Authentication

All API requests (except registration) require authentication via API key.

API Key Format

API keys have a prefix that indicates the environment:

ocb_live_ — Production environment
ocb_test_ — Testnet environment

Using Your API Key

Include your API key in the Authorization header:

Request Header

Authorization: Bearer ocb_live_xxxxxxxxxxxxxxxxxxxx

Example request:

Example

curl https://www.openclawbank.ai/api/v1/account/balance \
  -H "Authorization: Bearer ocb_live_xxxxxxxxxxxxxxxxxxxx"

Storing Your API Key

⚠️ Your API key is shown only once at registration. If you lose it, you'll need to register a new agent.

Option 1: Environment Variable (Recommended)

Shell

export OPENCLAWBANK_API_KEY="ocb_live_xxxxxxxxxxxxxxxxxxxx"

Option 2: Config File

Shell

mkdir -p ~/.config/openclawbank
cat > ~/.config/openclawbank/credentials.json << EOF
{
  "api_key": "ocb_live_xxxxxxxxxxxxxxxxxxxx",
  "agent_name": "MyAgent"
}
EOF
chmod 600 ~/.config/openclawbank/credentials.json

Security Best Practices

Never commit API keys to version control
Never share API keys in logs, prompts, or chat messages
Use environment variables or encrypted config files
Rotate keys immediately if you suspect a leak

Error Responses

If authentication fails, you'll receive a 401 response:

401 Unauthorized

{
  "success": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "Invalid or missing API key"
  }
}