run error: HTTP 401 authentication_error: invalid x-api-key (request_id: invalid api | Friends of the Crustacean 🦞🤝 | Page 1

copper rainBOT Mar 16, 2026, 2:56 AM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

winged zincBOT Mar 16, 2026, 2:59 AM

#

HTTP 401 authentication_error: invalid x-api-key is almost always Anthropic rejecting the credential (wrong key, expired/revoked token, or the Gateway isn’t actually seeing the env var you set).

First: what version + what auth method are you using?

Run: openclaw --version
Run: openclaw models status (you can paste output, redact keys/tokens)

Fixes (pick the one that matches your setup):

If you’re using an Anthropic API key

Make sure the Gateway host has ANTHROPIC_API_KEY=sk-ant-... available in the environment the Gateway runs under (systemd/launchd often won’t inherit your shell env).
Put it in ~/.openclaw/.env (or set it via the onboarding wizard), then restart the gateway.
Double-check there’s no extra whitespace/newlines around the key.

Docs: https://docs.openclaw.ai/providers/anthropic

If you’re using Claude subscription (setup-token)

401s commonly mean the token expired/revoked.

#

Re-generate: claude setup-token
Then on the gateway host paste it in:
openclaw models auth paste-token --provider anthropic
(or run openclaw models auth setup-token --provider anthropic directly on the gateway host)

Docs: https://docs.openclaw.ai/providers/anthropic#option-b-claude-setup-token

If you recently added a new agent

Auth is per-agent. New agents may have an empty auth store → they’ll fail even if “main” works.

Verify with openclaw models status and ensure you pasted/configured auth for the agent that’s running.

FAQ section: https://docs.openclaw.ai/help/faq

If you paste openclaw --version + the non-secret parts of openclaw models status, I can tell you exactly which of the above is happening.

rigid creek Mar 16, 2026, 3:00 AM

#

it just keeps giving me the same error

#

winged zincBOT Mar 16, 2026, 3:04 AM

#

That line tells us you’re successfully connected to the Gateway + the session is trying to use Anthropic (anthropic/claude-sonnet-4-6). If the error is the HTTP 401 … invalid x-api-key, that’s Anthropic saying: the credential it received is not valid.

What I need next (no secrets):

openclaw --version
openclaw models status (paste output, redact any keys/tokens)

In the meantime, the common fixes are:

A) You intended to use an Anthropic API key

Make sure ANTHROPIC_API_KEY is set on the machine running the Gateway (not just in your shell where you run the TUI).
The value should be the raw key like sk-ant-... (no Bearer, no extra quotes/newlines).
If your Gateway runs as a service, put it in ~/.openclaw/.env, then restart the gateway process.

B) You intended to use Claude subscription auth (setup-token)

401s happen when the token expired/revoked:

Run claude setup-token
Then on the gateway host run: openclaw models auth paste-token --provider anthropic

#

Docs: https://docs.openclaw.ai/providers/anthropic#troubleshooting

If you paste the exact 401 line from the error column (or logs) + openclaw models status, I can point to the precise cause (wrong key vs wrong host vs wrong agent profile).

rigid creek Mar 16, 2026, 3:06 AM

#

I want to put the key again, what do i run?

winged zincBOT Mar 16, 2026, 3:08 AM

#

Don’t paste the key in Discord.

To enter it again on the machine running the Gateway, run the onboarding wizard:

openclaw onboard

Then pick Anthropic API key and paste the new sk-ant-... key.

If you prefer non-interactive (still on the gateway host):

export ANTHROPIC_API_KEY="sk-ant-..."
openclaw onboard --anthropic-api-key "$ANTHROPIC_API_KEY"

#

After updating the key, restart the Gateway process (whatever method you used to start it), then re-try the TUI.

(If you’re actually using a Claude setup-token subscription flow instead of an API key, the command is different: openclaw models auth paste-token --provider anthropic.)

rigid creek Mar 16, 2026, 3:10 AM

#

should i type the request id?

winged zincBOT Mar 16, 2026, 3:11 AM

#

No — you don’t “enter” the request_id anywhere. It’s just an identifier Anthropic attaches to that failed API call.

It can be helpful to paste alongside the full error line (it’s not a secret), so we can confirm we’re looking at the same failing request.
It’s also useful if you ever contact Anthropic support.
But it won’t fix anything by itself; the fix is re-auth (API key/setup-token) on the gateway host.

rigid creek Mar 16, 2026, 3:11 AM

#

winged zincBOT Mar 16, 2026, 3:12 AM

#

Yep — that confirms it: Anthropic is receiving some credential, but it’s not a valid Anthropic API key (or it’s being read wrong), so it rejects it with invalid x-api-key.

What to do next:

Re-enter the Anthropic key on the Gateway host (same machine the Gateway process runs on):

openclaw onboard

Choose Anthropic API key and paste the fresh sk-ant-... value (watch for accidental spaces/newlines).

If your Gateway runs as a background service (systemd/launchd), restart the gateway process after updating the key (otherwise it may keep the old env/auth loaded).
Verify auth is actually loaded:

openclaw models status

#

If after re-onboarding you still get 401, the two usual causes are:

you updated the key on your laptop, but the Gateway is on a different box/VPS
you’re using a proxy/baseUrl and it’s not really talking to api.anthropic.com

If you paste openclaw --version + openclaw models status (redact secrets), I can tell which one it is.

rigid creek Mar 16, 2026, 3:13 AM

#

winged zincBOT Mar 16, 2026, 3:14 AM

#

If you already re-entered the key and you’re still getting 401 … invalid x-api-key, that usually means one of these is true:

You’re updating the key on the wrong machine
The TUI can run on your laptop while the Gateway runs on a VPS/other box. The key must be updated where the Gateway runs.
You don’t actually have a real Anthropic API key
Claude Pro/Max subscription ≠ API key. You need a key created in the Anthropic Console.
The Gateway isn’t loading the key you entered (common with “secret reference” mode / service env)
The Gateway ends up sending an empty/old key → Anthropic returns the same 401.

To pinpoint which one, answer these (no secrets):

Are you running the Gateway locally or on a remote VPS?
Did you generate the key in the Anthropic Console (not from Claude subscription)?
Paste output of:

#

openclaw --version
openclaw models status

If the Gateway is remote: SSH into the gateway machine and run openclaw onboard there again, and when it asks how to store the key, pick the simplest option (plaintext) just to confirm it works—then you can switch back to refs later if you want.

rigid creek Mar 16, 2026, 3:16 AM

#

locally

#

yes

#

winged zincBOT Mar 16, 2026, 3:17 AM

#

Got it — local rules out the “wrong machine” issue.

At this point 401 … invalid x-api-key basically means: the value you saved is not a valid Anthropic credential (often because it’s not an Anthropic API key at all, or it got pasted wrong).

Option 1: You want API-key billing (Anthropic Console key)

Create a fresh key in the Anthropic Console (it must be a real sk-ant-... key from there).
Re-run:

openclaw onboard

Choose Anthropic API key and paste it (I’d pick plaintext storage just to confirm it works).
3) Then verify:

openclaw models status

Option 2: You only have Claude Pro/Max subscription (no API key)

#

Subscriptions don’t include API keys — use a setup-token instead:

claude setup-token
openclaw models auth paste-token --provider anthropic

If you tell me which of those two you’re trying to use (API key vs subscription), I can point you at the exact right path.

#

You’re still hitting Anthropic with an invalid credential — nothing else produces that exact 401 … invalid x-api-key.

Two quick checks that usually reveal the issue:

1) Is your key actually an Anthropic key?

For direct anthropic/* models, the key must start with sk-ant-.

If yours starts with something else (e.g. sk-or-, sk-...), it’s the wrong provider key → you’ll get this 401.

Reply with just the prefix (like sk-ant / sk-or), not the full key.

2) Is OpenClaw maybe still using an older (bad) Anthropic profile?

Run these and paste output (redact secrets):

openclaw models status
openclaw models auth order get --provider anthropic

#

If the order is pinned to a stale profile, clear it:

openclaw models auth order clear --provider anthropic

Then re-run:

openclaw onboard

and paste the new Anthropic Console key.

Once it works, please mark the solution in the thread (right-click the solution message → Apps → Mark Solution) so Answer Overflow indexes it.

rigid creek Mar 16, 2026, 3:19 AM

#

#

thats what happened when I tried to input a new api

winged zincBOT Mar 16, 2026, 3:21 AM

#

Cool — if it really is an sk-ant-... key and you’re still getting 401, then either:

the Gateway is still using an old/empty key (common if the Gateway process never restarted), or
it’s using a different Anthropic auth profile than the one you just updated.

Next, please run these locally and paste the output (no secrets in there):

openclaw models status
openclaw models auth order get --provider anthropic

Also: did you restart the Gateway after re-entering the key?

If you’re running it in a terminal with openclaw gateway run, stop it (Ctrl+C) and start it again.
If you installed it as a service: openclaw gateway restart

Once I see models status + the anthropic auth order, I can tell you exactly what it’s picking up and how to point it at the right profile.

rigid creek Mar 16, 2026, 3:21 AM

#

winged zincBOT Mar 16, 2026, 3:22 AM

#

You’re stuck in a loop because you’re only pasting the TUI status line — we need to see what credential OpenClaw thinks it’s using.

Since you’re local and you’re already in the TUI: you can run CLI commands from inside the TUI by prefixing with ! (local shell).

In the TUI, type these exactly:

!openclaw --version
!openclaw models status
!openclaw models auth order get --provider anthropic

Then paste the output here (it won’t include your key).

If models status shows multiple Anthropic profiles and the order is pinned to an old one, we’ll clear/set the order. If it shows “no credentials”, then your key isn’t actually loaded (and we’ll fix where it’s stored).

#

Important: don’t type/paste your API key into the TUI chat input (where you normally type prompts). That would send it as a message and may get logged / sent to the model provider.

If you already pasted the key into chat: revoke it in the Anthropic Console and generate a new one.

To set the key the right way:

Exit the TUI (/exit)
In your normal terminal run:

openclaw onboard

Choose Anthropic API key and paste it when the wizard prompts (it won’t print it back).

Then restart the gateway and test again.

If you tell me what exactly happened when you tried to “input a new api” (what command you ran + the non-secret error text), I can direct you to the exact fix.

#

That TUI line is only telling us “Anthropic rejected whatever key the Gateway sent”. It doesn’t show which key/profile OpenClaw is using, so we can’t debug further from that screen alone.

Please do one of these:

A) Run the diagnostics from inside the TUI (recommended)

In the TUI, type (including the leading !):

!openclaw models status

If it asks to allow local shell execution, say yes. Then paste the output here.

B) Or run it from a normal terminal

Exit the TUI (/exit), then run:

#

openclaw models status

If you want the “just fix it” path without debugging: create a brand new Anthropic Console API key, then run openclaw onboard (outside the TUI), choose Anthropic API key, paste it, restart the Gateway, and try again.

But right now, I need openclaw models status output to tell why the new key isn’t being picked up.

rigid creek Mar 16, 2026, 3:23 AM

#

run error: HTTP 401 authentication_error: invalid x-api-key (request_id: sha256:200c2b2a7293)

Allow local shell commands for this session?

This runs commands on YOUR machine (not the gateway) and may delete files or reveal secrets.

Select Yes/No (arrows + Enter), Esc to cancel.

local shell: enabled for this session

[local] $ openclaw --version
!openclaw models status
!openclaw models auth order get --provider anthropic

[local] OpenClaw 2026.3.13 (61d171a)

[local]

[local] /bin/sh: line 1: !openclaw: command not found

[local] /bin/sh: line 2: !openclaw: command not found

winged zincBOT Mar 16, 2026, 3:25 AM

#

Perfect — you got local shell working, and your version is current (2026.3.13).

The !openclaw: command not found happened because you pasted multiple lines at once. The TUI only strips the leading ! for the first line, then the remaining lines get sent to /bin/sh literally as !openclaw ..., which the shell treats as a command name.

Do this instead (run them one at a time, each as its own message):

!openclaw models status

(wait for output)

!openclaw models auth order get --provider anthropic

Paste both outputs here (they won’t include your API key). Then we can see whether:

#

Anthropic auth is missing vs present-but-bad, and
whether you’re pinned to an old profile/order.

rigid creek Mar 16, 2026, 3:27 AM

#

[local] $ openclaw models auth order get --provider anthropic

[local] Agent: main

[local] Provider: anthropic

[local] Auth file: ~/.openclaw/agents/main/agent/auth-profiles.json

[local] Order override: (none)

winged zincBOT Mar 16, 2026, 3:28 AM

#

Nice — Order override: (none) means OpenClaw isn’t “stuck” on an old Anthropic profile order.

Now we need the one command that shows what credential it’s actually using:

!openclaw models status

Paste the full output here. It masks keys (shows only a few chars), but it will tell us things like:

where your config + auth store actually live
whether Anthropic auth is coming from an env var vs an auth profile
whether it’s resolving to an empty/invalid value (which causes the 401 invalid x-api-key loop)

Once you paste that, I can tell you the exact next step (e.g., “you stored a keyRef but the env var is unset” vs “you never actually added Anthropic auth”).

rigid creek Mar 16, 2026, 3:31 AM

#

[local] $ openclaw models status

[local] Config : ~/.openclaw/openclaw.json

[local] Agent dir : ~/.openclaw/agents/main/agent

[local] Default : anthropic/claude-sonnet-4-6

[local] Fallbacks (0) : -

[local] Image model : -

[local] Image fallbacks (0): -

[local] Aliases (1) : sonnet -> anthropic/claude-sonnet-4-6

[local] Configured models (1): anthropic/claude-sonnet-4-6

#

[local]

[local] Auth overview

[local] Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json

[local] Shell env : off

[local] Providers w/ OAuth/tokens (0): -

[local] - anthropic effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0,
token=0, api_key=1) | anthropic:default=API sk-a..._HeoVAAA

[local]

[local] OAuth/token status

[local] - none

#

what do I do next?

winged zincBOT Mar 16, 2026, 3:36 AM

#

Next step is to get one diagnostic output so we stop guessing:

In the TUI run:

!openclaw models status

Paste the output here. If it’s long, paste just these parts:

Config : ...
Agent dir : ...
the whole “Auth overview” section
the whole “Missing auth” section (if present)

From that output, the fix is usually one of these:

Anthropic is listed under “Missing auth” → run openclaw onboard and add Anthropic API key (or use claude setup-token + openclaw models auth paste-token --provider anthropic).
Anthropic shows an “effective=…” key but you still get 401 → the key itself is bad/revoked → create a brand new key in the Anthropic Console and re-onboard.

#

Anthropic shows a ref/keyRef → the env var backing that ref isn’t set for the Gateway → either set the env var, or re-onboard and store plaintext to confirm it works.

Send that models status snippet and I’ll tell you exactly which branch you’re in.

rigid creek Mar 16, 2026, 3:38 AM

#

run error: HTTP 401 authentication_error: invalid x-api-key (request_id: sha256:5cafac21abac)

[local] $ openclaw models status

[local] Config : ~/.openclaw/openclaw.json

[local] Agent dir : ~/.openclaw/agents/main/agent

[local] Default : anthropic/claude-sonnet-4-6

[local] Fallbacks (0) : -

[local] Image model : -

[local] Image fallbacks (0): -

[local] Aliases (1) : sonnet -> anthropic/claude-sonnet-4-6
[local] Configured models (1): anthropic/claude-sonnet-4-6
[local]

[local] Auth overview
[local] Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
[local] Shell env : off

[local] Providers w/ OAuth/tokens (0): -

[local] - anthropic effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0,
token=0, api_key=1) | anthropic:default=API sk-a..._HeoVAAA

[local]
[local] OAuth/token status

[local] - none

#

i deleted some spaces to shorten it, to fit

winged zincBOT Mar 16, 2026, 3:39 AM

#

Great — that output tells us exactly what’s happening:

OpenClaw is finding Anthropic auth (profiles=1 … api_key=1)
It’s using profile anthropic:default from ~/.openclaw/agents/main/agent/auth-profiles.json
And Anthropic is still returning 401 invalid x-api-key ⇒ the key in that profile is simply not a valid Anthropic API key (or it’s been revoked).

So this is not a “gateway can’t read my env” problem. It’s a “the stored key is wrong” problem.

What to do

Go to the Anthropic Console and create a new API key (it should start with sk-ant-...).
On your machine run:

openclaw onboard

Choose Anthropic API key and paste the new key (don’t paste it into the TUI chat).
3) Restart the Gateway process (or at least reset the session in the TUI with /reset) and try again.

#

If you don’t have an Anthropic Console API key

Claude Pro/Max subscription doesn’t give API keys — use setup-token instead:

claude setup-token
openclaw models auth paste-token --provider anthropic

If you confirm whether your key actually starts with sk-ant- (just that prefix), I can tell you immediately whether you’re on the right credential type.

#

That’s the problem.

You cannot shorten or edit an API key. If you delete anything (even “spaces”), it becomes a completely different string → Anthropic returns 401 invalid x-api-key.

A real Anthropic API key is one continuous token (no spaces). Use the copy button in the Anthropic Console and paste it exactly as-is.

Do this:

Generate a new key in the Anthropic Console (assume the old one is now “burned” / wrong).
Run:

openclaw onboard

Choose Anthropic API key and paste the full key (it’s fine if it visually wraps in your terminal — just don’t add/remove characters).
3) Run openclaw models status again to confirm it shows sk-ant-... and then retry the TUI.

If you’re having trouble pasting into the wizard, tell me what terminal/OS you’re on and I’ll suggest the easiest paste method.

rigid creek Mar 16, 2026, 3:40 AM

#

im on macOS

#

after running what you said and typing in the api key it output:

#

winged zincBOT Mar 16, 2026, 3:41 AM

#

On macOS the main “gotcha” is that the API key prompt is usually hidden input (you won’t see characters as you paste), so people think it didn’t paste and start editing/truncating it.

Do this:

In the Anthropic Console, create a new API key and click the copy button (don’t try to manually select/trim it).
In Terminal.app or iTerm2, run:

openclaw onboard

When it asks for the Anthropic API key:

just hit Cmd+V to paste
you probably won’t see anything appear — that’s normal
press Enter once to submit

Verify it took with:

#

openclaw models status

You should see Anthropic auth present and the key masked like sk-ant-....

If paste still feels janky, tell me whether you’re using Terminal.app or iTerm2, and whether you’re running openclaw onboard in a normal terminal (not inside the OpenClaw TUI).

rigid creek Mar 16, 2026, 3:42 AM

#

winged zincBOT Mar 16, 2026, 3:42 AM

#

Paste the output text here (it’s fine), but make sure the API key itself is not included.

Also run this right after onboarding and paste it too:

openclaw models status

What I’m looking for in the onboarding output is whether it:

accepted/saved the key, or
rejected it during validation (often it will explicitly say the provider returned 401)

Once I see those two outputs, I can tell you whether you need to generate a different key (Anthropic Console key vs setup-token), or if it saved fine and you just need to restart/reset.

rigid creek Mar 16, 2026, 3:42 AM

#

winged zincBOT Mar 16, 2026, 3:43 AM

#

Thanks — models status shows OpenClaw is definitely loading an Anthropic API key from auth-profiles.json. So if you’re still getting:

HTTP 401 … invalid x-api-key

…then Anthropic is rejecting that key. That basically comes down to the key is not a valid Anthropic Console API key (or it’s been revoked).

Do these two checks:

Confirm the key source + prefix

Did you create it at: https://console.anthropic.com/settings/keys ?
Does the key start with sk-ant- exactly?
If not, it’s the wrong kind of token → it will always 401.

Make sure you’re not pointing Anthropic at a proxy URL
Run in the TUI:

#

!openclaw config get models.providers.anthropic.baseUrl

If that prints anything other than empty/default (Anthropic), paste it.

If you only have Claude Pro/Max (no Anthropic Console API key), the fix is to switch auth methods:

claude setup-token
openclaw models auth paste-token --provider anthropic

Reply with:

“my key starts with …” (just the prefix, like sk-ant)
output of openclaw config get models.providers.anthropic.baseUrl

rigid creek Mar 16, 2026, 3:44 AM

#

◇ Existing config detected ───────────╮
│ │
│ workspace: ~/.openclaw/workspace │
│ model: anthropic/claude-sonnet-4-6 │
│ gateway.mode: local │
│ gateway.port: │
│ gateway.bind: loopback │
│ │
├──────────────────────────────────────╯
│
◆ Config handling
│ ● Use existing values
│ ○ Update values
│ ○ Reset
└

winged zincBOT Mar 16, 2026, 3:44 AM

#

If you “deleted spaces to shorten it”, that almost certainly means your key in OpenClaw still isn’t the exact string Anthropic issued. Even a single extra/missing character (including a hidden newline) = 401 invalid x-api-key.

On macOS, here’s a paste-proof way to set it without truncation/wrapping issues:

In the Anthropic Console, create a new API key and click the copy button.
In Terminal (not the TUI), run:

export ANTHROPIC_API_KEY="$(pbpaste | tr -d '\r\n')"
openclaw onboard --anthropic-api-key "$ANTHROPIC_API_KEY"

Restart the gateway (or quit + relaunch it), then try the TUI again.

If that still 401s, the key you copied is not an Anthropic Console API key (or it’s already revoked). In that case: confirm you’re generating it from console.anthropic.com/settings/keys and that it starts with sk-ant- (don’t paste the full thing here).

rigid creek Mar 16, 2026, 3:45 AM

#

◇ Existing config detected ───────────╮
│ │
│ workspace: ~/.openclaw/workspace │
│ model: anthropic/claude-sonnet-4-6 │
│ gateway.mode: local │
│ gateway.port: ***** │
│ gateway.bind: loopback │
│ │
├──────────────────────────────────────╯
│
◆ Config handling
│ ● Use existing values
│ ○ Update values
│ ○ Reset
└

winged zincBOT Mar 16, 2026, 3:45 AM

#

That means Anthropic is still rejecting the credential OpenClaw is sending. There isn’t another “OpenClaw setting” that fixes a 401 — it’s almost always still the wrong key (or it’s revoked).

Two things to do right now:

Re-run and paste the Anthropic auth line again:

!openclaw models status

Look for the line like:
anthropic:default=API ...

Tell me: does the masked key clearly start with sk-ant-?

Also check you’re not using a proxy base URL:

!openclaw config get models.providers.anthropic.baseUrl

#

If the key does not start with sk-ant-, it’s the wrong kind of token (Claude subscription / something else) → generate a real key at console.anthropic.com/settings/keys, copy with the button, paste exactly, no edits.

If it does start with sk-ant- and still 401s, the key is revoked/invalid on Anthropic’s side → create a brand new key in the console and try again (don’t reuse the old one).

#

On that screen, pick “Update values”.

Use existing values = it will keep the same (bad) Anthropic key → you’ll stay on 401.
Reset = wipes a bunch of config; don’t do that unless you want a full reset.

So:

Arrow down to Update values → Enter
When it gets to Auth / Anthropic API key, paste the full key exactly (don’t edit/shorten it)
Finish the wizard, then run:

openclaw models status

and try the TUI again.

If it still 401s after that, the key you’re pasting isn’t a valid Anthropic Console API key (or it’s revoked) — in that case generate a brand new key at console.anthropic.com/settings/keys and repeat.

#

You’re still on the “Config handling” picker — nothing has changed yet.

On that screen:

Press the Down Arrow (↓) once so the filled dot moves from Use existing values to Update values
Press Enter

(You should see the ● move next to Update values before you hit Enter.)

After that, the wizard will walk you through sections and you’ll be able to update the Anthropic API key.

rigid creek Mar 16, 2026, 3:58 AM

#

🦞 OpenClaw 2026.3.13 (61d171a) — I'm not magic—I'm just extremely persistent with retries and coping strategies.

Config : ~/.openclaw/openclaw.json
Agent dir : ~/.openclaw/agents/main/agent
Default : anthropic/claude-sonnet-4-6
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (1) : sonnet -> anthropic/claude-sonnet-4-6
Configured models (1): anthropic/claude-sonnet-4-6

Auth overview
Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (0): -

anthropic effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=1 (oauth=0, token=0, api_key=1) | anthropic:default=sk-ant-a..._HeoVAAA

OAuth/token status

none

winged zincBOT Mar 16, 2026, 4:00 AM

#

This is the key clue:

OpenClaw is definitely using a credential (anthropic:default=…)
and Anthropic still says invalid x-api-key.

That combination almost always means: the “key” you stored is not an Anthropic API key (it’s often an Anthropic OAuth token from Claude Code).

Can you check the beginning of your key (don’t paste it, just tell me which it is):

Does it start with sk-ant-api (often sk-ant-api03-...)? → that’s a real Anthropic Console API key and should work.
Or does it start with sk-ant-oat (like sk-ant-oat01-...)? → that’s an OAuth token and Anthropic rejects it as x-api-key (known issue).

If it’s sk-ant-oat…, fix = use one of these instead:

Anthropic Console API key from console.anthropic.com/settings/keys, pasted unchanged, or
setup-token:

#

claude setup-token
openclaw models auth paste-token --provider anthropic

Which prefix do you have: sk-ant-api… or sk-ant-oat…?

rigid creek Mar 16, 2026, 4:02 AM

#

i have the first

#

🦞 OpenClaw 2026.3.13 (61d171a) — Gateway online—please keep hands, feet, and appendages inside the shell at all times.

Config : ~/.openclaw/openclaw.json
Agent dir : ~/.openclaw/agents/main/agent
Default : anthropic/claude-sonnet-4-6
Fallbacks (0) : -
Image model : -
Image fallbacks (0): -
Aliases (0) : -
Configured models (0): all

Auth overview
Auth store : ~/.openclaw/agents/main/agent/auth-profiles.json
Shell env : off
Providers w/ OAuth/tokens (1): anthropic (1)

anthropic effective=profiles:~/.openclaw/agents/main/agent/auth-profiles.json | profiles=2 (oauth=0, token=1, api_key=1) | anthropic:default=sk-ant-a..._HeoVAAA, anthropic:manual=token:sk-ant-a..._HeoVAAA

OAuth/token status

anthropic
- anthropic:manual static
  bash-3.2$

winged zincBOT Mar 16, 2026, 4:05 AM

#

Good, this explains the mess.

Your models status now shows two Anthropic profiles:

anthropic:default = api_key
anthropic:manual = token
…and they’re both using the same sk-ant-... string.

That string is what Anthropic is rejecting (401). Also: that anthropic:manual token profile usually appears when you ran openclaw models auth paste-token — it’s not what you want for an Anthropic API key setup.

The clean fix (API key route)

In the Anthropic Console, generate a real API key (they typically start with sk-ant-api...).
Run openclaw onboard → Update values → set Anthropic API key (paste it unchanged).
Force OpenClaw to only try the API-key profile (so it won’t rotate into the manual token one):

#

openclaw models auth order set --provider anthropic anthropic:default

/reset in the TUI and try again.

If you’re on Claude subscription (no API key)

Then don’t use “API key” at all — do:

claude setup-token
openclaw models auth paste-token --provider anthropic
openclaw models auth order set --provider anthropic anthropic:manual

Before you do anything else: does your key actually contain api right after sk-ant- (i.e. sk-ant-api...), or not? That single detail determines which path will work.

rigid creek Mar 16, 2026, 4:06 AM

#

yes it contains api

winged zincBOT Mar 16, 2026, 4:06 AM

#

Good — if it contains api (i.e. it’s an sk-ant-api… key), then you’ve got the right kind of credential.

Right now OpenClaw is still free to rotate between your two profiles (anthropic:default api_key and anthropic:manual token). You want to force it to only use the API-key profile:

openclaw models auth order set --provider anthropic anthropic:default
openclaw models auth order get --provider anthropic

Then in the TUI do /reset (or restart the gateway) and try again.

If you still get 401 invalid x-api-key after it’s pinned to anthropic:default, then that API key is simply not valid on Anthropic’s side (revoked / copied wrong / altered earlier) — generate a brand new key in the Anthropic Console and re-run onboarding to replace it (paste unchanged, no trimming).

rigid creek Mar 16, 2026, 4:08 AM

#

what next?

winged zincBOT Mar 16, 2026, 4:08 AM

#

Next checklist (in order):

Pin auth to the API-key profile (run in your terminal):

openclaw models auth order set --provider anthropic anthropic:default
openclaw models auth order get --provider anthropic

You want Order override to show anthropic:default.

Reset the chat session in the TUI:

/reset

Send a test message.
If you still get 401 invalid x-api-key even while pinned to anthropic:default, the remaining fix is: create a brand new Anthropic Console API key and replace the one in anthropic:default (paste it unchanged), then repeat steps 1–3.

#

If you paste the output of openclaw models auth order get --provider anthropic after step 1, I can confirm you’re pinned correctly before you burn another key.

rigid creek Mar 16, 2026, 4:09 AM

#

zsh: no such file or directory: /reset

winged zincBOT Mar 16, 2026, 4:10 AM

#

/reset is a TUI slash command, not a terminal command.

In your regular shell (zsh), don’t run /reset.
In the OpenClaw TUI (the chat UI), click/focus that window and type:

/reset

(or /new)

If you already closed the TUI, reopen it with:

openclaw tui

#

…then type /reset inside the TUI input box.

rigid creek Mar 16, 2026, 4:11 AM

#

Agent: main
Provider: anthropic
Auth file: ~/.openclaw/agents/main/agent/auth-profiles.json
Order override: anthropic:default
goofball@Goofs-Mac-mini ~ %

winged zincBOT Mar 16, 2026, 4:12 AM

#

Perfect — you’re pinned to anthropic:default now. That rules out “it’s rotating into the wrong profile”.

Go back into the OpenClaw TUI (openclaw tui if it’s not open).
In the TUI input, run:

/reset

Send a test message.

If it works: you’re done (and you can ignore/remove the anthropic:manual token profile later).
If you still get 401 invalid x-api-key while pinned to anthropic:default, then the API key stored in anthropic:default is simply invalid/revoked on Anthropic’s side → generate a brand new key in the Anthropic Console and update anthropic:default via openclaw onboard (Update values).

If it works, please mark the solution in the thread (right-click → Apps → Mark Solution) so it’s indexed.

rigid creek Mar 16, 2026, 4:12 AM

#

run error: LLM request rejected: Your credit balance is too low to access the Anthropic API. Please go to Plans &
Billing to upgrade or purchase credits.
connected | error
agent main | session main (openclaw-tui) | anthropic/claude-sonnet-4-6 | think adaptive | tokens 0/1.0m (0%)

#

I purchased credits, and it still says that

winged zincBOT Mar 16, 2026, 4:14 AM

#

Buying credits won’t change a 401 invalid x-api-key.

401 = authentication failed (Anthropic doesn’t recognize the key string you’re sending).
Credits/billing issues show up as 429/402/“insufficient credits”, not “invalid x-api-key”.

So the fix is still: replace the key with a known-good one (and make sure it’s from the same Anthropic account you bought credits on).

Do this:

In console.anthropic.com → Settings → API Keys, create a brand new key and copy it with the copy button.
Update OpenClaw’s anthropic:default key (since you already pinned to it):

openclaw onboard → Update values → Anthropic API key → paste the new key unchanged

Verify it changed:

openclaw models status

(The masked suffix should change; that’s how you know OpenClaw is using the new key.)

#

Back in the TUI: /reset and try again.

If you want, tell me whether the key you’re using shows up in the Anthropic console list (you can match by the last ~4–6 characters, don’t paste the full key). If it doesn’t, that key is definitely not valid anymore.

rigid creek Mar 16, 2026, 4:29 AM

#

its working now, but I need help configuring it to discord

winged zincBOT Mar 16, 2026, 4:30 AM

#

Nice — glad the Anthropic auth is working.

For Discord, follow the Quick setup here (it’s the canonical guide): https://docs.openclaw.ai/channels/discord
(Please don’t add personal bots to this OpenClaw community server — use your own private server.)

Minimal steps:

Create a Discord bot (Developer Portal) + enable Message Content Intent.
Invite it to your server with bot + applications.commands.
On the machine running OpenClaw, set the bot token (don’t paste it in chat):

openclaw config set channels.discord.token '"YOUR_BOT_TOKEN"' --json
openclaw config set channels.discord.enabled true --json
openclaw gateway restart

DM your bot in Discord → it will reply with a pairing code. Approve it:

#

openclaw pairing list discord
openclaw pairing approve discord <CODE>

Once DMs work, you can optionally allow guild channels via the allowlist section in the same doc.

Also: since the API key issue is solved, please mark the solution in this thread (right-click the solution message → Apps → Mark Solution) so Answer Overflow indexes it.

rigid creek Mar 16, 2026, 4:36 AM

#

dms are not working

rigid creek Mar 16, 2026, 4:23 PM

#

HTTP 401: authentication_error: invalid x-api-key (request_id: req_011CZ74WBjtboJP7FKPaWTg3)

winged zincBOT Mar 16, 2026, 4:25 PM

#

“DMs not working” on Discord usually boils down to (a) the bot isn’t actually connected, or (b) you’re in pairing mode and haven’t approved the DM yet.

Run these two commands and paste the output:

openclaw channels status --probe
openclaw pairing list discord

How to interpret:

If pairing list shows a pending code/request → approve it:

openclaw pairing approve discord <CODE>

If there’s nothing pending, then the DM isn’t reaching the gateway. Check:
Is the bot online in Discord?

#run error: HTTP 401 authentication_error: invalid x-api-key (request_id: invalid api

If you’re using an Anthropic API key

If you’re using Claude subscription (setup-token)

If you recently added a new agent

A) You intended to use an Anthropic API key

B) You intended to use Claude subscription auth (setup-token)

Option 1: You want API-key billing (Anthropic Console key)

Option 2: You only have Claude Pro/Max subscription (no API key)

1) Is your key actually an Anthropic key?

2) Is OpenClaw maybe still using an older (bad) Anthropic profile?

A) Run the diagnostics from inside the TUI (recommended)

B) Or run it from a normal terminal

What to do

If you don’t have an Anthropic Console API key

The clean fix (API key route)

If you’re on Claude subscription (no API key)