#Anthropic Subscription Plan and OpenClaw

Claude/Anthropic is working in OpenClaw, but there are basically two different auth paths and that’s where most of the “saga” confusion comes from:

1. Anthropic API key (recommended / most stable)

• Create an API key in the Anthropic Console, then use openclaw onboard (or set ANTHROPIC_API_KEY on the gateway host).
• Docs: https://docs.openclaw.ai/providers/anthropic (Option A) + https://docs.openclaw.ai/gateway/authentication

2. Claude subscription auth via claude setup-token (more brittle)

• If you’re trying to use your Claude Pro/Max subscription, you need a setup-token generated by the Claude Code CLI:
  • claude setup-token
  • then paste into OpenClaw: openclaw models auth setup-token --provider anthropic
• These tokens can expire/revoke, and if you see errors like “OAuth token refresh failed …” or sudden 401s, the fix is usually: re-run claude setup-token and paste again.
• Docs: https://docs.openclaw.ai/providers/anthropic (Option B)

If you tell me which one you’re using (API key vs setup-token) + paste the exact error + openclaw --version + output of openclaw models status, I can point to the specific fix.

i am using setup token not API

If you’re on Claude subscription auth (setup-token): yep, that path is supported, but it’s the one that tends to “randomly” break when the token expires/revokes.

Here’s the most reliable checklist:

1. Generate a fresh token (needs an interactive TTY)

• Run: claude setup-token
• Best is to do this on the same machine that runs openclaw gateway.
• If you generated it on a different machine, that’s fine too—just paste it on the gateway host (next step).

2. Paste it into OpenClaw on the gateway host

• openclaw models auth setup-token --provider anthropic
  • or if you already have the token string: openclaw models auth paste-token --provider anthropic

3. Verify OpenClaw actually sees it

• openclaw models status
• (optional) openclaw models status --check (exits non-zero if missing/expired)

Common “saga” failure modes:

• 401 / token suddenly invalid → re-run claude setup-token, paste again.
• “OAuth token refresh failed …” → same fix (new setup-token). Docs: https://docs.openclaw.ai/gateway/troubleshooting#oauth-token-refresh-failed-anthropic-claude-subscription
• “This credential is only authorized for use with Claude Code…” → that means the subscription credential isn’t accepted for the API request you’re making; you’ll need an Anthropic API key for OpenClaw in that case. Docs: https://docs.openclaw.ai/gateway/authentication

If you paste the exact error you’re getting + openclaw --version + output of openclaw models status, I can tell which of the above you’ve hit.

run error: HTTP 401 authentication_error: OAuth authentication is currently not supported. (request_id: req_011CYGTtkvnBRuLAvR7ojZWU)

That specific error is coming from Anthropic’s API and it means the request is being authenticated as OAuth/Bearer, which Anthropic currently rejects (“OAuth authentication is currently not supported”). The Anthropic API wants API keys, not generic OAuth tokens.

For OpenClaw + subscription, the only thing that should work is the Claude Code setup-token flow (it’s not the same as copying any “OAuth token” from elsewhere).

What to do:

1. Make sure your token is really from Claude Code

• Run: claude setup-token (this is the only intended source for the subscription token)

2. Paste it on the machine running the Gateway

• openclaw models auth setup-token --provider anthropic
  • (or openclaw models auth paste-token --provider anthropic if you already have the token string)

3. Verify what auth mode OpenClaw is actually using

• openclaw models status
• Please paste the output (redact anything secret) + openclaw --version

If after that you still get the same “OAuth … not supported” 401, then in practice you’ll need to switch to an Anthropic API key (the API simply won’t accept that credential type). Docs refs:

• https://docs.openclaw.ai/providers/anthropic
• https://docs.openclaw.ai/gateway/authentication

That 401 message is the key clue:

“OAuth authentication is currently not supported.”

Anthropic’s API does not accept OAuth/Bearer tokens. If Anthropic sees an Authorization: Bearer … header, it throws exactly this kind of error. For OpenClaw, the subscription flow only works if you’re using the Claude Code setup-token and OpenClaw is treating it as a static token (not an OAuth flow).

Two important things:

0) Security first (please do this now)

You pasted real API keys/tokens in that output (even partially). In a public thread, assume they’re compromised:

• Delete/edit that message
• Rotate/revoke the exposed keys at the provider(s)

1) Fix steps for the Anthropic setup-token path

1. Confirm you generated the token via Claude Code CLI (not browser/devtools):

claude setup-token

2. Paste it into OpenClaw explicitly as a token (overwriting anthropic:default):

openclaw models auth paste-token --provider anthropic --profile-id anthropic:default

3. Then verify with a live probe:

openclaw models status --probe-provider anthropic --probe

2) I need one more datapoint

Can you paste:

• openclaw --version

• and (redacted) openclaw models status --json (please remove any tokens/keys)

If you’re on an older OpenClaw version, it may be incorrectly sending the setup-token as OAuth/Bearer (and then you’ll always get this error until you update).

Docs for reference:

• https://docs.openclaw.ai/providers/anthropic
• https://docs.openclaw.ai/gateway/authentication

│ anthropic/claude-opus-4- │ anthropic:default │ auth · 1.3s │
│ 6 │ (token) │ ↳ HTTP 401 authentication_error: OAuth authentication is currently not supported. (request_id: req_011CYGURyLmC5stz4Ymgzoqr) │
│ anthropic/claude-opus-4- │ anthropic:manual (token) │ auth · 1.4s │
│ 6 │ │ ↳ HTTP 401 authentication_error: OAuth authentication is currently not supported. (request_id: req_011CYGURyNkFkdpT3h6nEJxt)

@bold zenith

That error is the “classic” symptom of Claude setup-tokens (sk-ant-oat01-…) being treated as OAuth, but the request is missing the Claude-Code “stealth” headers Anthropic expects for those tokens.

So Anthropic sees Authorization: Bearer sk-ant-oat01-... and responds:

“OAuth authentication is currently not supported.”

What to do

1. Check your OpenClaw version
   Run openclaw --version and paste it. There was a known regression around setup-token handling depending on where the key comes from (env vs auth-profiles).

2. Fast workaround (often fixes it immediately)
   Put the setup-token in the Gateway env (so it’s picked up the “old” way), then restart the gateway:

• add to ~/.openclaw/.env on the gateway host:
  ANTHROPIC_API_KEY=sk-ant-oat01-...
• then openclaw gateway restart
• re-test: openclaw models status --probe-provider anthropic --probe

(Yes, it’s weird to put a setup-token into ANTHROPIC_API_KEY, but the goal is to get OpenClaw/pi-ai to recognize it and send the right headers.)

3. If you want a subscription-only path that bypasses this entirely
   OpenClaw docs also mention a community workaround: claude-max-api-proxy (wraps your Max/Pro subscription as an OpenAI-compatible endpoint):
   https://docs.openclaw.ai/providers/claude-max-api-proxy

Also: please rotate secrets

In your earlier paste, you leaked real keys (OpenRouter/ZAI/etc). In a public Discord thread, assume compromised → delete that message + rotate those keys.

If you send openclaw --version + whether your setup-token starts with sk-ant-oat01 (just the prefix), I can tell you whether updating OpenClaw is the “real” fix vs just using the env workaround.

That 401 is basically Anthropic saying: “you’re hitting the normal Anthropic API with an OAuth/Bearer token, and we don’t accept OAuth there.”

With setup-tokens, the token usually looks like sk-ant-oat01-... and it only works if OpenClaw is using the Claude Code subscription path (it needs the right Claude-Code headers; otherwise Anthropic treats it as unsupported OAuth and you get exactly this error).

What I’d do next:

1. Post your version

• run: openclaw --version
  Older builds (or some version skews) will do the wrong thing with sk-ant-oat01 tokens and always get this 401.

2. Re-paste the token cleanly (after updating, if you’re not current)

• openclaw models auth paste-token --provider anthropic --profile-id anthropic:default
• then verify: openclaw models status --probe-provider anthropic --probe

3. If you need a guaranteed-working option today

• Use an Anthropic API key (most stable), or
• Use the community “subscription → OpenAI-compatible” bridge: https://docs.openclaw.ai/providers/claude-max-api-proxy