OpenClaw API Keys: Connect OpenAI, Claude, Gemini, and More
Connect multiple AI models safely, avoid auth errors, control costs, and keep workflows running without provider failures breaking your agent.
Why API Keys Matter in OpenClaw
API keys let OpenClaw connect with AI model providers such as OpenAI, Claude, Gemini, OpenRouter, Groq, and other compatible APIs.
In simple words, API keys decide:
- Which AI models OpenClaw can use
- Whether your workflows can run
- How much each request costs
- Which provider handles coding, research, chat, or automation
- Whether fallback models are available when one provider fails
A wrong API key does not only break chat replies. It can break browser actions, scheduled workflows, coding agents, research tasks, and tool-based automation. That is why setting up API keys properly matters before running serious OpenClaw workflows.
API Key Setup Is Different for Every Provider
Not every provider uses the same setup. Some only need an API key. Others need a base URL, model name, billing access, or project-level permission.
| Provider Type | What You Usually Need |
|---|---|
| OpenAI-compatible APIs | API key, base URL, model name |
| Claude / Anthropic | API key, billing, model access |
| Gemini | API key, project access, model name |
| OpenRouter | API key, model slug, route access |
| Groq | API key and supported model |
| Local models | Local host URL, port, installed model |
This is where many users make mistakes. They add a key, forget the model name or base URL, then wonder why OpenClaw behaves like a haunted calculator.
Before You Add API Keys
Before connecting any provider, check these basics:
- Create an account with the provider
- Generate a fresh API key
- Confirm billing or free credits are active
- Check that your selected model is available
- Copy the key without extra spaces
- Keep the key private
- Never commit API keys to GitHub
- Use
.envor environment variables where possible
Add your .env file to .gitignore:
echo ".env" >> .gitignoreThis prevents your API keys from being pushed to a public repository. Simple, boring, and it protects paid credentials from strangers on the internet.
Recommended API Key Format for OpenClaw
A clean .env file keeps provider setup easier to manage.
Example:
OPENAI_API_KEY=your_openai_key
ANTHROPIC_API_KEY=your_anthropic_key
GEMINI_API_KEY=your_gemini_key
OPENROUTER_API_KEY=your_openrouter_key
GROQ_API_KEY=your_groq_keyFor OpenAI-compatible providers, you may also need a base URL and model name:
CUSTOM_PROVIDER_API_KEY=your_provider_key
CUSTOM_PROVIDER_BASE_URL=https://api.provider.com/v1
CUSTOM_PROVIDER_MODEL=model-name| Value | Purpose |
|---|---|
| API key | Proves your account has access |
| Base URL | Tells OpenClaw where to send requests |
| Model name | Tells OpenClaw which model to use |
If any one of these is wrong, OpenClaw may return no output, model errors, or authentication failures. For deeper no-output debugging, see our model not responding fix guide.
How to Add API Keys in OpenClaw
You can add API keys through the OpenClaw dashboard or through environment variables, depending on your setup.
Use this method if your OpenClaw setup has a dashboard or provider settings page.
Steps:
- Open the OpenClaw dashboard
- Go to model or provider settings
- Select your provider
- Paste the API key
- Add the base URL if required
- Select the model
- Save the configuration
- Test the provider before running workflows
Use this method if you are running OpenClaw on a VPS, local machine, or server setup.
Open your .env file:
nano ~/.openclaw/.envAdd your provider keys:
OPENAI_API_KEY=your_openai_key
ANTHROPIC_API_KEY=your_anthropic_key
GEMINI_API_KEY=your_gemini_key
OPENROUTER_API_KEY=your_openrouter_key
GROQ_API_KEY=your_groq_keySave the file, then restart the OpenClaw gateway so it picks up the new values:
openclaw gateway restartIf your setup runs OpenClaw as a systemd service, restart the service instead:
sudo systemctl restart openclawAfter restart, OpenClaw should load the new provider keys.
Set the Default Provider and Model
Adding API keys is not enough. You also need to make sure OpenClaw knows which model to use by default.
List available models:
openclaw models listSet your default model with openclaw config set:
openclaw config set agents.defaults.model.primary <provider>/<model-name>Example:
openclaw config set agents.defaults.model.primary anthropic/claude-opus-4-6Verify the change:
openclaw config get agents.defaults.modelThe default model is used when a workflow does not specify a model manually.
For better results, use different models for different tasks:
| Task | Recommended Model Type |
|---|---|
| Simple chat | Fast, low-cost model |
| Summaries | Mid-range model |
| Coding | Strong reasoning model |
| Research | Large-context model |
| Browser automation | Reliable tool-calling model |
This helps reduce cost and improves workflow quality. See our switch AI model guide for a deeper walkthrough of changing the default model, and our best AI model for OpenClaw comparison for concrete picks.
Set Provider Fallbacks
A fallback provider helps OpenClaw continue working when the primary provider fails.
Provider failures can happen because of:
- Rate limits
- Billing problems
- Expired API keys
- Temporary provider outage
- Wrong model name
- Region restrictions
- Permission errors
Example fallback strategy:
| Workflow Type | Primary Provider | Fallback Provider |
|---|---|---|
| Coding agent | Claude or OpenAI | OpenRouter |
| Fast chat tasks | Groq | OpenAI-compatible provider |
| Research workflows | Gemini or OpenAI | Claude |
| Low-cost automation | Small model | Larger model only when needed |
A fallback provider prevents one failed key from killing the full workflow. It is a small setup step that saves you from very stupid debugging sessions later. If you keep hitting quota errors, see our API rate limit fix guide.
Tired of juggling provider keys and restarts?
Ampere.sh runs OpenClaw with provider auth already wired up. Add your key or use pooled credits, no gateway restarts, no env file editing.
How to Test Every API Key
Do not assume a provider works just because you pasted a key. Test it.
openclaw models listThis checks whether OpenClaw can detect your provider and available models.
openclaw models statusThis shows which providers are authenticated and where each key is loaded from (env, config, or profile).
Send a one-line prompt to OpenClaw:
Reply with the active provider name and model name in one sentence.This confirms the API key and model are working end to end.
Use this prompt:
Create a short task plan with 3 steps and ask for approval before taking action.This checks whether the selected model can follow agent-style instructions.
Use this prompt:
Summarize this long input into 5 bullets and keep the original meaning.This helps test whether the model handles longer inputs correctly.
| Test | What It Checks |
|---|---|
| Model list | Provider connection |
| Models status | Auth source and validity |
| Simple reply | API key validity |
| Tool-calling test | Agent reliability |
| Long context test | Context handling |
Common API Key Problems and Fixes
| Problem | What It Means | Fix |
|---|---|---|
| Invalid API key | Key is wrong, expired, or copied badly | Regenerate the key and paste it again |
| No output | Provider is connected but model failed | Check model name and logs |
| Model not found | Wrong model ID | Use the exact provider model name |
| 401 error | Authentication failed | Check API key and account access |
| 403 error | Key exists but lacks permission | Enable API access or billing |
| 429 rate limit | Too many requests | Use fallback or upgrade limits |
| Billing required | Provider requires payment method | Add billing or use another provider |
| Empty tool output | Model is weak at tool use | Switch to a better tool-capable model |
If OpenClaw still fails after fixing the key, check logs:
openclaw logs --followOr, if OpenClaw runs as a systemd service:
journalctl -u openclaw -fLogs usually show whether the issue is authentication, billing, rate limit, or wrong model name.
Provider-Specific Notes
OpenAI-compatible setup usually needs:
- API key
- Correct model name
- Billing enabled
- Supported endpoint
Use OpenAI for general tasks, tool workflows, coding, and automation.
Claude is useful for reasoning, coding, writing, and agent workflows.
Check:
- API key is active
- Billing is enabled
- Your account has access to the selected model
- Model name is correct
Claude may fail if your key is valid but model access is not enabled.
Gemini is useful for research, long-context work, and multimodal tasks.
Check:
- API key is active
- API access is enabled
- Project permissions are correct
- Model name matches the provider documentation
Wrong project setup can cause errors even when the key looks valid.
OpenRouter is useful when you want access to many models through one API key.
Check:
- OpenRouter API key is valid
- Model slug is correct
- Selected model is available
- Credits or billing are active
OpenRouter is good for fallback routing, but model quality can vary depending on the selected provider.
Groq is useful for fast responses and low-latency workflows.
Check:
- API key is valid
- Model is supported
- Workflow does not require advanced reasoning beyond the model's strength
Groq is fast, but not every fast model is ideal for complex agent workflows.
Local models usually do not need external API keys.
Check:
- Ollama or local runtime is running
- Model is installed
- Host URL and port are correct
- Model can handle OpenClaw workflow requirements
Example Ollama check:
ollama listRun a model manually:
ollama run model-nameLocal models can reduce API cost, but weaker models may fail at tool calling. Free is nice until your agent starts producing nonsense with confidence. For a full walkthrough, see our set up Ollama with OpenClaw guide.
API Key Security Best Practices
API keys are sensitive. Treat them like passwords.
Follow these rules:
- Never paste keys in public chats
- Never commit
.envfiles - Use separate keys for development and production
- Rotate leaked keys immediately
- Delete unused keys
- Use provider spending limits
- Review usage logs regularly
Before pushing code, check staged files:
git statusCheck what will be committed:
git diff --cachedIf .env appears, stop and remove it from Git tracking:
git rm --cached .envThen commit again after confirming the key file is not included.
Cost Control When Using Multiple Providers
Using multiple providers gives OpenClaw more flexibility, but it can also increase cost if you route everything to expensive models.
Use this simple strategy:
| Workflow | Best Model Choice |
|---|---|
| Reminders | Low-cost fast model |
| Short summaries | Mid-range model |
| Coding / debugging | Strong reasoning model |
| Browser automation | Reliable tool-calling model |
| Long research | Large-context model |
| Final review | Stronger model |
Cost control tips:
- Use cheap models for simple tasks
- Use stronger models only when needed
- Set spending limits in provider dashboards
- Avoid sending huge context to expensive models
- Use fallback models carefully
- Review provider usage weekly
The goal is not to use the strongest model for everything. That is how people turn a simple automation into a billing crime scene. For a deeper look at token usage and cost, see our token usage and cost control guide.
When Manual API Key Setup Becomes Annoying
Manual setup is fine if you want full control. But it can become painful when you need to manage:
- Multiple
.envfiles - Provider-specific settings
- Server restarts
- Gateway issues
- Expired keys
- Failed workflows
- Rate limits
- Uptime
- Logs and monitoring
This is where many users stop building workflows and start debugging infrastructure instead. Very productive, if your goal is sadness.
Easier Option: Run OpenClaw on Ampere.sh
If you want OpenClaw running without managing servers, ports, gateway setup, uptime, or manual provider configuration, use Ampere.sh.
With Ampere.sh, you can deploy OpenClaw in a managed environment, connect model providers, and start running workflows without spending hours fixing setup issues.
Use Ampere.sh if you want:
- Managed OpenClaw hosting
- Faster setup
- Easier provider configuration
- Always-on workflows
- Less server maintenance
- Fewer gateway and port issues
- A cleaner path from setup to real automation
Run OpenClaw on Ampere.sh and spend less time fixing keys, configs, and failed provider connections.
Frequently Asked Questions
What API keys do I need for OpenClaw?
Can I use multiple API providers in OpenClaw?
Why is my OpenClaw API key not working?
Can I use OpenRouter with OpenClaw?
How do I safely store OpenClaw API keys?
Do I need to restart OpenClaw after adding an API key?
Which provider should I pick first?
Also Read
Skip the provider key juggling
Managed OpenClaw on Ampere.sh handles API keys, gateways, and restarts so you can focus on real workflows. 7-day free trial.
Start Free Trial

