Running OpenClaw 2026.4.12 on Ubuntu, systemd install. openclaw memory index --force fails with OpenAI embeddings 401 invalid_api_key. Using a sk-proj- key with All permissions, active project, $25 credit balance. Key resolves correctly — openclaw models status --probe shows openai:default as ok for inference. openclaw secrets audit --check shows unresolved=0. OPENAI_PROJECT_ID is set in .env. No invisible characters in the key. Error is specific to the embeddings path — chat completions work fine. memorySearch.provider is set to openai. Is there a known issue with sk-proj- keys and the embeddings API in 2026.4.12?
#Running OpenClaw 2026.4.12 on Ubuntu, systemd install. openclaw memory index --force fails with Open
little abyss
iron gobletBOT
Just checking the local docs path, then I’ll verify the memory/embeddings code path.
I don’t see a documented “sk-proj keys are broken” note for 2026.4.12 specifically, but I do think you’ve hit a real embeddings-path bug/limitation.
What I verified in source:
- the normal OpenAI inference path uses the OpenAI SDK
- the memory embeddings path uses a separate custom HTTP client
- that embeddings client only sends
Authorization+Content-Type - I do not see
OPENAI_PROJECT_ID/OpenAI-Projectbeing forwarded there
So this failure pattern makes sense:
openclaw models status --probepasses, because inference worksopenclaw memory index --forcefails, because embeddings are hitting/v1/embeddingswithout the extra project header your project-scoped key may require
Workaround to try in openclaw.json:
{
agents: {
defaults: {
memorySearch: {
provider: "openai",
model: "text-embedding-3-small",
remote: {
headers: {
"OpenAI-Project": "proj_..."
}
}
}
}
}
}
If your account also needs org scoping, add:
"OpenAI-Organization": "org_..."
Then restart and retry:
openclaw gateway restart
openclaw memory index --force
Relevant docs:
So, short version: not obviously a general OpenAI/sk-proj outage, but very plausibly a 2026.4.12 OpenClaw memory-embeddings auth/header mismatch.
If adding OpenAI-Project fixes it, please file a GitHub issue, because that header should probably be propagated automatically: https://github.com/openclaw/openclaw/issues
Glad that helped! 🎉
If this fixed it, please right-click the solution message → Apps → ✅ Mark Solution.
This helps Answer Overflow index the solution for future users.
little abyss
adding OpenAI-Project header via remote.headers did not resolve the 401. Ask if there's another workaround or if this needs a bug fix in a future release.
iron gobletBOT
Let me check the exact embeddings request path a bit deeper, there may be another place the OpenAI auth behavior diverges.
Yeah, there’s one more good workaround to try before calling it a release bug.
What I found: the memory embeddings path resolves provider creds profile-first, not env-first. So if you have any stored openai auth profile, memory indexing can pick that instead of OPENAI_API_KEY. In that case, adding OpenAI-Project won’t help because it may still be using the wrong credential.
I’d try pinning the memory path completely:
{
agents: {
defaults: {
memorySearch: {
provider: "openai",
model: "text-embedding-3-small",
remote: {
baseUrl: "https://api.openai.com/v1",
apiKey: "sk-proj-...",
headers: {
"OpenAI-Project": "proj_..."
},
batch: {
enabled: false
}
}
}
}
}
}
Why this helps:
remote.apiKeybypasses normal provider auth/profile resolution for memory embeddings- explicit
baseUrlremoves any provider/baseUrl weirdness