#run error: 401

1 messages · Page 1 of 1 (latest)

alpine remnant
#

I get this error when setting openclaw even though Im copying the key and also made a second one in case I had the first one wrong but same issue

run error: 401 Incorrect API key provided:
sk-proj-******************************************************************

************14YA. You can find your API key at https://platf...
connected | error
agent main | session main (openclaw-tui) | openai/gpt-5-nano | think low |
tokens ?/400k

hollow wharfBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

split topaz
#

that's just

#

the wrong api key

#

regen?

alpine remnant
strange rootBOT
#

That OpenAI error (401 Incorrect API key provided) usually means either the key is genuinely invalid/revoked or OpenClaw is not using the key you think it is (old env var wins, remote gateway, etc.). A couple important gotchas:

1) Make sure the key is on the Gateway host

OpenClaw sends model requests from the machine running openclaw gateway (or the installed service).
So if you’re running the TUI on your laptop but the Gateway is on a VPS, the key must be set on the VPS, not just locally.

2) OpenClaw will NOT override an existing OPENAI_API_KEY

Env precedence is “never override existing values”. If you have an old/bad OPENAI_API_KEY in your shell/service environment, putting a new one in config won’t replace it. Docs: https://docs.openclaw.ai/help/environment

Quick fix checklist

On the machine running the Gateway:

  1. Don’t paste your key here, but run:
openclaw --version
openclaw models status
#
  1. Put the key in the global daemon env file (most reliable for services):
cat >> ~/.openclaw/.env <<'EOF'
OPENAI_API_KEY=sk-proj-...your_key...
EOF
  1. Restart the gateway service/process:
openclaw gateway restart
  1. Re-check:
openclaw models status
#

What I need from you

Paste the output of:

  • openclaw --version
  • openclaw models status

(those are safe to share; they redact secrets). Then I can tell you whether OpenClaw is actually seeing OpenAI auth and from where.

OpenAI provider doc (API key vs Codex OAuth): https://docs.openclaw.ai/providers/openai

#

If you already regenerated the key and it still says 401 Incorrect API key provided, there are basically two possibilities:

  1. OpenClaw isn’t actually using the new key (it’s still picking up an old OPENAI_API_KEY from somewhere), or
  2. The key is genuinely invalid for the OpenAI API (less common if you just created it, but the quick test below will prove it).

Step 1: Prove the key works (run this on the SAME machine as the Gateway)

On the box running openclaw gateway:

export OPENAI_API_KEY="sk-proj-..."
curl -sS https://api.openai.com/v1/models -H "Authorization: Bearer $OPENAI_API_KEY" | head
  • If that returns 401, it’s truly an OpenAI key/account issue (wrong account, revoked key, etc.).
  • If that returns JSON (a models list), your key is fine → OpenClaw is loading a different key than you think.

Step 2 (most common fix): put the key where the Gateway service actually reads it

#

If you’re running OpenClaw as a service/daemon, it often won’t inherit your shell env. Put it here:

~/.openclaw/.env (on the Gateway host)

cat >> ~/.openclaw/.env <<'EOF'
OPENAI_API_KEY=sk-proj-...
EOF
openclaw gateway restart

Docs on env precedence (important: .env/config do not override an already-set env var):
https://docs.openclaw.ai/help/environment
https://docs.openclaw.ai/help/faq#env-vars-and-env-loading

Step 3: show what OpenClaw thinks it’s using

Paste (safe to share; don’t include any keys manually):