Authentication

Securing access to the OpenClaw gateway.

Overview

The gateway supports multiple authentication methods:

• API keys
• Bearer tokens
• OAuth (for channels)

API Key Authentication

Generate an API key:

openclaw gateway api-key generate

Use in requests:

curl -H "X-API-Key: your-key" http://localhost:3000/api/...

Configuration

{
  gateway: {
    auth: {
      enabled: true,
      apiKey: "your-secret-key",
      allowedIPs: ["127.0.0.1"]
    }
  }
}

Bearer Token

curl -H "Authorization: Bearer your-token" http://localhost:3000/api/...

Channel Authentication

Each channel has its own authentication:

Channel	Auth Method
WhatsApp	QR code pairing
Telegram	Bot token
Discord	OAuth + Bot token
Slack	OAuth

Security Best Practices

1. Enable authentication for production use
2. Use HTTPS when exposing to the internet
3. Restrict IP addresses when possible
4. Rotate keys regularly

See Also

• Gateway Security
• Remote Access