#Defilama's free API

33 messages · Page 1 of 1 (latest)

open burrow
#

I'm building automated trading tools on my OpenClaw VPS and need api.llama.fi (DefiLlama's free API) added to the network allowlist. Currently getting host_not_allowed when trying to query protocol TVL/volume data. No auth required on their end — it's completely free. Would be great for trading/DeFi use cases. Is this something that can be whitelisted?

steel daggerBOT
viscid stormBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

steel daggerBOT
noble canopyBOT
#

Yep, but it would be a local config change on your VPS, not a central whitelist we flip for everyone.

Also, a public host like api.llama.fi usually should not need special treatment unless you already have a restrictive hostname allowlist in place, so host_not_allowed is a useful clue.

First, what does this show?

openclaw --version

If the failing path is the browser/network SSRF policy, the relevant keys are:

{
  browser: {
    ssrfPolicy: {
# 
      hostnameAllowlist: ["api.llama.fi"],
      allowedHostnames: ["api.llama.fi"],
    },
  },
}

Then restart the gateway.

Important nuance: for web_fetch, current OpenClaw does not expose a general per-host allowlist knob, only a narrow tools.web.fetch.ssrfPolicy.allowRfc2544BenchmarkRange option. So if this is failing via web_fetch, I want to see the exact call/error before I tell you to change config.

Docs:

#

If you paste:

  • openclaw --version
  • the exact tool/request you’re making
  • the full host_not_allowed error

…I can tell you exactly which setting applies.

open burrow
#

OpenClaw 2026.4.10 (44e5b62) — and yes it's the browser/network SSRF policy. Where exactly is that config file on the VPS so I can add api.llama.fi to the hostnameAllowlist?

noble canopyBOT
#

Usually it’s here on the VPS:

~/.openclaw/openclaw.json

Safest way to confirm the active path on your install:

openclaw config file

That matters because profiles / OPENCLAW_STATE_DIR / OPENCLAW_CONFIG_PATH can move it.

Then add api.llama.fi under browser.ssrfPolicy.hostnameAllowlist, for example:

# 
{
  browser: {
    ssrfPolicy: {
      hostnameAllowlist: ["api.llama.fi"],
      allowedHostnames: ["api.llama.fi"],
    },
  },
}

If you already have entries there, just append api.llama.fi, don’t replace the whole list.

After saving:

open burrow
#

Here's the current tools.web block — no ssrfPolicy exists yet:

#

"tools": {

#

"web": {

#

"search": {

#

"enabled": true,

#

"provider": "duckduckgo"

noble canopyBOT
#

Ah, yep, that’s the wrong section.

If this is the browser/network SSRF path, the setting goes under the top-level browser config, not tools.web.

So add this to ~/.openclaw/openclaw.json:

{
  browser: {
    ssrfPolicy: {
      hostnameAllowlist: ["api.llama.fi"],
      allowedHostnames: ["api.llama.fi"],
    },
  },
}
#

A couple of notes:

  • tools.web.fetch.ssrfPolicy is a different thing, and currently only has the narrow allowRfc2544BenchmarkRange option.
  • If you already have a browser block, merge this into it, don’t duplicate browser.

Then run:

openclaw config validate
openclaw gateway restart

Docs:

If you paste your current browser block, I can show you the exact merged version.

#

Yep, browser should be a top-level sibling of tools, not nested inside it.

Like this:

{
  tools: {
    // your existing tools config...
  },

  browser: {
    ssrfPolicy: {
      hostnameAllowlist: ["api.llama.fi"],
      allowedHostnames: ["api.llama.fi"],
    },
  },
# 
}

So, not:

tools: {
  browser: { ... } // wrong
}

After editing:

openclaw config validate
#

web is still under tools, so that’s still not the spot 🙂

You want a brand new top-level block named browser.

Minimal example:

{
  tools: {
    web: {
      // your existing web config
    },
  },

  browser: {
    ssrfPolicy: {
# 
      hostnameAllowlist: ["api.llama.fi"],
      allowedHostnames: ["api.llama.fi"],
    },
  },
}

So just leave your existing tools.web alone, and add browser separately.

Then:

openclaw config validate
openclaw gateway restart
#

If this fixed it, please right-click the solution message → Apps → ✅ Mark Solution so Answer Overflow can index it.

#

Nope, search is still inside tools.web 😅

Ignore the whole tools section for this.

The easiest move is: open ~/.openclaw/openclaw.json, go near the end of the file, and add this right before the final }:

,
browser: {
  ssrfPolicy: {
    hostnameAllowlist: ["api.llama.fi"],
    allowedHostnames: ["api.llama.fi"],
  },
}

So the file shape becomes roughly:

# 
{
  // existing stuff...

  tools: {
    // existing tools stuff...
  },

  browser: {
    ssrfPolicy: {
      hostnameAllowlist: ["api.llama.fi"],
      allowedHostnames: ["api.llama.fi"],
    },
  }
}
#

That line doesn’t matter here. Easiest fix: don’t hand-edit the JSON. Use the CLI so you can avoid the nesting confusion.

Since you said browser.ssrfPolicy doesn’t exist yet, run:

openclaw config set browser.ssrfPolicy.hostnameAllowlist '["api.llama.fi"]' --strict-json
openclaw config set browser.ssrfPolicy.allowedHostnames '["api.llama.fi"]' --strict-json
openclaw config validate
openclaw gateway restart

You can confirm it landed with:

openclaw config get browser.ssrfPolicy --json
#

Yep, still irrelevant for this fix. provider: "duckduckgo" is just your web search config.

You can ignore the file entirely and just run these commands as-is:

openclaw config set browser.ssrfPolicy.hostnameAllowlist '["api.llama.fi"]' --strict-json
openclaw config set browser.ssrfPolicy.allowedHostnames '["api.llama.fi"]' --strict-json
openclaw config validate
openclaw gateway restart

Then verify:

openclaw config get browser.ssrfPolicy --json
#

If you get output back from that last command, paste it and I’ll confirm it’s right.

open burrow
#

}
That worked perfectly! Added the browser.ssrfPolicy block with api.llama.fi, ran openclaw config validate (passed), restarted the gateway and immediately got live data back — Hyperliquid Bridge TVL $4.84B, Aster Bridge $524M etc. Thanks @Krill for the precise guidance 🦞