#API limit reached

“API limit reached” is just OpenClaw’s generic user-facing message for “the upstream model API rejected the call” (usually HTTP 429 / sometimes 402/403). It’s not literally “you sent 3 Telegram messages so you hit 1000/day”.

A few common reasons this happens even when OpenRouter shows only a handful of requests:

1. You’re hitting a rate window limit (per‑minute / burst), not the daily cap
   3 Telegram prompts can still trigger multiple LLM calls (retries, tool/planner steps, etc.). Seeing ~6 requests in OpenRouter for 3 prompts is totally plausible.

2. OpenClaw is using a different OpenRouter API key than the one you’re checking (very common when running as a background service)
   The service can be running with old env/config, so your dashboard shows “6 requests” for one key, while the gateway is actually calling OpenRouter with another key that’s rate-limited/blocked.

3. It’s not OpenRouter that’s rate-limiting (could be another provider being used for some step). Logs will tell.

Fastest way to pin it down

On the machine running your gateway, please paste the output of these (they don’t include secrets):

openclaw --version
openclaw gateway status
openclaw models status
openclaw logs --follow

Then send one test message from Telegram and copy the log lines that include openrouter and the actual HTTP status code / error body (e.g. 429 + message).

Docs runbook (same command ladder): https://docs.openclaw.ai/gateway/troubleshooting
OpenRouter provider page: https://docs.openclaw.ai/providers/openrouter

Once you paste the log snippet, I can tell you exactly which case it is (rate window vs wrong key/service env vs something else) and the specific fix.

Okay I will do it when I reach home . I dont have the system right now?

All good — you’ll need access to the gateway machine to get the real answer, because OpenClaw only shows the short “API limit reached” message, but the gateway logs will show the actual upstream error (429 vs 402 vs auth mismatch, etc.).

When you’re home, the quickest “one shot” debug is:

1. Run:

openclaw --version
openclaw gateway status
openclaw models status
openclaw logs --follow

2. Send one Telegram message to the bot

3. Paste the few log lines that mention openrouter + the HTTP status/error text.

Also: seeing 6 OpenRouter requests for 3 Telegram messages can be normal (retries / extra internal steps). If it’s a burst rate-limit, sometimes it clears after waiting a minute or two — but the logs will confirm.

Refs:

• Troubleshooting ladder: https://docs.openclaw.ai/gateway/troubleshooting
• OpenRouter setup: https://docs.openclaw.ai/providers/openrouter

king@king:~$ openclaw --version
2026.3.2

king@king:~$ openclaw gateway status

🦞 OpenClaw 2026.3.2 (85377a2) — Your config is valid, your assumptions are not.

│
◇ Doctor warnings ────────────────────────────────────────────────────────╮
│ │
│ - channels.telegram.groupPolicy is "allowlist" but groupAllowFrom (and │
│ allowFrom) is empty — all group messages will be silently dropped. │
│ Add sender IDs to channels.telegram.groupAllowFrom or │
│ channels.telegram.allowFrom, or set groupPolicy to "open". │
│ │
├──────────────────────────────────────────────────────────────────────────╯
│
gateway connect failed: Error: unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.token)
◇
Service: systemd (enabled)
File logs: /tmp/openclaw/openclaw-2026-03-10.log
Command: /usr/bin/node /home/king/.npm-global/lib/node_modules/openclaw/dist/index.js gateway --port 18789
Service file: ~/.config/systemd/user/openclaw-gateway.service
Service env: OPENCLAW_GATEWAY_PORT=18789

Config (cli): ~/.openclaw/openclaw.json
Config (service): ~/.openclaw/openclaw.json

Gateway: bind=loopback (127.0.0.1), port=18789 (service args)
Probe target: ws://127.0.0.1:18789
Dashboard: http://127.0.0.1:18789/
Probe note: Loopback-only gateway; only local clients can connect.

Runtime: running (pid 64588, state active, sub running, last exit 0, reason 0)
Warm-up: launch agents can take a few seconds. Try again shortly.
RPC probe: failed
RPC target: ws://127.0.0.1:18789
gateway closed (1008): unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.token)
Gateway target: ws://127.0.0.1:18789
Source: cli --url
Config: /home/king/.openclaw/openclaw.json

Port 18789 is already in use.

• pid 64588 king: openclaw-gateway (127.0.0.1:18789)
• Gateway already running locally. Stop it (openclaw gateway stop) or use a different port.
  Listening: 127.0.0.1:18789
  Troubles: run openclaw status
  Troubleshooting: https://docs.openclaw.ai/troubleshooting

king@king:~$ openclaw models status

🦞 OpenClaw 2026.3.2 (85377a2)
I don't have opinions about tabs vs spaces. I have opinions about everything else.

Config : ~/.openclaw/openclaw.json
Agent dir : ~/.openclaw/agents/main/agent
Default : openrouter/openai/gpt-oss-120b:free
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (1) : OpenRouter -> openrouter/auto
Configured models (2): openrouter/auto, openrouter/openai/gpt-oss-120b:free

Auth overview
Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (0): -

• openrouter effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0, token=0, api_key=1) | openrouter:default=sk-or-v1...90589175

OAuth/token status

• none

Nice — 2026.3.2 is recent enough.

Next two things will usually reveal the cause immediately:

1) Check the gateway is using the same config/env you think it is

Run and paste:

openclaw gateway status

You’re looking for any mismatch like Config (cli) vs Config (service) (that often means the running service is using a different OPENROUTER_API_KEY than the one you updated).

2) Confirm which provider/model is actually being used + capture the real upstream error

Run and paste:

openclaw models status
openclaw logs --follow

Then send one Telegram message that triggers the error, and copy/paste the log lines that mention openrouter plus the HTTP status code (429/402/403) and the error text.

(If --follow is too spammy, do openclaw logs --limit 200 right after the failed Telegram message.)

Once I see the gateway status + the log snippet with the actual OpenRouter response, I can tell you if it’s:

• a burst/per-minute rate limit,
• a “wrong key / service still using old env” issue,
• or something else entirely.

That output is super helpful: right now your CLI can’t talk to your running gateway because of a gateway token mismatch:

unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.token)
RPC probe: failed

Until that’s fixed, openclaw models status / openclaw logs --follow won’t be reliable (they use the same RPC connection).

Fix the token mismatch (don’t paste tokens here)

On the gateway host, check what mode you’re in:

openclaw config get gateway.mode
openclaw config get gateway.remote.url

Then open ~/.openclaw/openclaw.json and make sure the client token matches the server token:

• gateway.auth.token = what the gateway service expects
• gateway.remote.token = what the CLI uses when it thinks it’s “remote”

So copy the value of gateway.auth.token into gateway.remote.token (or otherwise make them identical). Do not paste either token into Discord.

Restart the service:

openclaw gateway restart

Re-check:

openclaw gateway status

too much data in logs find specific

You want RPC probe: ok.

Then we can debug the OpenRouter “API limit reached”

Once RPC probe is ok, run:

openclaw models status
openclaw logs --follow

Send one Telegram message, and paste only the log lines showing the HTTP status (429/402/403) + the OpenRouter error text.

Separate note: the Doctor warning about channels.telegram.groupPolicy="allowlist" only matters if you’re chatting from a Telegram group (it’ll drop group messages). DMs are unaffected.

we go step by step

Yep — that message just means you accidentally tried to start a second gateway in the foreground while your systemd gateway service is already running on 127.0.0.1:18789 (pid 64588).

So don’t run openclaw gateway / openclaw gateway run right now.

What to do instead:

1. If you edited ~/.openclaw/openclaw.json (token fix), restart the existing service:

openclaw gateway restart

(Alternative Linux-native way:)

systemctl --user restart openclaw-gateway

2. Then re-check:

openclaw gateway status

You want the RPC probe to become ok (no more “gateway token mismatch”).

If it still shows token mismatch, tell me:

openclaw config get gateway.mode
openclaw config get gateway.remote.url
openclaw config get gateway.auth.mode

(Those are safe to paste — don’t paste any token values.)

Perfect — that confirms OpenClaw is using OpenRouter, and it’s using an API key profile (not shell env), with your default model set to a :free one.

Now we just need the real upstream error, because “API limit reached” is the generic wrapper.

Please capture the actual OpenRouter error from logs

1. Start log tail:

openclaw logs --follow

2. Send one Telegram message that triggers the “API limit reached”.

3. Copy/paste the log lines around the failure that mention openrouter and the HTTP status (e.g. 429, 402, 403) + the error text.

If --follow is too noisy, do this right after the failed Telegram message:

openclaw logs --limit 300

Why this matters

Even if you have “1000 free requests/day”, OpenRouter can still return 429 for things like burst/per-minute throttles or free-model capacity limits, and sometimes failed requests don’t show up the same way in the OpenRouter dashboard. The log message will tell us exactly which one it is and what the correct fix is (wait/window, switch model, add fallback, etc.).

king@king:~$ openclaw gateway status

🦞 OpenClaw 2026.3.2 (85377a2)
Deployed locally, trusted globally, debugged eternally.

│
◇ Doctor warnings ────────────────────────────────────────────────────────╮
│ │
│ - channels.telegram.groupPolicy is "allowlist" but groupAllowFrom (and │
│ allowFrom) is empty — all group messages will be silently dropped. │
│ Add sender IDs to channels.telegram.groupAllowFrom or │
│ channels.telegram.allowFrom, or set groupPolicy to "open". │
│ │
├──────────────────────────────────────────────────────────────────────────╯
│
gateway connect failed: Error: unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.token)
◇
Service: systemd (enabled)
File logs: /tmp/openclaw/openclaw-2026-03-10.log
Command: /usr/bin/node /home/king/.npm-global/lib/node_modules/openclaw/dist/index.js gateway --port 18789
Service file: ~/.config/systemd/user/openclaw-gateway.service
Service env: OPENCLAW_GATEWAY_PORT=18789

Config (cli): ~/.openclaw/openclaw.json
Config (service): ~/.openclaw/openclaw.json

Gateway: bind=loopback (127.0.0.1), port=18789 (service args)
Probe target: ws://127.0.0.1:18789
Dashboard: http://127.0.0.1:18789/
Probe note: Loopback-only gateway; only local clients can connect.

Runtime: running (pid 171599, state active, sub running, last exit 0, reason 0)
Warm-up: launch agents can take a few seconds. Try again shortly.
RPC probe: failed
RPC target: ws://127.0.0.1:18789
gateway closed (1008): unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.token)
Gateway target: ws://127.0.0.1:18789
Source: cli --url
Config: /home/king/.openclaw/openclaw.json

Port 18789 is already in use.

• pid 171599 king: openclaw-gateway (127.0.0.1:18789)
• Gateway already running locally. Stop it (openclaw gateway stop) or use a different port.
  Listening: 127.0.0.1:18789
  Troubles: run openclaw status
  Troubleshooting: https://docs.openclaw.ai/troubleshooting

Yep, the log stream is very chatty. Easiest is: trigger one failure, then only look at the last N lines and grep for the provider/error.

Option A (recommended): last 300 lines + filter

1. Send one Telegram message (the one that returns “API limit reached”)
2. Immediately run:

openclaw logs --limit 300 | egrep -i 'openrouter|429|402|403|rate|quota|limit|too many|capacity'

If that returns too much, narrow further:

openclaw logs --limit 300 | grep -i openrouter | tail -n 50

Option B: grep the file log directly (fastest)

From your earlier output, the file is:

/tmp/openclaw/openclaw-2026-03-10.log

Run:

tail -n 500 /tmp/openclaw/openclaw-2026-03-10.log | egrep -i 'openrouter|429|402|403|rate|quota|limit|too many|capacity'

Paste the matching lines here. (They shouldn’t include your API key, but if you see anything starting with sk-, redact it.)

Cool — one step at a time.

Step 1: Reproduce once

Send one Telegram message to your bot (something tiny like “hi”).

Then tell me: did it still reply “API limit reached”? (yes/no)

Step 2: Grab only the relevant error lines

Right after that Telegram message, run this exact command and paste the output:

openclaw logs --limit 200 | egrep -i 'openrouter|429|402|403|rate|quota|limit|too many|capacity'

If that prints nothing, say “empty output” and we’ll do the next step.

Got it — we can’t move on to OpenRouter yet because your CLI still cannot connect to the gateway:

unauthorized: gateway token mismatch …
RPC probe: failed

That means any RPC-based command (including openclaw logs …) will be unreliable until this is fixed.

Step 1 (safe): tell me what mode your CLI is in

Run these and paste the output (no secrets here):

openclaw config get gateway.mode
openclaw config get gateway.remote.url
openclaw config get gateway.auth.mode

Do not paste any token values.

Once I see those 3 lines, I’ll tell you the single next command to run (either switching you back to local mode, or syncing gateway.remote.token with gateway.auth.token).

You’re still running openclaw gateway (foreground) — that’s why you keep seeing:

Port 18789 is already in use … Gateway already running locally

Stop doing that. Your gateway service is already running fine.

Do this instead (Step 1)

Run these exact commands (they do not start another gateway, and they don’t require RPC):

openclaw config get gateway.mode
openclaw config get gateway.remote.url
openclaw config get gateway.auth.mode

Paste the output here.