#Azure api

Is it possible to use my azure api key for deepseek 3.2?

An Azure OpenAI API key won’t work with DeepSeek’s API by itself — keys are tied to the service/endpoint that issued them.

The only way it’s “yes” is if you’re not using DeepSeek’s own API at all, but instead using DeepSeek served through Azure (e.g. Azure AI Foundry / Model Catalog / serverless endpoint). In that case you authenticate to Azure’s endpoint (resource key or Entra token, depending on how you deployed it) — it’s still not the generic “Azure OpenAI key” unless you actually deployed it under Azure OpenAI.

If you tell me which one you mean:

1. Azure OpenAI (you have an https://<resource>.openai.azure.com/ endpoint)
2. Azure AI Foundry / Azure AI Inference endpoint for DeepSeek

…I can point you at the right setup approach. For OpenClaw-specific model/provider wiring, the general docs are here: https://docs.openclaw.ai/concepts/models (and for “is DeepSeek X available on Azure right now?” you’ll get the freshest answer in the #models channel).

I meant deepseek through azure, I have an azure endpoint
https://(REDACTED)/openai/deployments/DeepSeek-V3.2/chat/completions?api-version=2024-05-01-preview

Yep — if you’re hitting DeepSeek through Azure OpenAI (which that URL is), you use your Azure OpenAI resource key for that endpoint. Azure expects it in the api-key header (not Authorization: Bearer …).

Key gotcha: don’t treat that full URL as your “base URL” in tools/config. Split it like this:

• Host/base: https://<your-resource>.openai.azure.com
• Deployment name: DeepSeek-V3.2 (Azure uses the deployment in the path)
• Operation: /openai/deployments/<deployment>/chat/completions
• Query: api-version=… (Azure requires this)

If you’re wiring this into OpenClaw

Use the Custom API (OpenAI-compatible) flow (openclaw onboard → custom endpoint). For the URL, paste just:

https://<your-resource>.openai.azure.com

…and set Model ID to your deployment name (DeepSeek-V3.2). OpenClaw detects Azure URLs and will use the right header (api-key) and the Azure-style deployment path.

If you try it and get an Azure error about missing/invalid api-version, paste the exact error text — that usually means an API-version mismatch for that particular Azure deployment, and we can adjust from there.

that fails Verification failed: status 404

A 404 from that verification call almost always means the wizard is constructing the wrong URL (wrong baseUrl shape), not “bad key” (bad key is usually 401/403).

OpenClaw’s custom-endpoint verifier does this for Azure:

<baseUrl> → (if it looks like Azure) → …/openai/deployments/<modelId>/chat/completions?api-version=2024-10-21

So if you paste the full URL you showed (…/chat/completions?api-version=2024-05-01-preview) as the “base URL”, OpenClaw will effectively append another /chat/completions and you’ll get a 404.

What to enter in the wizard

Use one of these patterns:

Option A (recommended):

• Base URL: https://<your-host> (stop before /openai/… — just the host root)
• Model ID: DeepSeek-V3.2 (your Azure deployment name, exactly)

Option B (also OK):

• Base URL: https://<your-host>/openai/deployments/DeepSeek-V3.2 (stop before /chat/completions, no query string)

• Model ID: DeepSeek-V3.2

Do not include /chat/completions or ?api-version=… in the base URL field.

One more wrinkle: API version

The verifier currently uses api-version=2024-10-21. If your Azure endpoint only supports 2024-05-01-preview, you can still get a 404/400 even with the right base URL.

If you reply with just these two things, I can tell you which case it is:

1. What exact base URL did you paste into OpenClaw (redact the resource name, just keep the path shape)?
2. Does your endpoint work if you manually change api-version from 2024-05-01-preview to 2024-10-21?

I used

https://NAMEHERE-IDHERE-resource.cognitiveservices.azure.com/openai/deployments/

and then api key and say its openai compatiblle

That explains the 404.

Two problems with the URL you fed into the wizard:

1. It’s missing the deployment name.
   You gave …/openai/deployments/ (ends at the deployments folder), so the verifier ends up calling something like:
   …/openai/deployments/chat/completions → 404 (because there’s no deployment in the path).

2. *.cognitiveservices.azure.com isn’t recognized as “Azure” by OpenClaw’s custom-endpoint flow right now.
   OpenClaw only auto-detects Azure for hosts ending in .openai.azure.com or .services.ai.azure.com. If it doesn’t detect Azure, it won’t add the Azure bits (notably api-version, and it may use the wrong auth header style).

What to do

In the wizard, use the actual Azure OpenAI/Foundry endpoint root, e.g.:

• https://<resource>.openai.azure.com or
• https://<resource>.services.ai.azure.com

Then set Model ID = your deployment name (e.g. DeepSeek-V3.2).

If Azure only gives you the cognitiveservices.azure.com endpoint

Then this is currently an OpenClaw limitation/bug (Azure detection + api-version handling). The fastest path is to file an issue with:

• your OpenClaw version (openclaw --version)
• the endpoint suffix you have (…cognitiveservices.azure.com)
• that it 404s during custom endpoint verification

Issue tracker: https://github.com/openclaw/openclaw/issues

there are different keys i see now

my openai endp is
https://resource.openai.azure.com/openai/v1

do i used this what part of it?

Use only the host part, not the /openai/v1 path.

For OpenClaw’s “Custom API (OpenAI-compatible)” wizard, enter:

• Base URL: https://resource.openai.azure.com
  (stop there — don’t include /openai/v1, and don’t include /openai/deployments/... or /chat/completions)

• Model ID: your deployment name (e.g. DeepSeek-V3.2)

And for the key: use one of the two Azure OpenAI “Keys and Endpoint” keys (Key 1 or Key 2) for that same resource. Either key works; they’re just two interchangeable secrets.

Reason: OpenClaw detects *.openai.azure.com as Azure and will automatically build the Azure-style path /openai/deployments/<deployment>/chat/completions?.... If you include /openai/v1 in the base URL, it ends up double-prefixing paths and you’ll get 404s again.

after verification it asks for endpoint ID?

Yeah — Endpoint ID is just OpenClaw’s internal name for that custom provider entry (the key under models.providers in your config). It’s what you’ll reference as:

<endpoint-id>/<deployment-name>

So you can either:

• accept the suggested default, or
• set something short like: azure-deepseek / azure-openai / my-azure

Rules of thumb:

• lowercase + hyphens is safest
• it does not have to match anything in Azure
• it only matters for how you refer to the model later (and to avoid name collisions if you add more endpoints)

Right after that it’ll usually ask for an optional model alias (like deepseek), which is just a convenience shortcut for /model.

Give me full steps for uninstalling and reinstalling

Here are the full “clean uninstall → reinstall” steps, straight from the docs, with a couple safety notes.

Docs: https://docs.openclaw.ai/install/uninstall and https://docs.openclaw.ai/start/getting-started

0) Decide: keep your data or nuke everything?

OpenClaw stores everything (config, sessions, auth, channel creds) under:

• State dir: ~/.openclaw (or ~/.openclaw-<profile> if you used --profile)
• Workspace: ~/.openclaw/workspace

If you want a “factory reset” but might want to recover later, do this first:

mv ~/.openclaw ~/.openclaw.bak
# (and if you used profiles)
# mv ~/.openclaw-myprofile ~/.openclaw-myprofile.bak

1) Uninstall (easy path — recommended)

If openclaw still runs:

openclaw uninstall

That will guide you through stopping the gateway + removing the service + (optionally) deleting state/workspace.

Fully non-interactive “remove everything”:

openclaw uninstall --all --yes --non-interactive

2) If the CLI is gone but the gateway service is still running (manual)

macOS (launchd)

launchctl bootout gui/$UID/ai.openclaw.gateway
rm -f ~/Library/LaunchAgents/ai.openclaw.gateway.plist

Linux (systemd user unit)

systemctl --user disable --now openclaw-gateway.service
rm -f ~/.config/systemd/user/openclaw-gateway.service
systemctl --user daemon-reload

Windows (Scheduled Task)

schtasks /Delete /F /TN "OpenClaw Gateway"
Remove-Item -Force "$env:USERPROFILE\.openclaw\gateway.cmd"

Then delete the state dir (~/.openclaw / ~\.openclaw) if you truly want it gone.

3) Reinstall

macOS/Linux

curl -fsSL https://openclaw.ai/install.sh | bash
openclaw onboard --install-daemon

Windows (PowerShell)

iwr -useb https://openclaw.ai/install.ps1 | iex
openclaw onboard --install-daemon

Verify it’s running + open UI:

openclaw gateway status

openclaw dashboard

If you tell me your OS (macOS/Linux/Windows/WSL) and whether you used profiles, I can tailor the exact “delete the right folders / remove the right service” commands so you don’t accidentally wipe the wrong thing.

for some reason after install every single model is listed

That’s normal behavior, not a broken install.

OpenClaw ships with a big built-in model catalog, so the model picker/models list can show “everything it knows about”, even though you haven’t configured/authorized all of it.

How to see only what you actually configured

• CLI: run without the full-catalog flag:
  • openclaw models list (configured only)
  • openclaw models list --all (everything)
• And openclaw models status will show what’s actually selected + which providers have auth.

How to make /model only show your few models (recommended)

Set an allowlist in config via agents.defaults.models. Example (just your Azure DeepSeek deployment):

{
  agents: {

    defaults: {
      model: { primary: "azure-deepseek/DeepSeek-V3.2" },
      models: {
        "azure-deepseek/DeepSeek-V3.2": { alias: "deepseek" },
      },
    },
  },
}

After that, /model list becomes “small and sane” because only allowlisted models appear.

Docs: https://docs.openclaw.ai/concepts/models

If you tell me whether you’re seeing “every model” in CLI (openclaw models list) or in the Discord /model picker, I can point you at the exact knob to make that view minimal.

I get this when I try to use deepseek

[agent/embedded] low context window: deepseek-v3-2/DeepSeek-V3.2 ctx=16000 (warn<32000) source=modelsConfig

That line is a warning, not a hard error.

It means: for your custom Azure deployment, OpenClaw currently believes the model’s context window is 16,000 tokens, and it warns whenever a model is < 32,000 (because agent workflows/tool-use get a lot nicer above that).

What you can do

Option A — ignore it (if your Azure DeepSeek deployment really is 16k)

Nothing is “broken” — you’ll just have a smaller working memory and you may hit compaction sooner.

Option B — set the real context window for that deployment (recommended if it supports more)

Edit your config and bump the model’s contextWindow to whatever Azure says your deployment supports:

~/.openclaw/openclaw.json → under:

models.providers.<your-endpoint-id>.models[]

Find the entry with id: "DeepSeek-V3.2" and set:

{
  models: {
    providers: {
      "deepseek-v3-2": {
        models: [
          {
            id: "DeepSeek-V3.2",
            contextWindow: 64000, // <-- put the real number here
            // maxTokens: ... (optional)
          },
        ],
      },
    },
  },
}

Important: don’t set it higher than Azure actually allows, or OpenClaw may start sending prompts that the endpoint rejects.

If you paste the models.providers.<id>.models block you currently have (redact keys/host), I can tell you exactly what line to change.

run error: HTTP 404: Resource not found

[agent/embedded] low context window: deepseek-v3-2/DeepSeek-V3.2 ctx=16000 (warn<32000) source=modelsConfig
14:45:52 [tools] tools.profile (coding) allowlist contains unknown entries (apply_patch, image). These entries won't match any tool unless the plugin is enabled.
14:45:53 [agent/embedded] embedded run agent end: runId=685f2ce3-ed57-4f26-86f5-f6614f371f9f isError=true error=HTTP 404: Resource not found

That log actually contains three different things:

1. The DeepSeek failure (real problem):
   run error: HTTP 404: Resource not found

2. A harmless warning:
   low context window … ctx=16000 (this won’t cause a 404)

3. Unrelated config noise:
   tools.profile (coding) allowlist contains unknown entries (apply_patch, image) (separate issue; doesn’t affect Azure model calls)

Why you’re getting HTTP 404 on Azure DeepSeek

For Azure OpenAI, 404 almost always means the request URL is wrong, typically one of:

• wrong deployment name in the URL, or

• OpenClaw is hitting the right path but missing the required api-version query param, or
• the provider baseUrl ended up being something like …/openai/v1 (wrong for the Azure “deployments” style) or …/openai/deployments/ (missing the deployment).

Since you said verification succeeded earlier, the key + deployment probably exist — so I strongly suspect runtime is using a different baseUrl shape (or dropping api-version).

Quick thing to paste so we can pinpoint it

Please run one of these and paste the output (redact keys):

• In chat: /model status (it shows the provider baseUrl + api mode), or
• In terminal: openclaw models status

Also tell me your version:

openclaw --version

What I expect your config to look like (sanity check)

In ~/.openclaw/openclaw.json, your custom provider should have a baseUrl like:

• ✅ https://resource.openai.azure.com/openai/deployments/DeepSeek-V3.2
• ❌ not https://resource.openai.azure.com/openai/v1
• ❌ not https://resource.openai.azure.com/openai/deployments/ (missing deployment)

If you paste just your models.providers.deepseek-v3-2 block (with apiKey removed), I can tell you immediately if it’s the URL shape issue vs the api-version issue.

🦞 OpenClaw 2026.3.8 (3caab92) — iMessage green bubble energy, but for everyone.

Config : ~.openclaw\openclaw.json
Agent dir : ~.openclaw\agents\main\agent
Default : deepseek-v3-2/DeepSeek-V3.2
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (1) : DeepSeek-V3.2 -> deepseek-v3-2/DeepSeek-V3.2
Configured models (1): deepseek-v3-2/DeepSeek-V3.2

Auth overview
Auth store : ~.openclaw\agents\main\agent\auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (0): -

• deepseek-v3-2 effective=models.json:Cul0AYX6...ACOGu6S6 | models.json=Cul0AYX6...ACOGu6S6 | source=models.json: ~.openclaw\agents\main\agent\models.json

OAuth/token status

• none

C:\Users\ti>

OpenClaw 2026.3.8 (3caab92)

model set failed: Error: model not allowed: deepseek-v3-2/status

in my openclaw.json its

"baseUrl": "https://RESOURCE.openai.azure.com/openai/deployments/DeepSeek-V3.2",
"apiKey": "...9....CCACfhMk5.....AAAACOGu6S6",
"api": "openai-completions",
"models": [
{
"id": "DeepSeek-V3.2",
"name": "DeepSeek-V3.2 (Custom Provider)",
"reasoning": false,
"input": [
"text"
],
"cost": {
"input": 0,
"output": 0,
"cacheRead": 0,
"cacheWrite": 0
},
"contextWindow": 16000,
"maxTokens": 4096

You’ve got enough info here to explain the 404.

1) You’re editing the wrong file (important)

Your openclaw models status says the provider is coming from:

~\.openclaw\agents\main\agent\models.json

So even if you edit ~\.openclaw\openclaw.json, models.json wins for that provider right now. Any baseUrl fix needs to be applied in that file (or you need to move the provider definition into openclaw.json and remove/override it in models.json).

2) Why Azure returns HTTP 404: Resource not found

Your configured baseUrl is:

https://RESOURCE.openai.azure.com/openai/deployments/DeepSeek-V3.2

That “deployments” style endpoint normally requires ...?api-version=... on every call. If the runtime request goes out without api-version, Azure often responds with 404.

Your earlier verification succeeded because the wizard explicitly adds an api-version during verification — but your saved baseUrl does not include one, and runtime may not be adding it.

Fastest workaround to try (uses Azure’s /openai/v1 endpoint)

Since you said Azure shows:

https://RESOURCE.openai.azure.com/openai/v1

Try switching your provider baseUrl to that in models.json:

1. Edit:
   ~\.openclaw\agents\main\agent\models.json

2. Change just the provider baseUrl to:

"baseUrl": "https://RESOURCE.openai.azure.com/openai/v1"

(keep api: "openai-completions" and keep the model id DeepSeek-V3.2)

3. Restart:

openclaw gateway restart

4. Retry the model.

If that works, you’ve avoided the whole api-version problem.

Also: this error is just a typo

model not allowed: deepseek-v3-2/status → you tried to set a model named status.
Use:

• openclaw models set deepseek-v3-2/DeepSeek-V3.2 (or your alias)

If the /openai/v1 baseUrl still 404s, paste your provider block from models.json (just the deepseek-v3-2 section, redact the apiKey) and I’ll tell you the next best fix (it’ll likely be “OpenClaw needs configurable Azure api-version for custom providers”, i.e. a GitHub issue + a proxy workaround).

still having an issue

16:07:52 [agent/embedded] low context window: deepseek-v3-2/DeepSeek-V3.2 ctx=16000 (warn<32000) source=modelsConfig
16:07:52 [tools] tools.profile (coding) allowlist contains unknown entries (apply_patch, image). These entries won't match any tool unless the plugin is enabled.
16:07:54 [agent/embedded] embedded run agent end: runId=25129354-8f9e-4c21-826e-bd012dad1b41 isError=true error=HTTP 404: Resource not found

🦞 OpenClaw 2026.3.8 (3caab92) — Open source means you can see exactly how I judge your config.

Config : ~.openclaw\openclaw.json
Agent dir : ~.openclaw\agents\main\agent
Default : deepseek-v3-2/DeepSeek-V3.2
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (1) : DeepSeek-V3.2 -> deepseek-v3-2/DeepSeek-V3.2
Configured models (1): deepseek-v3-2/DeepSeek-V3.2

Auth overview
Auth store : ~.openclaw\agents\main\agent\auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (0): -

• deepseek-v3-2 effective=models.json:Cul0AYX6...ACOGu6S6 | models.json=Cul0AYX6...ACOGu6S6 | source=models.json: ~.openclaw\agents\main\agent\models.json

OAuth/token status

• none

{
"providers": {
"deepseek-v3-2": {
"baseUrl": "https://resource.openai.azure.com/openai",
"apiKey": "Cul....6S6",
"api": "openai-completions",
"models": [
{
"id": "DeepSeek-V3.2",
"name": "DeepSeek-V3.2 (Custom Provider)",
"reasoning": false,
"input": [
"text"
],
"cost": {
"input": 0,
"output": 0,
"cacheRead": 0,
"cacheWrite": 0
},
"contextWindow": 16000,
"maxTokens": 4096,
"api": "openai-completions"
}
]
}
}
}

Your current baseUrl is the reason for the 404:

"baseUrl": "https://resource.openai.azure.com/openai"

With api: "openai-completions", the client will try to hit something like:

https://resource.openai.azure.com/openai/chat/completions

…and that endpoint doesn’t exist, so Azure returns 404 Resource not found.

Fix: point it at the /openai/v1 base

Change the provider baseUrl in:

~\.openclaw\agents\main\agent\models.json

to:

"baseUrl": "https://resource.openai.azure.com/openai/v1"

(leave the rest as-is for now)

Then:

openclaw gateway restart

and retry.

Notes

• Keep Model ID = your deployment name (DeepSeek-V3.2), as you already have.
• The “low context window” line is just a warning.
• The tools.profile … unknown entries (apply_patch, image) warning is unrelated; you can clean it up later by removing those from your tools.profile (coding) allowlist.

If after switching to /openai/v1 you still get 404 (or you start getting 401/403), paste the next error line — that’ll tell us whether it’s now an auth-header mismatch (api-key vs Authorization) or an endpoint mismatch.

16:13:53 [agent/embedded] low context window: deepseek-v3-2/DeepSeek-V3.2 ctx=16000 (warn<32000) source=modelsConfig
16:13:53 [tools] tools.profile (coding) allowlist contains unknown entries (apply_patch, image). These entries won't match any tool unless the plugin is enabled.
16:13:55 [agent/embedded] embedded run agent end: runId=b8224023-1529-4340-a481-6ee42a42af39 isError=true error=HTTP 404: Resource not found

what should I run to give you all the info

You already pasted the key bit — and it shows the problem:

"baseUrl": "https://resource.openai.azure.com/openai"

For api: "openai-completions" that will hit /openai/chat/completions → 404.

First: fix the baseUrl (then we’ll collect diagnostics if it still fails)

Edit:

~\.openclaw\agents\main\agent\models.json

Change to:

"baseUrl": "https://resource.openai.azure.com/openai/v1"

Then:

openclaw gateway restart

Try again. If it still 404s after that, run these and paste outputs (redact keys/resource name):

Commands to paste (safe / redacted)

1. Full status bundle:

openclaw status --all

2. Deep probes:

openclaw status --deep
openclaw health --verbose

3. Right after reproducing the 404, grab recent logs:

openclaw logs --limit 200

And also paste your updated models.json provider block again (just the deepseek-v3-2 section) so I can confirm it actually picked up /openai/v1.

accourding to azure I should have 1M context, is it as simple as increasing it in the file?

Not quite “unlockable” from OpenClaw — but yes, you should set it in the file if Azure really supports it for that deployment.

What changing contextWindow does (and doesn’t do)

• ✅ It tells OpenClaw how much context it’s allowed to plan/budget for (compaction thresholds, warnings, how much history it tries to keep).
• ❌ It does not magically increase what Azure will accept. If you set it higher than the real limit, Azure will start rejecting requests once prompts get too big.

What to change

In your ~\.openclaw\agents\main\agent\models.json, update the model entry:

{
  "id": "DeepSeek-V3.2",
  "contextWindow": 1000000,
  "maxTokens": 4096 // optionally raise if Azure allows more output too
}

Then restart:

openclaw gateway restart

One more gotcha: global cap

OpenClaw can also cap effective context via:

• agents.defaults.contextTokens

If that’s set (to e.g. 16000/32000), it will override your model’s contextWindow. If you want to actually use 1M, make sure agents.defaults.contextTokens is unset or high enough.

If you paste the agents.defaults section of your ~\.openclaw\openclaw.json (no secrets), I can tell you if you have a cap in place.

DO NOT USE DEEPSEEK XD