401 authentication | Friends of the Crustacean 🦞🤝 | Page 1

rugged vortex Mar 2, 2026, 1:39 PM

#

Hatch in TUI (recommended)
openclaw tui - ws://127.0.0.1:18789 - agent main - session main

session agent:main:main

Wake up, my friend!

why does this happen?

merry forgeBOT Mar 2, 2026, 1:39 PM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

molten trailBOT Mar 2, 2026, 1:40 PM

#

That specific error is almost always not the TUI failing to auth to the Gateway — it’s your model provider rejecting the LLM request.

In your footer you’re running on:

openrouter/openrouter/auto

OpenRouter returns 401 Missing Authentication header when the Gateway tries to call it without an Authorization: Bearer … header (i.e. you don’t have OPENROUTER_API_KEY loaded in the Gateway process).

What to do:

On the machine running the Gateway, run:

openclaw --version
openclaw models status

You should see OpenRouter as unauthenticated/missing.

#

Make sure the key is available to the Gateway service, not just your interactive shell.
Most reliable: put it in:

~/.openclaw/.env

with:

OPENROUTER_API_KEY=sk-or-...

Restart the gateway:

openclaw gateway restart

Docs:

OpenRouter setup: https://docs.openclaw.ai/providers/openrouter

#

“My env vars disappeared when running as a service”: https://docs.openclaw.ai/help/faq#i-started-the-gateway-via-the-service-and-my-env-vars-disappeared-what-now
TUI basics: https://docs.openclaw.ai/web/tui

If you paste the output of openclaw models status (it redacts secrets), I can tell you exactly what it’s missing.

rugged vortex Mar 2, 2026, 1:42 PM

#

🦞 OpenClaw 2026.3.1 (2a8ac97) — If something's on fire, I can't extinguish it—but I can write a beautiful postmortem.

Config : ~/.openclaw/openclaw.json
Agent dir : ~/.openclaw/agents/main/agent
Default : openrouter/openrouter/auto (from openrouter/auto)
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (1) : OpenRouter -> openrouter/auto
Configured models (1): openrouter/auto

Auth overview
Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (0): -

openrouter effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0, token=0, api_key=1) | openrouter:default=Sk-or-v1...968304f4

OAuth/token status

none

molten trailBOT Mar 2, 2026, 1:47 PM

#

That 401 Missing Authentication header is coming from OpenRouter, and it means: the Gateway tried to call https://openrouter.ai/api/v1/... without sending Authorization: Bearer <your key>.

The interesting part is: your openclaw models status shows an OpenRouter key does exist in ~/.openclaw/agents/main/agent/auth-profiles.json, so this is usually one of these:

You’re talking to a different Gateway instance/profile than the one you inspected

Run and paste:
```
openclaw gateway status
```
Pay attention to Config (cli) vs Config (service). If they differ, the daemon is running with a different state dir/config, so it won’t see the auth profile you think it should.

Gateway hasn’t picked up the auth profile yet

Do a restart (safe, fixes a lot of “why isn’t it using my new key” cases):
```
openclaw gateway restart
```
Then reopen the TUI and try again.

#401 authentication