Subs -25%
Subscriptions 25% off
LAUNCH-SUB
Claws -25%
Claws 25% off
LAUNCH-CLAWS
Subs -25%
Subscriptions 25% off
LAUNCH-SUB
Claws -25%
Claws 25% off
LAUNCH-CLAWS
Authentication and Access Control
4 min read
Security
Last updated February 10, 2026
How Authentication Works in ClawHosters
ClawHosters uses different authentication methods depending on what you are accessing. Your dashboard, your instance's web UI, connected chat channels, the API, and SSH each have their own authentication mechanism.
This page explains each method, how credentials are managed, and what each one protects.
Gateway Authentication (Instance Web UI)
When you access your OpenClaw instance through a web browser on port 8080, the gateway uses HTTP basic authentication. The browser will prompt you for a username and password.
| Field | Value |
|---|---|
| Username | user |
| Password | Auto-generated per instance |
The password is generated automatically when your instance is created. You can view it in your instance dashboard under the connection details section. If you need a new password, you can regenerate it from the instance settings.
HTTP basic auth protects the gateway web interface. Every browser session requires these credentials. The password is stored as a SHA256 hash on the instance, not in plain text.
Channel Pairing (Telegram, WhatsApp, Discord)
Chat channels connect to your instance through a pairing flow. This is a one-time process per channel.
How pairing works:
- Open your instance dashboard and go to the Channels section
- Click "Generate Pairing Code" for the channel type you want to connect
- The dashboard shows a short-lived pairing code
- Send the pairing code as a message in the chat (Telegram group, WhatsApp chat, or Discord channel)
- Your instance confirms the pairing and the channel is linked
Once paired, the channel stays connected until you explicitly unpair it. The pairing code expires after a few minutes if unused.
Each channel type has its own pairing flow, but the principle is the same: generate a code on the dashboard, enter it in the chat. No API keys or bot tokens are required from your side for Telegram and WhatsApp channels, as these are handled by the ClawHosters infrastructure.
Dashboard Authentication
The ClawHosters dashboard (clawhosters.com) uses standard email and password authentication.
| Detail | Value |
|---|---|
| Login method | Email + password |
| Password storage | Hashed with bcrypt |
| Session handling | Cookie-based, expires after inactivity |
| Password reset | Email-based reset flow |
When you create a ClawHosters account, your password is hashed with bcrypt before storage. The original password is never stored. Sessions are maintained via secure cookies and expire automatically after a period of inactivity.
You can change your password at any time from your account settings.
API Token Authentication
The ClawHosters API uses Bearer token authentication. API tokens have the prefix oc_live_ and are passed in the Authorization header of each request.
text
Authorization: Bearer oc_live_your_token_here
You can generate and revoke API tokens from your dashboard. Each token has full access to your account's resources. Treat API tokens like passwords, as anyone with a valid token can manage your instances and billing.
For full details on the API, including available endpoints, request formats, and error codes, see the API Overview.
SSH Access Authentication
SSH access to your instance's VPS uses key-based authentication. Password-based SSH login is disabled.
To enable SSH access, you upload your public SSH key through the instance dashboard. Once enabled, you can connect as root using your private key.
Important: Enabling SSH access permanently marks your instance as "No Support." This is a one-way action.
For the full SSH setup process, security implications, and connection instructions, see SSH Access to Your Instance.
Access Control Summary
| Access Point | Authentication Method | Credentials |
|---|---|---|
| ClawHosters Dashboard | Email + password | Your account credentials |
| Instance Web UI (Gateway) | HTTP basic auth | Username: user, auto-generated password |
| Telegram / WhatsApp / Discord | Pairing code | One-time code from dashboard |
| ClawHosters API | Bearer token | oc_live_* token from dashboard |
| SSH (if enabled) | SSH key | Your public key uploaded via dashboard |
Credential Management Tips
- Gateway password: Regenerate it from instance settings if you suspect it has been shared unintentionally
- API tokens: Revoke tokens you no longer use. Generate separate tokens for different integrations so you can revoke them individually
- SSH keys: Only upload keys you actively use. Remove old keys when rotating credentials
- Dashboard password: Use a strong, unique password. Consider using a password manager
Related Docs
- Security Overview -- Infrastructure, network, and container security measures
- API Overview -- Full API documentation with endpoints and examples
- SSH Access to Your Instance -- SSH setup, connection, and security implications
Related Documentation
Account Setup
Creating Your Account Head to clawhosters.com and click Get Started or Sign Up. You have two opt...
Using the Web UI
The Built-In Web Interface Every OpenClaw instance includes a web-based chat interface accessibl...
What is ClawHosters?
Managed OpenClaw Hosting ClawHosters is a managed hosting platform for OpenClaw AI assistants. Y...