OpenRouter OAuth

Browser login for OpenRouter in OpenClaw

Stable since v2026.6.6. OpenRouter OAuth onboarding ships in v2026.6.6 and later. Older Gateways should upgrade with openclaw update or keep using an API key—see OpenRouter provider guide.

OpenClaw can talk to OpenRouter with a traditional API key or OAuth through the onboarding picker (v2026.6.6+). OAuth is useful when you want browser sign-in instead of copying keys into env files—especially on a laptop you do not want to litter with secrets.

Upstream reference: OpenRouter provider docs (docs.openclaw.ai).

OAuth vs API key

Method	Best for
API key	Stable releases, servers, CI, headless VPS
OAuth	Interactive onboarding on beta; personal machines with a browser

Pick one auth path per provider profile—mixing stale keys with OAuth profiles causes confusing doctor warnings.

Prerequisites

OpenClaw v2026.6.6+: openclaw update then openclaw doctor --fix.
OpenRouter account with models you plan to use.
Browser access on the Gateway host (or remote desktop) for the redirect.

Setup steps

Run openclaw onboard or the Setup Wizard and choose OpenRouter when picking a model provider.
Select OAuth when the auth method prompt appears (wording may vary by build).
Complete sign-in in the browser; return to the terminal or wizard when redirected.
Confirm your default model uses the openrouter/ namespace (e.g. openrouter/anthropic/claude-sonnet-4—verify IDs on openrouter.ai/models).
Restart Gateway: openclaw gateway restart.
Smoke test in WebChat or a paired channel with a short prompt.

CLI alternative

openclaw models auth login --provider openrouter
openclaw doctor
openclaw gateway restart

Exact flags drift—confirm with openclaw models auth --help on your build.

Verify and harden

Run openclaw security audit --deep after changing auth (upgrade hardening).
Check SQLite-backed auth profiles survived restart (v2026.6.5+ stable behavior; beta continues the trend).
For multi-model routing patterns see OpenRouter routing playbook and example setups & cost.

Troubleshooting

OAuth option missing — Upgrade to v2026.6.6+ or use an API key on older builds.
Redirect fails on VPS — OAuth needs a reachable browser session; use API keys on headless servers.
401 after upgrade — Re-run openclaw models auth login or openclaw doctor --fix; check bounded OAuth timeouts in beta release notes.