#402 status code (no body)

I've been getting this error after trying to add a cerebrus model as my fallback model. I followed the docs on the openclaw docs and am still getting the issue.

A 402 status code (no body) is almost always coming from the model provider, not OpenClaw itself — 402 = Payment Required (typically: no credits / billing not enabled / account suspended), and some providers return it with an empty body, hence “no body”.

For Cerebras, OpenClaw’s built-in provider is:

• provider id: cerebras
• auth env var: CEREBRAS_API_KEY
• OpenAI-compatible base URL: https://api.cerebras.ai/v1
  Source: https://docs.openclaw.ai/concepts/model-providers

To narrow it down quickly, can you paste:

1. openclaw --version (version mismatch causes weirdness surprisingly often)

2. The output of:

openclaw models status

openclaw models status --probe --probe-provider cerebras

(--probe does a real request; it may consume a tiny amount of tokens.)
Docs: https://docs.openclaw.ai/cli/models

3. Your model config snippet (redact keys), specifically:

• agents.defaults.model.primary
• agents.defaults.model.fallbacks
  Docs: https://docs.openclaw.ai/concepts/models

If the probe also returns 402, then it’s 99%: Cerebras account/billing/credits (the key is being accepted but the account can’t be billed). If the probe is fine but chat hits 402, then we’re likely not actually calling Cerebras (or you’re hitting a different provider than you think) — and the models status output will show which provider/model is resolved.

"OAuth/token status

• cerebras
  • cerebras:manual static
• google-gemini-cli
  • google-gemini-cli:default ok expires in 0m
• openai-codex usage: 168h 0% left ⏱5d 23h
  • openai-codex:default ok expires in 9d

Auth probes
┌──────────────────────┬─────────────────────────┬────────────┐
│ Model │ Profile │ Status │
├──────────────────────┼─────────────────────────┼────────────┤
│ cerebras/llama3.1-8b │ cerebras:manual (token) │ ok · 1.8s │
└──────────────────────┴─────────────────────────┴────────────┘
Probed 1 target in 1.9s
michaelikejiani2@opencode-tailscale:~$"

That output is actually a good sign: Cerebras is working on your gateway.

• Auth probes … cerebras/llama3.1-8b … ok means the Cerebras key + endpoint are fine (at least for that model).
• So if you’re still seeing 402 status code (no body), it’s very likely coming from some other provider/model, not Cerebras.

The one red flag in what you pasted is:

• openai-codex usage: 168h 0% left ⏱5d 23h

If Codex is your primary model, that “0% left” situation is a super plausible source of “payment/quota style” errors until the reset window.

To pinpoint it, can you paste:

1. openclaw --version

2. Your resolved model routing + fallbacks:

openclaw models status --plain
openclaw models fallbacks list

3. And the log lines around the failure (this is the fastest way to see which provider is returning 402):

openclaw logs --follow
# then trigger the error once, and paste ~20 lines around it

Also: in the logs, look for something like provider=... / the model ref — if it says openai-codex/... then your Cerebras fallback may never be reached (or the failure isn’t being classified as “failover-worthy”), and we can go from there with the exact snippet.

Failover rules doc (re: what errors advance to fallbacks): https://docs.openclaw.ai/concepts/model-failover

michaelikejiani2@opencode-tailscale:~$ openclaw --version
2026.2.21-2
michaelikejiani2@opencode-tailscale:~$ openclaw models status --plain
openclaw models fallbacks list

🦞 OpenClaw 2026.2.21-2 (35a57bc) — I'll do the boring stuff while you dramatically stare at the logs like it's cinema.

google-gemini-cli/gemini-3-flash-preview

🦞 OpenClaw 2026.2.21-2 (35a57bc) — Your config is valid, your assumptions are not.

Fallbacks (6):

• cerebras/llama3.1-8b
• cerebras/gpt-oss-120b
• anthropic/claude-haiku-4-5
• openai-codex/gpt-5.3-codex
• openai-codex/gpt-5.2
• google-gemini-cli/gemini-3-pro-preview

Nice — that clears it up a lot.

What your config says right now

• Primary model: google-gemini-cli/gemini-3-flash-preview
• Fallbacks start with Cerebras:
  1. cerebras/llama3.1-8b ✅ (we already saw this probes OK)
  2. cerebras/gpt-oss-120b (this one is very likely where the 402 is coming from)
     …then Anthropic, then Codex (and your Codex shows 0% left, so it may also fail when reached)

So: your Cerebras auth is fine. A 402 (no body) at this point usually means billing/credits/access for a specific model, not “your key is wrong”.

Fast way to confirm which model is throwing 402

Run logs while reproducing once:

openclaw logs --follow

Then trigger the error and paste ~20 lines around it — the log line almost always includes the resolved provider/model.

Quick isolation test (usually fixes it immediately)

Temporarily remove the suspicious model from fallbacks and try again:

openclaw models fallbacks remove cerebras/gpt-oss-120b
openclaw models fallbacks list

If the 402 disappears after removing gpt-oss-120b, then the answer is simply: your Cerebras account/key can call llama3.1-8b, but doesn’t have billing/entitlement for gpt-oss-120b (or it requires paid credits).

If you paste the log snippet showing which provider/model returns 402, I can tell you definitively whether it’s Cerebras vs Codex vs something else.

22:31:16 error diagnostic {"subsystem":"diagnostic"} lane task error: lane=main durationMs=41 error="FailoverError: OAuth token refresh failed for google-gemini-cli: Failed to refresh OAuth token for google-gemini-cli. Please try again or re-authenticate."
22:31:16 error diagnostic {"subsystem":"diagnostic"} lane task error: lane=session:agent:main:discord:channel:1476092924373499949 durationMs=46 error="FailoverError: OAuth token refresh failed for google-gemini-cli: Failed to refresh OAuth token for google-gemini-cli. Please try again or re-authenticate."
22:31:16 debug diagnostic {"subsystem":"diagnostic"} lane enqueue: lane=session:agent:main:discord:channel:1476092924373499949 queueSize=1
22:31:16 debug diagnostic {"subsystem":"diagnostic"} lane dequeue: lane=session:agent:main:discord:channel:1476092924373499949 waitMs=2 queueSize=0
22:31:16 debug diagnostic {"subsystem":"diagnostic"} lane enqueue: lane=main queueSize=1
22:31:16 debug diagnostic {"subsystem":"diagnostic"} lane dequeue: lane=main waitMs=1 queueSize=0
22:31:16 debug agent/embedded {"subsystem":"agent/embedded"} embedded run start: runId=5f92729b-e74f-46b2-9d6c-88ad9c606459 sessionId=2219d2b1-2686-4a66-ab36-da766a244e08 provider=cerebras model=llama3.1-8b thinking=low messageChannel=discord
22:31:16 debug diagnostic {"subsystem":"diagnostic"} run registered: sessionId=2219d2b1-2686-4a66-ab36-da766a244e08 totalActive=1
22:31:16 debug agent/embedded {"subsystem":"agent/embedded"} embedded run prompt start: runId=5f92729b-e74f-46b2-9d6c-88ad9c606459 sessionId=2219d2b1-2686-4a66-ab36-da766a244e08

22:31:16 debug agent/embedded {"subsystem":"agent/embedded"} embedded run agent start: runId=5f92729b-e74f-46b2-9d6c-88ad9c606459
22:31:16 debug agent/embedded {"subsystem":"agent/embedded"} embedded run agent end: runId=5f92729b-e74f-46b2-9d6c-88ad9c606459 isError=true
22:31:16 debug agent/embedded {"subsystem":"agent/embedded"} embedded run prompt end: runId=5f92729b-e74f-46b2-9d6c-88ad9c606459 sessionId=2219d2b1-2686-4a66-ab36-da766a244e08 durationMs=243
22:31:16 debug diagnostic {"subsystem":"diagnostic"} run cleared: sessionId=2219d2b1-2686-4a66-ab36-da766a244e08 totalActive=0
22:31:16 debug agent/embedded {"subsystem":"agent/embedded"} embedded run done: runId=5f92729b-e74f-46b2-9d6c-88ad9c606459 sessionId=2219d2b1-2686-4a66-ab36-da766a244e08 durationMs=322 aborted=false
22:31:16 debug diagnostic {"subsystem":"diagnostic"} lane task done: lane=main durationMs=327 active=0 queued=0
22:31:16 debug diagnostic {"subsystem":"diagnostic"} lane task done: lane=session:agent:main:discord:channel:1476092924373499949 durationMs=331 active=0 queued=0
Log tail truncated (increase --max-bytes).

I removed the gpt oss model and im still getting the 402

Those log lines aren’t a Cerebras problem — they show your primary provider (google-gemini-cli) is failing first, then OpenClaw is correctly failing over:

• FailoverError: OAuth token refresh failed for google-gemini-cli … re-authenticate
• then immediately: provider=cerebras model=llama3.1-8b

So the thing to fix is your Gemini CLI OAuth (and btw your earlier models status showing google-gemini-cli … expires in 0m matches this perfectly).

Fix: re-authenticate google-gemini-cli

Run (interactive):

openclaw models auth login --provider google-gemini-cli --set-default

If that provider plugin isn’t enabled for some reason:

openclaw plugins enable google-gemini-cli-auth

openclaw models auth login --provider google-gemini-cli --set-default

Docs reference: https://docs.openclaw.ai/concepts/model-providers (see “Gemini CLI OAuth”)

After reauth, I’d restart the gateway to clear any stuck refresh state:

openclaw gateway restart

If you’re still chasing the 402 (no body)

Your pasted snippet doesn’t include any 402 yet. Can you paste the next ~20 lines after:
embedded run prompt start … provider=cerebras model=llama3.1-8b

(or grep your logs for 402 + include the surrounding lines). That will tell us exactly which provider/model is returning 402 (my earlier suspicion was cerebras/gpt-oss-120b, but this run is on llama3.1-8b, which you already probed OK).

If reauth fixes it, please mark the solution (right-click message → Apps → ✅ Mark Solution) so Answer Overflow indexes it.

Yeah—removing cerebras/gpt-oss-120b was the right move, but your logs are showing a different problem first:

FailoverError: OAuth token refresh failed for google-gemini-cli … re-authenticate

So right now your primary (google-gemini-cli/gemini-3-flash-preview) can’t refresh its OAuth token, which forces OpenClaw to fall back every time.

1) Fix the primary first (Gemini CLI OAuth)

Run:

openclaw models auth login --provider google-gemini-cli --set-default
openclaw gateway restart

Then confirm it’s healthy:

openclaw models status

You should no longer see expires in 0m.

Also: start a fresh chat session after changing auth (/reset or /new in Discord), since session routing can be “sticky”.

2) Now we need the actual 402 line (who is returning it)

The snippet you pasted cuts off right before the real error (“log tail truncated”). Re-run with a bigger tail and grep for 402:

openclaw logs --max-bytes 2000000 | rg -n " 402 |status code|cerebras|openai-codex|google-gemini-cli"

(or do openclaw logs --follow --max-bytes 2000000, trigger it once, then paste the block that contains 402)

Once we see the line that includes provider=... model=... (or the request URL), we’ll know if the 402 is coming from:

• Cerebras (billing/entitlement on that key), or
• openai-codex (you have “0% left”, so it’s a usual suspect), or
• something else entirely.

If you paste the first log line that contains 402 + ~10 lines above it, I can tell you exactly what to change.

Completely different question. Aside from using cerebras, I want to use my Google AI studio API key as the fallback model to my gemini oauth models, is that possible? @woeful quiver

Yep — that’s possible, but it’s a different provider.

• google-gemini-cli/* = OAuth via Gemini CLI
• google/* = API key (Google AI Studio) via GEMINI_API_KEY (or GOOGLE_API_KEY fallback)
  Source: https://docs.openclaw.ai/concepts/model-providers

What to do

1. Make sure your AI Studio key is available to the gateway process:

export GEMINI_API_KEY="..."
# (or set it in your systemd/launchd env, docker env, etc.)
openclaw gateway restart

2. Add a google/... model as a fallback after your OAuth primary:

• Config way (~/.openclaw/openclaw.json):

{
  agents: {
    defaults: {
      model: {
        primary: "google-gemini-cli/…",
        fallbacks: [
          "google/…", // API-key Gemini
        ],
      },
    },
  },
}

• CLI way:

openclaw models list --provider google --all
openclaw models fallbacks add google/<pick-one-from-the-list>

That gives you exactly what you want: use OAuth normally, and if OAuth refresh breaks/expired, OpenClaw can fall back to the API-key provider.

If you paste the output of openclaw models list --provider google --all --plain I can tell you which exact google/<model-id> to pick for a sensible “Flash vs Pro” match.

I dont do that env stuff so tell me how I would set it up with just my API key

If you don’t want env vars at all, the easiest way is to store the Gemini (AI Studio) API key in OpenClaw’s auth profiles (so it lives on the gateway host in its auth store, not in your shell).

OpenClaw supports both env vars and auth profiles; secrets live in ~/.openclaw/agents/<agentId>/agent/auth-profiles.json. Source: https://docs.openclaw.ai/concepts/model-failover

Option A (recommended): interactive wizard

Run this on the machine where the gateway is running:

openclaw onboard

When it asks about model auth, pick Gemini (API key) / Google (Gemini) API key, then paste your AI Studio key.

Option B: add the key directly (no wizard)

openclaw models auth add

When prompted:

• provider: google

• type: API key
• paste your AI Studio key

(Provider id is google; the env var name if you were using env would be GEMINI_API_KEY. Source: https://docs.openclaw.ai/concepts/model-providers)

Then pick a google/... model

List available Google (API-key) models:

openclaw models list --provider google --all

Set it as primary (API-key only setup):

openclaw models set google/<model-from-the-list>

Or keep your OAuth primary (google-gemini-cli/...) and add an API-key fallback: