OpenClaw FAQ: API Keys, Billing, and Account Security

API Key FAQs

Question: What should I do if my API key suddenly stops working and I can't call the model?
Your OpenClaw API key may become invalid due to expiration, manual revocation, or security restrictions. First, log in to the OpenClaw console and check the key status on the "API Keys" page. If it shows "Inactive," generate a new key and replace the old one. Note: each account can have up to 5 active keys—remember to delete unused old keys when rotating frequently.

Question: How do I troubleshoot a 401 error when calling the API?
A 401 error means authentication failed. Make sure the "Authorization" header in your request uses the format "Bearer <your_api_key>" and that the key contains no extra spaces. If you store the key in an environment variable, double-check the variable name for typos. Also, keys from free trial accounts may be automatically disabled after the trial ends—you'll need to upgrade to a paid plan to continue using them.

Billing & Invoice Issues

Question: Why is my bill higher than expected?
OpenClaw charges per token, and prices vary by model. Higher-than-expected costs may result from: 1) using a high-precision model (e.g., Claw-4) without checking its rate; 2) including large system prompts or long conversation history in requests, which increases token consumption. We recommend setting a "max_tokens" limit in your API requests and checking the daily/hourly usage breakdown on the "Usage" page in the console. If you see an unusual spike, inspect your code for loop errors.

Question: How do I request a tax invoice after subscribing?
Go to the "Billing" section in your OpenClaw account settings, click "Invoice History," and select the billing record you want an invoice for. You can enter your company name, tax ID, and registered address. Note: personal accounts can only generate personal invoices; after business verification, you can choose a corporate invoice. Invoices are usually sent to your registered email within 3–5 business days.

Account Security & Access Management

Question: How can I prevent others from misusing my API key?
OpenClaw offers an "IP Whitelist" feature—go to the "Security" page to set the allowed IP ranges for API calls. If you're unsure of your IP, use the "Temporary Key" mechanism and set a short validity period (e.g., 1 hour). Also, avoid hardcoding your API key in frontend code; use a backend proxy instead. Regularly check "API Logs" in the console to spot unusual access sources.

Question: What should I do if my account is locked?
Account locks usually happen after multiple failed login attempts or exceeding API rate limits. Try these steps: 1) wait 15–30 minutes for automatic unlock (short-term lock); 2) reset your password and log in again; 3) if you see "Suspended," contact OpenClaw support with your registered email and explain the situation. Note: violating the terms of service (e.g., bulk registration, malicious scraping) may result in a permanent ban with no appeal option.