#Agent stuck on OAuth path despite ANTHROPIC_API_KEY and OPENCLAW_LIVE_ANTHROPIC_KEY set

Hey all — running v2026.3.8 on Railway. Every agent call fails with LLM request rejected: You're out of extra usage. Add more at claude.ai/settings/usage. I've verified ANTHROPIC_API_KEY works with direct curl to api.anthropic.com/v1/messages. Also have OPENCLAW_LIVE_ANTHROPIC_KEY and OPENROUTER_API_KEY set. Model strings are anthropic/claude-opus-4-6 etc. No .claude/ or OAuth tokens on disk. How do I force the agent to use the direct API key path instead of api.anthropic.com/api/oauth/usage? Appreciate any pointers.

Environment: OpenClaw v2026.3.8 on Railway, Node 22
Issue: Every agent call fails with LLM request rejected: You're out of extra usage. Add more at claude.ai/settings/usage and keep going.
What I've verified:

ANTHROPIC_API_KEY works: curl to api.anthropic.com/v1/messages returns valid responses
OPENCLAW_LIVE_ANTHROPIC_KEY also set (same value)
OPENROUTER_API_KEY set, $50 balance, 0 usage
Model strings: anthropic/claude-opus-4-6, anthropic/claude-sonnet-4-6, anthropic/claude-haiku-4-5
No .claude/, .anthropic/, or stashed OAuth tokens on disk
openclaw.json has no anthropic auth block
Found reference in dist to api.anthropic.com/api/oauth/usage — agent appears to be using OAuth path

How do I force agent calls to use the direct API key (api.anthropic.com/v1/messages) or route through OpenRouter?

That api.anthropic.com/api/oauth/usage string is a bit of a red herring, it is the usage snapshot endpoint, not the normal anthropic/* inference path.

The stronger clue is the error text. You're out of extra usage... usually means OpenClaw is resolving Anthropic OAuth / Claude-style auth somewhere, not your direct API key.

A few important bits:

• OPENROUTER_API_KEY will not be used while your model ref is still anthropic/....
  • To force OpenRouter, switch the model to something like openrouter/anthropic/claude-opus-4-6.
• The relevant persisted auth state is usually under:
  • ~/.openclaw/agents/<agentId>/agent/auth-profiles.json
  • ~/.openclaw/agents/<agentId>/agent/auth-state.json
    not .claude/ or .anthropic/.
• curl succeeding in your shell does not prove the running gateway process is actually choosing that key.

I’d check this on the Railway host:

openclaw models status --probe --probe-provider anthropic
openclaw models auth order get --provider anthropic
find ~/.openclaw/agents \( -path '*/agent/auth-profiles.json' -o -path '*/agent/auth-state.json' \) -print

If probe shows an Anthropic oauth/token profile winning, that stale saved profile is likely overriding your env-based API key. In that case:

1. clear any pinned Anthropic auth order
2. clean up the stale Anthropic saved auth state
3. restart the gateway
4. re-run openclaw models status --probe

Also, if you can, I’d update off 2026.3.8, this auth area has had a bunch of Anthropic/Claude fixes since then.

Docs:

• https://docs.openclaw.ai/cli/models

• https://docs.openclaw.ai/gateway/authentication
• https://docs.openclaw.ai/providers/anthropic
• https://docs.openclaw.ai/providers/openrouter

If you paste the openclaw models status --probe output, I can help pinpoint exactly which credential is being selected.

@glossy citrus thanks so muhc let me run this and get back to you on results. I have been wracking my brain all night!