#Keep getting this error

1 messages · Page 1 of 1 (latest)

azure flameBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

trim cometBOT
#

That error means OpenClaw tried to use an Anthropic/Claude model, but Anthropic auth is missing/invalid, so it skips the entire anthropic provider. If your agent’s model list is only Anthropic (or the fallback list is also Anthropic), you’ll get “All models failed”.

Do this on the gateway host (the machine running the gateway):

  1. Sanity check version
openclaw --version
  1. See what auth/profile OpenClaw thinks it has
openclaw models status
# if it still looks weird:
openclaw models status --json
  1. Re-auth Anthropic (pick ONE path):
#

A) Using an Anthropic API key (billing / standard API)

openclaw onboard
# choose: Anthropic API key
# or:
openclaw onboard --anthropic-api-key "$ANTHROPIC_API_KEY"

B) Using Claude subscription (setup-token)

  • Generate token (can be any machine):
claude setup-token
  • Then paste it into the gateway host:
# 
openclaw models auth paste-token --provider anthropic
# (or run on the gateway host)
openclaw models auth setup-token --provider anthropic
  1. Watch logs for the exact reason (usually 401 / refresh failure):
openclaw logs --follow

Troubleshooting runbook: https://docs.openclaw.ai/gateway/troubleshooting

If you paste the output of openclaw --version + openclaw models status (redact tokens), I can tell you which auth path you’re currently on and what’s missing.

#

Your openclaw models status is actually super informative:

  • You’re not using an Anthropic API key (api_key=0)
  • You’re using a Claude subscription setup-token (token=1, starts with sk-ant-oat…)
  • That token/profile is currently marked unusable in cooldown ([cooldown 21m])
  • And you have no non-Anthropic fallback models configured, so when Anthropic auth is bad, the agent has nowhere to go.

Fix (setup-token path)

  1. Generate a fresh setup-token (on any machine that has Claude Code CLI):
claude setup-token
  1. Paste it onto the gateway host:
openclaw models auth paste-token --provider anthropic
#
  1. Restart the gateway (to clear any in-memory “provider is bad” state):
openclaw gateway restart
  1. Verify:
openclaw models status

You want that Anthropic profile to show as usable (no cooldown).

Docs: https://docs.openclaw.ai/providers/anthropic

If it still fails

Run:

# 
openclaw logs --follow

Then trigger one message to the agent and paste the ~20 lines around the first Anthropic error (it’ll usually be a 401/invalid token vs 429/rate limit — the fix differs).

#

You’re very close — now you’ve got 2 Anthropic setup-tokens configured, but both profiles are still in cooldown, so the agent still has zero usable models (and your fallbacks are also just Opus again).

The key now is: find out why Anthropic is putting those profiles into cooldown (401 vs 429 vs bad beta header, etc.). Best way is a live probe:

openclaw models status --probe --probe-provider anthropic

That will print the actual failure reason per profile. Then:

  • If it’s 401/invalid token → generate a fresh setup-token and enter it again:
    claude setup-token
openclaw models auth setup-token --provider anthropic
openclaw gateway restart
  • If it’s 429 / rate limit → new tokens won’t help; you just need to wait out the limit, or switch to an API key plan.
#
  • If it complains about a beta/header (e.g. 1M context / context1m) → remove that setting from your model params.

Also, your fallback list being opus -> opus is a footgun. At minimum, set Sonnet as fallback (still Anthropic, but better than a duplicate):

openclaw models fallbacks clear
openclaw models fallbacks add anthropic/claude-sonnet-4-6

If you paste the output of openclaw models status --probe --probe-provider anthropic (redact tokens), we can tell exactly which of the above it is.

#

That probe result nails it: both of your Anthropic setup-tokens are invalid (HTTP 401 … Invalid bearer token). Cooldown won’t fix this — you need to replace the token(s).

Fix (Claude subscription / setup-token)

On any machine with Claude Code installed:

claude setup-token

Then on the gateway host (where OpenClaw runs), paste the new token (don’t post it in Discord):

openclaw models auth setup-token --provider anthropic
# (or, if you already have the token in your clipboard/history)
openclaw models auth paste-token --provider anthropic

Then verify:

# 
openclaw models status --probe --probe-provider anthropic

If it probes OK but the agent still errors, restart the gateway:

openclaw gateway restart

Docs (same flow): https://docs.openclaw.ai/providers/anthropic

Alternative (API key instead of subscription token)

If you’d rather not use setup-tokens, switch to an Anthropic API key auth path (usage-based billing): https://docs.openclaw.ai/providers/anthropic#option-a-anthropic-api-key

If you want, paste your openclaw models status again after re-auth (redact tokens) and we’ll confirm it’s clean.

#

If it’s still saying “Provider anthropic has auth issue”, then one of these is happening:

  1. the new token still isn’t valid, or
  2. you updated auth in a different OpenClaw home/user than the gateway service is actually running under.

Let’s disambiguate with two commands (paste output, redact tokens):

1) Re-run the live Anthropic probe (this is the ground truth)

openclaw models status --probe --probe-provider anthropic
  • If it still shows HTTP 401 … Invalid bearer token → the token you pasted isn’t a working Claude setup-token (or it got truncated/expired). Generate a fresh one again with claude setup-token, then openclaw models auth setup-token --provider anthropic.

2) Confirm the gateway service is using the same config/home you’re editing

openclaw gateway status --deep
#

Look for whether Config (service) / state dir differs from your CLI’s Config: ~/.openclaw/openclaw.json.

If they differ, you’re editing the wrong place. In that case: run the openclaw models auth … command as the same user that the gateway service runs as (or point your CLI at the same config/state directory), then restart the gateway.

Post those two outputs and we’ll tell you exactly which case you’re in.

trim cometBOT
#

Your gateway/service is fine and it’s reading the same config as your CLI (Config (cli) == Config (service)), so this is not a “wrong user / wrong home dir” problem.

At this point it can only be one thing: the Anthropic tokens that OpenClaw currently has stored are still invalid (or you pasted a token that isn’t a working setup-token).

Do this exactly (and don’t paste the token into Discord)

  1. Overwrite the existing anthropic:default profile with a fresh token
  • Generate a fresh one:
claude setup-token
  • Paste it into OpenClaw, explicitly targeting the profile id:
openclaw models auth paste-token --provider anthropic --profile-id anthropic:default
#
  1. Force Anthropic to use only that profile (so you don’t have multiple broken ones competing)
openclaw models auth order set --provider anthropic anthropic:default
  1. Probe again (this must turn green)
openclaw models status --probe --probe-provider anthropic

If step (3) still shows HTTP 401 … Invalid bearer token, then the token you’re generating isn’t usable for the Anthropic API on your account right now. In that case, the reliable fix is to switch to an Anthropic API key (docs recommend this for Anthropic direct):
https://docs.openclaw.ai/providers/anthropic#option-a-anthropic-api-key
and if you’re running under systemd, put it in ~/.openclaw/.env (so the daemon can read it):
https://docs.openclaw.ai/gateway/authentication

Post the output of (3) (it’s safe; just don’t include the token itself) and we’ll confirm which branch you’re in.

#

That “Wake up, my friend!” screen won’t ever get past first reply until Anthropic auth probes clean — right now the gateway is still treating Anthropic as unusable, so the agent has no model it can run.

You already confirmed the important part: CLI + systemd service are using the same config, so this is down to the stored Anthropic token still being invalid.

Please run this again (and paste the output)

openclaw models status --probe --probe-provider anthropic

If it still shows HTTP 401 … Invalid bearer token

Do this exact overwrite flow (so we know you replaced the token OpenClaw is using):

  1. Generate a fresh setup-token:
claude setup-token
#
  1. Paste it, explicitly overwriting the default profile:
openclaw models auth paste-token --provider anthropic --profile-id anthropic:default
  1. Force Anthropic to use only that profile:
openclaw models auth order set --provider anthropic anthropic:default
  1. Re-probe:
openclaw models status --probe --probe-provider anthropic
  1. Restart gateway + reopen the TUI: