OpenClaw API Key vs OAuth: What Changed in 2026
Anthropic restricted direct OAuth in 2026. Learn how OpenClaw API key authentication still works, what changed, and the best way to set up your credentials.
The OpenClaw Anthropic API key vs OAuth question became relevant after Anthropic tightened its developer policy in early 2026, restricting certain OAuth-based access patterns that some third-party OpenClaw integrations had relied on. If you've seen errors related to "unauthorized OAuth grant" or suddenly found your Anthropic connection broken, here's what changed and how to fix it.
What Was the OAuth Flow?
Before 2026, some OpenClaw skill developers used Anthropic's OAuth flow to authenticate users directly through their Claude.ai accounts, allowing a "Login with Claude" pattern that didn't require users to generate their own API keys. This lowered the barrier to entry considerably.
What Anthropic Changed
In February 2026, Anthropic updated its developer terms to require that third-party applications using Claude must authenticate via direct API keys, not by proxying through OAuth flows that use a developer's OAuth credentials to serve multiple end users. This closed a pattern where skill authors were essentially running Claude proxies using their own API account, billing themselves for other users' usage.
What Still Works: Direct API Keys
The standard OpenClaw authentication model — using your own Anthropic API key directly in your OpenClaw configuration — was unaffected by this change and works exactly as before:
{
"llm": {
"provider": "anthropic",
"api_key": "sk-ant-api03-YOUR_KEY_HERE",
"model": "claude-3-5-sonnet-20261022"
}
}
This is the recommended and fully supported authentication method for OpenClaw.
OpenRouter as an Alternative
OpenRouter provides a unified API for 100+ LLM providers including Anthropic models. If you want to use Claude through OpenClaw without managing an Anthropic account directly, OpenRouter accepts a single API key and routes requests to your chosen model:
{
"llm": {
"provider": "openrouter",
"api_key": "sk-or-YOUR_OPENROUTER_KEY",
"model": "anthropic/claude-3-5-sonnet"
}
}
Getting Your Anthropic API Key
- Sign up at console.anthropic.com
- Navigate to API Keys → Create Key
- Copy the key immediately (it's only shown once)
- Paste it into your OpenClaw configuration
nacre.sh and This Change
nacre.sh's BYOK model was unaffected by Anthropic's OAuth changes since nacre.sh always used direct API key authentication. You provide your own key, and nacre.sh stores it encrypted in your isolated instance.
Frequently Asked Questions
Will Anthropic restore OAuth access for OpenClaw integrations?
Unlikely in the short term. Anthropic's policy shift reflects a broader move toward usage accountability — each user should authenticate with their own account and their own billing.
Can I share one Anthropic API key across multiple OpenClaw instances?
Technically yes, but Anthropic's rate limits apply per key. For multiple production instances, using separate keys (or an OpenRouter account that manages rate limits internally) is more reliable.
What about the old skill that used "Login with Claude"?
Skills that previously used the OAuth flow need to be updated by their authors to use standard API key authentication. Check ClawHub for updated versions.
nacre.sh
Run OpenClaw without the server headaches
Dedicated instance, automatic TLS, nightly backups, and 290+ LLM integrations. Live in under 90 seconds from $12/month.
Deploy your agent →