OpenClaw Install / Docs / Gateway / Skills
EN
Get Started
Home

Switch language

简体中文 English
Start Install GuideQuick StartDocs Overview
Docs ChannelsModels & APIGateway OpsTools & Skills
More ArticlesResourcesHelp Center
Get Started
Documentation navigation Gateway Ops

Current Section

On This Page

Gateway Ops 3 sections

Model Authentication

Authentication

This page covers provider authentication rather than Control UI handshakes. The most important rule is that credentials must exist on the machine that actually runs the Gateway, especially in service mode or remote mode.

Anthropic OpenAI Gateway Troubleshooting

Authentication Strategy

API Key

Best for servers and daemon services

The easiest credentials to copy, rotate and persist, especially when launchd or systemd reads environment variables from ~/.openclaw/.env.

OAuth / setup-token

Best for subscription and local-user flows

Useful when you want to reuse Claude or Codex subscription state, but the final token or auth file still has to end up on the Gateway host.

Frequent Commands

Anthropic API key

export ANTHROPIC_API_KEY="..."
openclaw models status

Anthropic setup-token

claude setup-token
openclaw models auth setup-token --provider anthropic
openclaw models auth paste-token --provider anthropic

Check auth state

openclaw models status
openclaw doctor

Rules You Must Remember

Credentials need to live on the Gateway host, not only inside the shell window you happen to be using right now.

If the Gateway is managed by systemd or launchd, the most stable path is usually to place environment variables in ~/.openclaw/.env.

Authentication is isolated per agent. If a new agent cannot call a provider, do not assume it inherited the main agent's credentials automatically.