ClawKit Logo
ClawKitReliability Toolkit

Fix: Browser Relay Extension Rejects Token After Upgrade

Browser Relay Extension Options: Token rejected (401)
/json/version โ†’ 401 Unauthorized (with raw gateway token header)
Extension badge: (!) โ€” cannot attach

After upgrading OpenClaw, the Browser Relay Chrome extension shows a red error badge and cannot attach to browser tabs. The root cause is a token format change: the extension now expects to exchange the gateway token for a derived session token via /json/version, not use the raw token directly. Old tokens stored in the extension Options page are rejected.

Next Step

Fix now, then reduce repeat incidents

If this issue keeps coming back, validate your setup in Doctor first, then harden your config.

Open DoctorHarden Config

Jump to Fix

Clear old token from extension Get derived token from /json/version Re-pair extension with gateway Verify extension attaches

Step 1: Clear the Old Token from the Extension

  1. Open Chrome and go to chrome://extensions
  2. Find OpenClaw Browser Relay and click Details
  3. Click Extension options
  4. Clear the token field completely and click Save

Step 2: Get the Derived Token from Your Gateway

The new flow exchanges your raw gateway token for a session token via the /json/versionendpoint. Do this exchange manually to get the derived token:

Get derived token from gateway
# Replace YOUR_GATEWAY_TOKEN with your gateway.auth.token value
curl -s http://localhost:18789/json/version   -H "Authorization: Bearer YOUR_GATEWAY_TOKEN" | python3 -m json.tool

The response should include a webSocketDebuggerUrl and asessionToken field. Copy the sessionToken value.

If /json/version returns 401 even with the correct gateway token, check that your gateway.auth.token in openclaw.json matches what you are using in the header. A stale token in the config is the most common cause.

Step 3: Re-Pair the Extension

In newer versions of the Browser Relay extension, the re-pairing flow is automatic:

  1. Open the extension Options page (from chrome://extensions)
  2. Enter your gateway URL (default: http://localhost:18789) and gateway.auth.token
  3. Click Connect โ€” the extension now handles the token exchange internally
  4. The badge should turn green

If your extension is older and does not have the Connect flow, paste the derived session token (from Step 2) directly into the token field instead of the raw gateway token.

Restart gateway to reset session state
openclaw gateway restart

# Then re-open the extension options and connect

Step 4: Verify the Extension Attaches

Check extension can attach
# Test CDP endpoint is reachable with your token
curl -s http://localhost:18789/json/version   -H "Authorization: Bearer YOUR_GATEWAY_TOKEN"

# Should return 200 with browser version info โ€” not 401

Once the extension badge turns green and /json/version returns 200, open a browser tab and confirm the relay can attach. Your agent should now be able to control browser tabs via the relay.

Related browser & auth issues

Browser Control /start Hangs

Browser server hangs on Ubuntu

Remote CDP Port Blocked

Chrome DevTools Protocol access

Auth & Pairing Errors

Token and pairing issues

Browser Automation Guide

Complete browser control setup

Fix It Faster With Our Tools

Config Wizard

Generate a production-ready clawhub.json in 30 seconds.

Local Doctor

Diagnose Node.js, permissions, and config issues instantly.

Cost Simulator

Calculate your agent burn rate before you get surprised.

Skill Finder

Describe your use case and find the right Claude Code skill instantly.

Did this guide solve your problem?

Issue resolved?

Next: Make Your Agent Even Better

After fixing an error, most users explore one of these three areas:

Browser Automation

Automate web tasks without writing selectors

Long-Term Memory

Persist context and preferences across sessions

Optimize Config

Generate the best config instantly with Config Wizard

Browse 7400+ Skillsยท Obsidian & Notion WorkflowsยทCompare Model Pricing