Skip to Content
👋 Willkommen bei HowToUseOpenClaw Schnellstart
GatewayAuthentifizierung

Authentifizierung

Token-Auth vs. mTLS. Wählen Sie eines und sperren Sie den Gateway. OpenClaw supports OAuth and API keys for model providers. For Anthropic accounts, we recommend using an API key. For Claude subscription access, use the long‑lived token created by claude setup-token.

Siehe /concepts/oauth für den vollständigen OAuth-Flow und Speicher-Layout.

Empfohlene Anthropic-Einrichtung (API-Key)

If you’re using Anthropic directly, use an API key.

  1. Einen API-Key in der Anthropic Console anlegen.
  2. Auf dem Gateway-Host (der Maschine, die openclaw gateway ausführt) hinterlegen.
export ANTHROPIC_API_KEY="..."
openclaw models status
  1. Wenn der Gateway unter systemd/launchd läuft, den Key bevorzugt in ~/.clawdbot/.env legen, damit der Daemon ihn lesen kann:
cat >> ~/.clawdbot/.env <<'EOF'
ANTHROPIC_API_KEY=...
EOF

Anschließend Daemon (oder Gateway-Prozess) neu starten und prüfen:

openclaw models status
openclaw doctor

If you’d rather not manage env vars yourself, the onboarding wizard can store API-Keys für den Daemon speichern: openclaw onboard.

Siehe Hilfe für Details zur Env-Vererbung (env.shellEnv, ~/.clawdbot/.env, systemd/launchd).

Anthropic: Setup-Token (Abo-Auth)

For Anthropic, the recommended path is an API key. If you’re using a Claude wird der Setup-Token-Flow ebenfalls unterstützt. Auf dem Gateway-Host ausführen:

claude setup-token

Dann in OpenClaw einfügen:

openclaw models auth setup-token --provider anthropic

Wenn der Token auf einer anderen Maschine erstellt wurde, manuell einfügen:

openclaw models auth paste-token --provider anthropic

If you see an Anthropic error like:

This credential is only authorized for use with Claude Code and cannot be used for other API requests.

…use an Anthropic API key instead.

Manual token entry (any provider; writes auth-profiles.json + updates config):

openclaw models auth paste-token --provider anthropic
openclaw models auth paste-token --provider openrouter

Automation-friendly check (exit 1 when expired/missing, 2 when expiring):

openclaw models status --check

Optional ops scripts (systemd/Termux) are documented here: /automation/auth-monitoring

claude setup-token requires an interactive TTY.

Checking model auth status

openclaw models status
openclaw doctor

Controlling which credential is used

Per-session (chat command)

Use /model <alias-or-id>@<profileId> to pin a specific provider credential for the current session (example profile ids: anthropic:default, anthropic:work ausführt) hinterlegen.

Use /model (or /model list) for a compact picker; use /model status for the full view (candidates + next auth profile, plus provider endpoint details when configured ausführt) hinterlegen.

Per-agent (CLI override)

Set an explicit auth profile order override for an agent (stored in that agent’s auth-profiles.json):

openclaw models auth order get --provider anthropic
openclaw models auth order set --provider anthropic anthropic:default
openclaw models auth order clear --provider anthropic

Use --agent <id> to target a specific agent; omit it to use the configured default agent.

Fehlerbehebung

“No credentials found”

If the Anthropic token profile is missing, run claude setup-token on the gateway host, then re-check:

openclaw models status

Token expiring/expired

Run openclaw models status to confirm which profile is expiring. If the profile is missing, rerun claude setup-token and paste the token again.

Requirements

  • Claude Max or Pro subscription (for claude setup-token)
  • Claude Code CLI installed (claude command available)
Zuletzt aktualisiert am:
Gateway-ÜberblickHintergrundprozess