API key errors are among the most frustrating OpenClaw issues because they prevent any LLM interaction. Whether you're seeing 401 Unauthorized responses, "Invalid API key" messages, or silent failures, the root cause is usually one of a few common configuration mistakes. This guide systematically checks each potential failure point.
Why This Is Hard to Do Yourself
These are the common pitfalls that trip people up.
Incorrect key format or prefix
Wrong key type (publishable vs secret), missing sk- prefix, or corrupted key string
Expired or revoked keys
Key rotation without updating config, or keys disabled in provider dashboard
Environment variables not loaded
.env file in wrong location, not loaded by process, or overridden by system env
Insufficient key permissions
Key lacks required scopes for models, features, or API endpoints
Step-by-Step Guide
Verify API key format
Ensure the key matches the expected format for your LLM provider.
# Anthropic Claude keys start with:
# sk-ant-api03-...
# OpenAI keys start with:
# sk-...
# Check your key (don't expose it fully):
echo $ANTHROPIC_API_KEY | cut -c1-10
# Should show: sk-ant-api
# Common mistakes:
# - Using publishable key instead of secret key
# - Extra whitespace or newlines in key
# - Partial key copied from dashboardConfirm environment variable loading
Verify that OpenClaw is actually reading the API key from your configuration.
# Check if .env file exists in correct location:
ls -la ~/.openclaw/.env
# Or:
ls -la /opt/openclaw/.env
# Test if variable is set in OpenClaw process:
cat /proc/$(pgrep -f openclaw)/environ | tr '\0' '\n' | grep API_KEY
# For debugging, temporarily log the key prefix:
export OPENCLAW_DEBUG=true
# Check logs for "API key loaded: sk-ant-***"Test API key directly with curl
Bypass OpenClaw to verify the key works with the provider API.
# Test Anthropic key:
curl https://api.anthropic.com/v1/messages \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "content-type: application/json" \
-d '{"model":"claude-3-haiku-20240307","max_tokens":10,"messages":[{"role":"user","content":"Hi"}]}'
# Test OpenAI key:
curl https://api.openai.com/v1/chat/completions \
-H "Authorization: Bearer $OPENAI_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4","messages":[{"role":"user","content":"Hi"}],"max_tokens":10}'
# Look for 200 response, not 401Check key permissions and scopes
Ensure the API key has access to the models and features OpenClaw needs.
# Anthropic: Check key in Console
# https://console.anthropic.com/settings/keys
# Verify:
# - Key is not disabled
# - Has access to required models (Claude 3 Opus, Sonnet, etc.)
# - Rate limits are not exhausted
# OpenAI: Check in API settings
# https://platform.openai.com/api-keys
# Verify:
# - Key has correct permissions
# - Not restricted to specific models
# - Organization/project access is correctRotate the API key
Generate a fresh key to rule out revocation or corruption issues.
# 1. Generate new key in provider console
# 2. Update OpenClaw config:
nano ~/.openclaw/.env
# Update:
ANTHROPIC_API_KEY=sk-ant-api03-NEW_KEY_HERE
# 3. Restart OpenClaw to load new key:
systemctl restart openclaw
# 4. Verify new key works:
curl http://localhost:3000/health
curl http://localhost:3000/api/test-llmVerify provider API status
Check if the LLM provider is experiencing outages or degraded service.
# Check Anthropic status:
curl https://status.anthropic.com/api/v2/status.json | jq .
# Check OpenAI status:
curl https://status.openai.com/api/v2/status.json | jq .
# Or visit status pages:
# https://status.anthropic.com
# https://status.openai.com
# If provider is down, OpenClaw will show 401 or 503 errorsStill Getting 401 Errors?
Our experts audit your API key configuration, test provider connectivity, and set up proper secrets management. Get secure, working authentication without exposing credentials in logs or config files.
Get matched with a specialist who can help.
Sign Up for Expert Help โ