_your_secret_key_here"

Step 2 — Generate JWT Token

Python

import jwt
import time
import os

def generate_kling_token():
    """Generate a JWT token for Kling AI API authentication."""
    ak = os.environ["KLING_ACCESS_KEY"]
    sk = os.environ["KLING_SECRET_KEY"]

    headers = {"alg": "HS256", "typ": "JWT"}
    payload = {
        "iss": ak,
        "exp": int(time.time()) + 1800,  # 30 min expiry
        "nbf": int(time.time()) - 5,     # valid 5s ago (clock skew)
    }

    return jwt.encode(payload, sk, algorithm="HS256", headers=headers)

token = generate_kling_token()
# Use: Authorization: Bearer <token>

Node.js

import jwt from "jsonwebtoken";

function generateKlingToken() {
  const ak = process.env.KLING_ACCESS_KEY;
  const sk = process.env.KLING_SECRET_KEY;

  const payload = {
    iss: ak,
    exp: Math.floor(Date.now() / 1000) + 1800,
    nbf: Math.floor(Date.now() / 1000) - 5,
  };

  return jwt.sign(payload, sk, { algorithm: "HS256", header: { typ: "JWT" } });
}

Step 3 — Verify Authentication

import requests

BASE_URL = "https://api.klingai.com/v1"
token = generate_kling_token()

response = requests.get(
    f"{BASE_URL}/videos/text2video",  # any endpoint to test auth
    headers={"Authorization": f"Bearer {token}"},
)

if response.status_code == 401:
    print("Auth failed — check AK/SK values")
elif response.status_code in (200, 400):
    print("Auth working — credentials valid")

Token Management Pattern

import time

class KlingAuth:
    """Auto-refreshing JWT token manager."""

    def __init__(self, access_key: str, secret_key: str, buffer_sec: int = 300):
        self.ak = access_key
        self.sk = secret_key
        self.buffer = buffer_sec  # refresh 5 min before expiry
        self._token = None
        self._expires_at = 0

    @property
    def token(self) -> str:
        if time.time() >= (self._expires_at - self.buffer):
            self._refresh()
        return self._token

    def _refresh(self):
        now = int(time.time())
        payload = {"iss": self.ak, "exp": now + 1800, "nbf": now - 5}
        self._token = jwt.encode(payload, self.sk, algorithm="HS256",
                                  headers={"alg": "HS256", "typ": "JWT"})
        self._expires_at = now + 1800

    @property
    def headers(self) -> dict:
        return {
            "Authorization": f"Bearer {self.token}",
            "Content-Type": "application/json",
        }

Error Handling

ErrorCauseFix
401 UnauthorizedInvalid/expired JWTRegenerate token, check AK/SK
403 ForbiddenAPI access not enabledEnable API in developer console
JWT decode errorWrong secret keyVerify SK matches the AK pair
Token expired>30 min since generationImplement auto-refresh (see above)
Clock skew errorServer time mismatchUse nbf: now - 5 for tolerance

Security Checklist

  • Never commit AK/SK to version control
  • Use .env files with .gitignore exclusion
  • Rotate keys quarterly via the developer console
  • Use separate keys per environment (dev/staging/prod)
  • Set exp to 1800s max (Kling enforces this ceiling)

Resources

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

70e9fa4

Last updated
Created

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill