#The Mac App keeps failing becouse theres no token, but theres no where to enter it

The Mac App keeps failing becouse theres no token, but theres no where to enter it

That “token” is almost always the Gateway auth token (not an LLM API key), and you do enter it — just not in a popup.

Where to put the token

1. Open the Control UI in a browser (on the same machine as the Gateway):
   • http://127.0.0.1:18789/
2. Open the Settings panel in the Control UI and paste the token there.
   The UI stores it as connect.params.auth.token.

Docs: https://docs.openclaw.ai/web/control-ui

How to get the token

On the Gateway host, run:

openclaw dashboard

and open the link it prints (it includes ?token=... and will “seed” the UI with the token).

Docs: https://docs.openclaw.ai/help/faq#how-do-i-authenticate-the-dashboard-token-on-localhost-vs-remote

If the error is actually “pairing required” (code 1008)

That’s a different issue: you must approve the device once:

openclaw devices list
openclaw devices approve <requestId>

Quick questions so I can point you to the exact fix

1. What’s the exact error text the Mac app shows? (screenshot is fine)
2. Is your Gateway local (same Mac) or remote (VPS/Tailscale)?
3. What does openclaw --version say?

(Also: don’t paste the token itself into Discord—treat it like a password.)

No the Gateway/Node is on another Computer. The error im getting is Gatewav error: gatewav connect: connect to gatewav @ ws:127.0.0.1:18789: unauthorzed: datewav token missina brovide
Gateway error: gateway connect: connect to gateway @ ws://127.0.0.1:18789: unauthorized: gateway token missing (provide
gateway auth token) but the gate way is set as jacojac@10.0.0.91

That’s actually expected in Remote over SSH mode.

Even though your Gateway is on jacojac@10.0.0.91, the macOS app creates an SSH tunnel and then talks to the remote Gateway as if it were local, so it connects to:

• ws://127.0.0.1:18789 ← (this is the tunneled port)

So the real problem is the rest of the error:

unauthorized: gateway token missing (provide gateway auth token)

Fix: paste the Gateway auth token into the Control UI / Web Chat settings

1. On the Gateway host (10.0.0.91), run:

openclaw dashboard

This prints a tokenized link (.../?token=...). Copy the token (don’t paste it into Discord).

2. On your Mac, in the Web Chat / Control UI (inside the app, or in a browser if you open it), open the settings/gear and paste the token (it’s stored as connect.params.auth.token).

Docs:

• https://docs.openclaw.ai/web/control-ui
• https://docs.openclaw.ai/platforms/mac/remote

If you don’t know the token / never got one

On the Gateway host you can generate one:

openclaw doctor --generate-gateway-token

(Then you must paste the new token into the UI/app settings.)

If you tell me whether your mac app is set to Remote over SSH or Remote direct (ws/wss), I can tell you exactly where that token field is in that mode.

Remote over SSH

Yep — Remote over SSH is why you’re seeing ws://127.0.0.1:18789.

In that mode the Mac app makes an SSH tunnel and then connects to the remote gateway through localhost. So 127.0.0.1:18789 is correct — you just need to give the UI/app the gateway auth token.

The easiest way (works even if you can’t find a token field in the app)

1. On the gateway computer (10.0.0.91), run:

openclaw dashboard

2. It prints a URL like:
   http://127.0.0.1:18789/?token=...

3. Copy that full URL and open it on your Mac in a browser while the macOS app remote SSH tunnel is active (hit “Test remote” once, or open Web Chat so it brings the tunnel up).

That page will store the token, and then the Mac app / Control UI should stop saying “gateway token missing”.

If you do want to enter it manually

Open the Control UI (on your Mac, with the tunnel active):

• http://127.0.0.1:18789/
  Then open the Settings / connection settings panel in the UI and paste the token there (it’s stored as connect.params.auth.token).

Docs: https://docs.openclaw.ai/web/control-ui

If openclaw dashboard doesn’t work / you never had a token

On the gateway computer:

openclaw doctor --generate-gateway-token

Then repeat the openclaw dashboard step.

If you tell me what you see in the macOS app when you open Web Chat (screenshot ok, don’t include the token), I can point to the exact button/field.

Still not working

jacojac@openclaw.local

{
"gateway" : {
"mode" : "remote",
"remote" : {
"sshIdentity" : "/Users/jacojac/.ssh/id_ed25519",
"sshTarget" : "jacojac@openclaw.local",
"url" : "ws://openclaw.local:18789"
}
}
}

In Remote over SSH, opening the ...?token=... link in Safari usually won’t help, because the Mac app’s embedded WebChat is its own WebView storage (it doesn’t share Safari’s localStorage). So the app still has “no token”.

What the macOS app actually uses in Remote mode is your Mac’s config key:

• gateway.remote.token ✅ (not the remote machine’s gateway.remote.*)

Fix (on the Mac running OpenClaw.app)

In Terminal on your Mac:

openclaw config set gateway.mode "remote"
openclaw config set gateway.remote.url "ws://127.0.0.1:18789"
openclaw config set gateway.remote.token "<PASTE YOUR REMOTE GATEWAY AUTH TOKEN HERE>"

That token value must equal the remote gateway’s gateway.auth.token (on 10.0.0.91).

The CLI isnt installed

Then quit and re-open the macOS app (or at least close/reopen WebChat) and try again.

Docs for the config flow: https://docs.openclaw.ai/gateway/remote#cli-remote-defaults

If it still says token missing

Two quick checks (don’t paste the token, just say whether it’s set):

1. On your Mac:

openclaw config get gateway.remote.url
openclaw config get gateway.remote.token

2. Also confirm nothing local is already using the tunnel port:

lsof -nP -iTCP:18789 -sTCP:LISTEN

jacojac@openclaw.local is just your SSH target — that part is fine if openclaw.local resolves to the gateway box.

The reason you’re still getting “gateway token missing” is usually one of these two things:

1) The Mac app has no token to send (Remote over SSH reads it from config/env)

In Remote over SSH, there currently isn’t a “token” field in Settings → General. The app reads the token from your Mac’s config:

• gateway.remote.token (or env OPENCLAW_GATEWAY_TOKEN)

So set it on the Mac running OpenClaw.app (not on the remote host):

Option A (Terminal on your Mac)

openclaw config set gateway.mode "remote"
openclaw config set gateway.remote.url "ws://127.0.0.1:18789"
openclaw config set gateway.remote.token "<REMOTE GATEWAY'S gateway.auth.token>"

Post the outputs (redact token), and I’ll tell you what’s wrong next.

Option B (no CLI)

Open OpenClaw.app → Settings → Config tab → find gateway → remote → token and paste it there → Save → quit & relaunch the app.

Important: the value you paste must be the remote machine’s gateway.auth.token (the gateway’s auth), not something like an SSH password.

2) Port 18789 is already in use on your Mac, so the SSH tunnel can’t bind (and you end up talking to the wrong gateway)

Remote over SSH always wants to use localhost:18789 for the tunnel. If you still have a local gateway running on your Mac, the tunnel can’t claim that port.

On your Mac run:

lsof -nP -iTCP:18789 -sTCP:LISTEN

If that shows an openclaw process listening, stop the local gateway (or switch fully to remote mode and quit/restart).

Quick sanity check on the SSH target

From your Mac:

Your config is missing the one field the Mac app needs in Remote over SSH:

• gateway.remote.token

Right now it has sshTarget/sshIdentity/url, but no token, so the app connects to the SSH-forwarded ws://127.0.0.1:18789 and the gateway replies: “unauthorized: gateway token missing”.

What to do

1) On the gateway machine (10.0.0.91)

Get (or generate) the gateway auth token:

openclaw config get gateway.auth.token
# or, if empty/missing:
openclaw doctor --generate-gateway-token
openclaw config get gateway.auth.token

ping -c 1 openclaw.local

Make sure it resolves to 10.0.0.91 (or just use jacojac@10.0.0.91 to remove any DNS weirdness).

If you paste:

• the output of lsof ... (safe)
• and what the app shows under “Test remote” (screenshot ok; don’t include the token)

…I can tell which of the two it is.

(Do not paste the token into Discord.)

2) On your Mac (the OpenClaw.app machine)

Set that token as the remote token:

openclaw config set gateway.remote.token "<PASTE_TOKEN_FROM_GATEWAY_HOST>"

Then fully quit OpenClaw.app and reopen it, hit Test remote again.

3) Optional cleanup (recommended)

Since you’re using SSH tunneling, set remote URL to the tunneled address so CLI/app expectations match:

openclaw config set gateway.remote.url "ws://127.0.0.1:18789"

zsh: command not found: openclaw

Your JSON should end up like this (example)

{
  "gateway": {
    "mode": "remote",
    "remote": {
      "sshIdentity": "/Users/jacojac/.ssh/id_ed25519",
      "sshTarget": "jacojac@openclaw.local",
      "url": "ws://127.0.0.1:18789",
      "token": "…"
    }
  }
}

If it still fails after that: paste the output of openclaw config get gateway.remote.token (just say “set”/“empty”, don’t include it) + whatever Test remote prints.

You don’t need the CLI for this part.

In Remote over SSH, the Mac app reads the gateway auth token from your local config file on the Mac:

~/.openclaw/openclaw.json → gateway.remote.token

Right now your config has sshTarget/sshIdentity/url but no token, so the app can’t authenticate and you get “gateway token missing”.

Do this (no CLI required)

1) Get the token from the gateway computer (10.0.0.91)

On that computer, open this file:

~/.openclaw/openclaw.json

Look for:

You can fix this without the CLI — the Mac app just reads gateway.remote.token from your config file.

Right now your config has no token, so the app literally has nothing to send → “gateway token missing”.

1) Get the token from the gateway computer (openclaw.local)

SSH in and open the gateway’s config file:

ssh jacojac@openclaw.local 'cat ~/.openclaw/openclaw.json'

Look for:

• gateway.auth.token ← copy that value (don’t paste it into Discord)

If you don’t see gateway.auth.token in that file, the gateway might be getting it from an env var (OPENCLAW_GATEWAY_TOKEN) or it’s not configured (then you’ll need to set/generate one on the gateway host).

2) Paste it into your Mac’s config (this is what the app uses)

On your Mac, edit:

~/.openclaw/openclaw.json

Add one line:

"token": "PASTE_THE_GATEWAY_AUTH_TOKEN_HERE"

…inside gateway.remote, so it becomes:

{
  "gateway": {

    "mode": "remote",
    "remote": {
      "sshIdentity": "/Users/jacojac/.ssh/id_ed25519",
      "sshTarget": "jacojac@openclaw.local",
      "url": "ws://openclaw.local:18789",
      "token": "PASTE_HERE"
    }
  }
}

Easiest way to edit (no openclaw needed):

nano ~/.openclaw/openclaw.json

3) Fully quit + reopen OpenClaw.app, then “Test remote” again

If after adding the token it still fails, tell me what the error changes to (usually it flips from “token missing” to “rejected token” or a tunnel/port issue), and we’ll do the next step.

gateway: {
  auth: { token: "..." }
}

That gateway.auth.token value is what you need. (Don’t paste it into Discord.)

2) Paste it into your Mac’s config

On your Mac, open:

~/.openclaw/openclaw.json

…and add a token inside gateway.remote:

{
  "gateway": {
    "mode": "remote",
    "remote": {
      "sshIdentity": "/Users/jacojac/.ssh/id_ed25519",
      "sshTarget": "jacojac@openclaw.local",
      "url": "ws://openclaw.local:18789",
      "token": "PASTE_THE_REMOTE_gateway.auth.token_HERE"
    }
  }
}

You can edit it via:

• Finder → Go → Go to Folder… → paste ~/.openclaw/ → open openclaw.json in TextEdit, or
• OpenClaw.app → Settings → Config (if you have that tab) and edit the raw JSON there.