#HTTP 401: Invalid Authentication

For Moonshot/Kimi, HTTP 401: Invalid Authentication is almost always one of these:

1. Using the wrong provider/key combo

• Moonshot K2 models are moonshot/... and expect MOONSHOT_API_KEY
• Kimi Coding models are kimi-coding/... and expect KIMI_API_KEY
  Keys are not interchangeable. Docs: https://docs.openclaw.ai/providers/moonshot

2. Wrong endpoint

• International: https://api.moonshot.ai/v1
• China: https://api.moonshot.cn/v1
  If your key was created for the CN endpoint but you’re hitting .ai (or vice versa), you’ll get 401.

3. Gateway service not actually loading the new key
   If you updated an env var in your shell but the gateway runs as a service, it likely won’t inherit it. Put the key in ~/.openclaw/.env (on the gateway host) or in the config env: { ... }, then openclaw gateway restart.

To pinpoint which one it is, can you paste (no secrets) the output of:

openclaw --version
openclaw models status
openclaw gateway status

…and tell me which model you’re trying to run (moonshot/... vs kimi-coding/...) + whether your gateway is local, VPS, or remote mode?

🦞 OpenClaw 2026.3.8 (3caab92)
Like having a senior engineer on call, except I don't bill hourly or sigh audibly.

Config : ~/.openclaw/openclaw.json
Agent dir : ~/.openclaw/agents/main/agent
Default : moonshot/kimi-k2.5
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (1) : Kimi -> moonshot/kimi-k2.5
Configured models (1): moonshot/kimi-k2.5

Auth overview
Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (0): -

• moonshot effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0, token=0, api_key=1) | moonshot:default=sk-kimi-...xxxxx | env=sk-kimi-...xxxxxx | source=env: MOONSHOT_API_KEY

OAuth/token status

• none
  Runtime: running (pid XXXX, state active, sub running, last exit 0, reason 0)
  RPC probe: ok

I did also just realize im using kimi code. but i tried updating to kimi code and it still failed with Error: Config validation failed: models.providers.kimi-coding.models.0.compat: Unrecognized key: "requiresOpenAiAnthropicToolPayload"

Yep — that explains both symptoms.

1) You’re holding a Kimi Code key, but your config is for Moonshot (OpenAI-style)

Right now your default model is moonshot/kimi-k2.5 and the provider is hitting the Moonshot OpenAI-compatible endpoint (https://api.moonshot.ai/v1). A Kimi Code key won’t authenticate there → classic HTTP 401: Invalid Authentication.

If you want Kimi Code, switch to the built-in kimi-coding provider/model.

Docs (copy/paste config): https://docs.openclaw.ai/providers/moonshot

2) Fix the config validation error

models.providers.kimi-coding.models.0.compat.requiresOpenAiAnthropicToolPayload is not a recognized key in 2026.3.8, so config validation is correctly rejecting it.

Also: you generally should not define models.providers.kimi-coding at all — kimi-coding is a built-in provider.

Use the minimal config (this is from the config reference):

{
env: { KIMI_API_KEY: "sk-..." },
agents: {
defaults: {
model: { primary: "kimi-coding/k2p5" },
models: { "kimi-coding/k2p5": { alias: "Kimi K2.5" } },
},
},
}

So:

• delete the whole models.providers.kimi-coding... block you added (and that compat key)
• set env.KIMI_API_KEY
• set default model to kimi-coding/k2p5

Then:

openclaw gateway restart
openclaw models status

If you paste your current models: / agents.defaults: snippets (redact the key), I can point out exactly what to remove/change.

give me more detail on how to achive your fix. where do i copy and paste the config? i did this openclaw onboard --auth-choice kimi-code-api-key already but it didnt work

You don’t “paste config into OpenClaw” anywhere in the UI — you either:

1. run an interactive wizard (openclaw configure / openclaw onboard) which writes to your config + auth store, or
2. edit the config file directly (~/.openclaw/openclaw.json), or
3. use openclaw config set … to edit that file safely.

From your earlier models status, you successfully added a key, but you’re still running the Moonshot model (moonshot/kimi-k2.5) — so you’ll keep getting 401 until you actually switch the model/provider.

Do this exact sequence (minimal + reliable)

A) Confirm which config file you’re editing

openclaw config file

You should see: ~/.openclaw/openclaw.json (matches what you posted).

B) Switch the default model to Kimi Coding

This is the part people miss after onboarding:

openclaw models set kimi-coding/k2p5

C) Restart gateway (so the running process definitely picks it up)

openclaw gateway restart

D) Verify the result

openclaw models status

What you want to see now:

• Default: kimi-coding/k2p5
• and an auth line for kimi-coding showing it has an API key (from profiles or env)

If step B fails (“model not allowed” / not in allowlist)

Run the model section wizard and select it (this edits agents.defaults.models for you):

openclaw configure --section model

Important: delete the bad config you added

This error:

models.providers.kimi-coding.models.0.compat: Unrecognized key: "requiresOpenAiAnthropicToolPayload"

…means you manually added a models.providers.kimi-coding... block. Remove that whole models.providers.kimi-coding block — kimi-coding is built-in and doesn’t need a models.providers entry. (That requires…ToolPayload thing is internal capability logic, not a user config knob.)

If you still get 401 after switching to kimi-coding/k2p5