How to Set Up API Keys in OpenClaw?

API keys authenticate OpenClaw's requests to AI model providers. Without a valid key, the agent can't generate responses (unless using local models via Ollama).

During onboarding, you're prompted to enter your first API key. After setup, you can add or change keys through the CLI or config file.

Where to get API keys: - Anthropic (Claude): console.anthropic.com → API Keys - OpenAI (GPT): platform.openai.com → API keys - DeepSeek: platform.deepseek.com → API Keys - Google (Gemini): aistudio.google.com → Get API key - OpenRouter: openrouter.ai → Keys

All keys are stored in ~/.openclaw/config.json with file permissions restricted to your user. Keys are never logged, transmitted to third parties, or included in error reports.

Security best practices: - Use environment variables instead of config file for CI/CD - Rotate keys periodically (monthly for production) - Set spending limits on provider dashboards - Use separate keys for development and production - Monitor usage on provider dashboards to detect anomalies

If a key expires or is revoked, OpenClaw shows a clear error message and stops processing until a valid key is configured.

Tip: Start with $5-10 of credits on your provider. Monitor usage for a week, then adjust your budget based on actual consumption.

# Set API key
openclaw config set apiKey YOUR_API_KEY

# Or use environment variable
export OPENCLAW_API_KEY=YOUR_API_KEY

# Verify key works
openclaw doctor