Fix: OpenClaw 401 Invalid Bearer Token — Auth Config Mismatch
Getting 401 errors or 'No API key found for provider anthropic'? Your OpenClaw config files are probably out of sync. Here's the fix.
Fix: OpenClaw 401 Invalid Bearer Token — Auth Config Mismatch
TL;DR: Your clawdbot.json and auth-profiles.json are pointing at different profiles or modes. Align them.
The Error
401 Invalid bearer token
No API key found for provider anthropic
You might also see:
Error: Authentication failed — profile "default" not found in auth-profiles.json
provider anthropic: no valid credentials configured
Why This Happens
OpenClaw uses two config files for authentication, and they need to agree with each other:
clawdbot.json— your main config. It specifies which auth profile to use and what mode (e.g.,api-key,oauth).auth-profiles.json— defines the actual credentials for each named profile.
The 401 error happens when:
clawdbot.jsonreferences a profile name that doesn't exist inauth-profiles.json- The
modeortypefield doesn't match between the two files - You edited one file but not the other
- You copied a config from someone else and the profile names don't match yours
This is the most common auth issue in OpenClaw. (GitHub #2697)
How to Fix It
Step 1: Find your config files
# Main config
find ~ -name "clawdbot.json" 2>/dev/null
# Auth profiles
find ~ -name "auth-profiles.json" 2>/dev/null
Common locations:
~/.config/openclaw/clawdbot.json~/.config/openclaw/auth-profiles.json- Or in your project directory
Step 2: Check what profile clawdbot.json is requesting
Open your main config and look for the auth section:
cat ~/.config/openclaw/clawdbot.json | grep -A 5 "auth\|profile\|provider"
You're looking for something like:
{
"auth": {
"profile": "default",
"mode": "api-key"
}
}
Note the profile name and mode.
Step 3: Make sure auth-profiles.json matches
Open your auth profiles:
cat ~/.config/openclaw/auth-profiles.json
It should have a profile with the exact same name and the correct credentials:
{
"profiles": {
"default": {
"provider": "anthropic",
"mode": "api-key",
"apiKey": "sk-ant-your-key-here"
}
}
}
Step 4: Common mismatches to fix
Wrong profile name:
// ❌ clawdbot.json says "default", auth-profiles has "main"
// clawdbot.json
{ "auth": { "profile": "default" } }
// auth-profiles.json
{ "profiles": { "main": { ... } } } // ← rename to "default"
Wrong mode:
// ❌ clawdbot.json says "api-key" but profile says "oauth"
// Fix: make them both "api-key"
Missing provider:
// ❌ Profile exists but doesn't specify provider
{ "profiles": { "default": { "apiKey": "sk-ant-..." } } }
// ✅ Add the provider field
{ "profiles": { "default": { "provider": "anthropic", "apiKey": "sk-ant-..." } } }
Step 5: Restart and test
openclaw gateway restart
openclaw health
If openclaw health shows a green checkmark for the Anthropic provider, you're good.
How to Prevent It
- Edit both files together. Anytime you change one, check the other.
- Use environment variables instead if you only need one provider. Setting
ANTHROPIC_API_KEYbypasses the profile system entirely. - Validate your config after changes:
openclaw config validate
- Keep backups of working configs:
cp ~/.config/openclaw/clawdbot.json ~/.config/openclaw/clawdbot.json.bak
cp ~/.config/openclaw/auth-profiles.json ~/.config/openclaw/auth-profiles.json.bak
The Easy Way
lobsterfarm is a managed hosting service for OpenClaw — deployment, updates, and support handled for you.
Skip the setup. Start using your AI assistant today.
lobsterfarm gives you a fully managed OpenClaw instance — one click, your own server, running 24/7.