Subs -25% Subscriptions 25% off LAUNCH-SUB

Claws -25% Claws 25% off LAUNCH-CLAWS

Subs -25% Subscriptions 25% off LAUNCH-SUB

Claws -25% Claws 25% off LAUNCH-CLAWS

OpenClaw Configuration Reference

5 min read Configuration Last updated February 10, 2026

What openclaw.json Does

The openclaw.json file is the main configuration file for your OpenClaw instance. It controls how the gateway authenticates users, which LLM provider to use, and which messenger channels are active.

ClawHosters generates this file automatically based on your dashboard settings. When you change your LLM provider, add a Telegram bot, or update any other setting, ClawHosters regenerates the config and deploys it to your instance.

You do not need to edit this file manually unless you SSH into your instance for advanced configuration.

File Location

On your instance, the config file is stored at:

text

/root/.openclaw/openclaw.json

This is a bind-mount from /opt/openclaw/dotopenclaw/openclaw.json on the host system. Changes to either path affect the same file.

Config Structure

The file is a JSON object with four top-level sections. Not all sections are present on every instance — sections are included only when relevant.

json

{
  "gateway": { ... },
  "env": { ... },
  "agents": { ... },
  "channels": { ... }
}

gateway (Always Present)

Controls how the OpenClaw gateway runs and authenticates requests.

json

{
  "gateway": {
    "mode": "local",
    "trustedProxies": [
      "172.16.0.0/12",
      "10.0.0.0/8",
      "127.0.0.1"
    ],
    "auth": {
      "mode": "token",
      "token": "sha256-hashed-token"
    },
    "controlUi": {
      "allowInsecureAuth": true
    }
  }
}

Field	Type	Description
`mode`	string	Always `"local"` for ClawHosters instances
`trustedProxies`	array	IP ranges allowed to proxy requests (for nginx)
`auth.mode`	string	Authentication method — always `"token"`
`auth.token`	string	SHA256-hashed gateway token for web UI access
`controlUi.allowInsecureAuth`	boolean	Allows token-based auth without device pairing

The gateway section is always generated, even on instances without any LLM or messenger configured.

env (Conditional)

Contains API keys for the selected LLM provider. This section is only present if you have configured an LLM.

json

{
  "env": {
    "ANTHROPIC_API_KEY": "sk-ant-..."
  }
}

Only the relevant key for your provider is included:

Provider	Environment Variable
Anthropic	`ANTHROPIC_API_KEY`
OpenAI	`OPENAI_API_KEY`
OpenRouter	`OPENROUTER_API_KEY`
Google	`GEMINI_API_KEY`
DeepSeek	`DEEPSEEK_API_KEY`

If no LLM is configured (instance in "no LLM" mode), this section is omitted entirely.

agents (Conditional)

Specifies the default LLM model for the instance. Only present when an LLM is configured.

json

{
  "agents": {
    "defaults": {
      "model": {
        "primary": "anthropic/claude-3-haiku"
      }
    }
  }
}

Field	Type	Description
`agents.defaults.model.primary`	string	The default model in `provider/model` format

Model string format varies by provider:

Provider	Example
Anthropic	`claude-3-haiku` (no provider prefix)
OpenAI	`openai/gpt-4o`
OpenRouter	`openrouter/anthropic/claude-3-opus`
Google	`google/gemini-pro`
DeepSeek	`deepseek/deepseek-chat`

Anthropic models are a special case — they do not include the provider prefix in the model string.

channels (Conditional)

Configures messenger integrations. Each channel is only included if it has been set up in your dashboard.

json

{
  "channels": {
    "telegram": {
      "enabled": true,
      "botToken": "123456789:ABCdefGHIjklMNOpqrsTUVwxyz",
      "dmPolicy": "owner_only",
      "allowFrom": ["*"]
    }
  }
}

Field	Type	Description
`enabled`	boolean	Whether Telegram is active
`botToken`	string	Your Telegram bot token from BotFather
`dmPolicy`	string	`"owner_only"` or `"open"` — who can message the bot
`allowFrom`	array	User IDs allowed when `dmPolicy` is `"open"`

Discord

json

{
  "channels": {
    "discord": {
      "enabled": true,
      "token": "bot-token-here",
      "dm": {
        "enabled": true,
        "policy": "pairing",
        "allowFrom": ["*"]
      }
    }
  }
}

Field	Type	Description
`enabled`	boolean	Whether Discord is active
`token`	string	Discord bot token
`dm.enabled`	boolean	Whether direct messages are allowed
`dm.policy`	string	`"pairing"` requires device pairing first
`dm.allowFrom`	array	User IDs allowed for DMs

Slack

json

{
  "channels": {
    "slack": {
      "enabled": true,
      "botToken": "xoxb-...",
      "appToken": "xapp-..."
    }
  }
}

Field	Type	Description
`enabled`	boolean	Whether Slack is active
`botToken`	string	Slack bot token (starts with `xoxb-`)
`appToken`	string	Slack app-level token (starts with `xapp-`)

json

{
  "channels": {
    "whatsapp": {
      "enabled": true,
      "dmPolicy": "owner_only"
    }
  }
}

Field	Type	Description
`enabled`	boolean	Whether WhatsApp is active
`dmPolicy`	string	`"owner_only"` or `"open"`
`allowFrom`	array	User IDs allowed when policy is `"open"`

Minimal vs Full Example

A freshly created instance with no LLM or messengers configured has only the gateway section:

json

{
  "gateway": {
    "mode": "local",
    "trustedProxies": ["172.16.0.0/12", "10.0.0.0/8", "127.0.0.1"],
    "auth": {
      "mode": "token",
      "token": "a1b2c3d4..."
    },
    "controlUi": {
      "allowInsecureAuth": true
    }
  }
}

A fully configured instance with Anthropic LLM and Telegram:

json

{
  "gateway": {
    "mode": "local",
    "trustedProxies": ["172.16.0.0/12", "10.0.0.0/8", "127.0.0.1"],
    "auth": {
      "mode": "token",
      "token": "a1b2c3d4..."
    },
    "controlUi": {
      "allowInsecureAuth": true
    }
  },
  "env": {
    "ANTHROPIC_API_KEY": "sk-ant-api03-..."
  },
  "agents": {
    "defaults": {
      "model": {
        "primary": "claude-3-haiku"
      }
    }
  },
  "channels": {
    "telegram": {
      "enabled": true,
      "botToken": "123456789:ABCdef...",
      "dmPolicy": "owner_only",
      "allowFrom": ["*"]
    }
  }
}

How Config Changes Are Applied

When you update settings in your dashboard:

ClawHosters regenerates openclaw.json with your new settings
The file is uploaded to your instance via SCP
The doctor --fix command runs to apply plugin changes
Your instance picks up the new configuration

This process takes a few seconds. During the update, your instance stays running — there is no downtime for config changes.

Manual Editing via SSH

If you SSH into your instance, you can view the config at /root/.openclaw/openclaw.json. You can edit it manually, but be aware:

Dashboard setting changes will overwrite your manual edits
Invalid JSON will prevent the gateway from starting
Missing the gateway section will break authentication

If you break the config, use the "Redeploy" button in your dashboard to regenerate it from your saved settings.

SSH Access — How to connect to your instance
Connecting Telegram — Setting up Telegram
LLM Add-on — Configuring LLM providers
Rebuilding an Instance — Factory reset if config is broken

OpenClaw Configuration Reference

What openclaw.json Does

File Location

Config Structure

gateway (Always Present)

env (Conditional)

agents (Conditional)

channels (Conditional)

Telegram

Discord

Slack

WhatsApp

Minimal vs Full Example

How Config Changes Are Applied

Manual Editing via SSH

Related Documentation

What is OpenClaw?

Environment Variables Reference

Instance Settings and Configuration

OpenClaw Configuration Reference

What openclaw.json Does

File Location

Config Structure

gateway (Always Present)

env (Conditional)

agents (Conditional)

channels (Conditional)

Telegram

Discord

Slack

WhatsApp

Minimal vs Full Example

How Config Changes Are Applied

Manual Editing via SSH

Related Documentation

Related Documentation

What is OpenClaw?

Environment Variables Reference

Instance Settings and Configuration

Cookie Notice