Fix "unauthorized: gateway token missing"
Control UI Has Not Been Given the Token
Your gateway requires authentication but Control UI has not received the token yet. This is different from a mismatch — the token is absent entirely. The fix takes under 60 seconds.
OpenClaw gateways can be secured with an auth token. When gateway.auth.token is set, every client — including Control UI — must provide it. If Control UI has never been given the token (or browser storage was cleared), you see this error.
Next Step
Fix now, then reduce repeat incidents
If this issue keeps coming back, validate your setup in Doctor first, then harden your config.
Jump to Fix
What the Error Looks Like
Step 1 — Find Your Gateway Token
Get the current auth token from your gateway config:
openclaw config get gateway.auth.token
Copy the output — this is the token you need to paste into Control UI. If this returns empty, auth is not enabled (see disable auth section).
Step 2 — Paste the Token in Control UI
60-Second Fix
- Open your Control UI — usually
http://localhost:18788or your remote dashboard URL - Click Settings (gear icon) in the top-right corner
- Find the Gateway Token field
- Paste the token you copied above
- Click Save — the connection restores immediately
Token is stored in browser
Control UI saves the token in localStorage. If you clear browser data, switch browsers, or use incognito mode, you will need to paste it again. This is by design — the token never leaves your machine.
Remote Gateway Setup
If your gateway is running on a remote server, both the gateway and any client connecting to it need matching tokens:
# On the gateway server — set the auth token openclaw config set gateway.auth.token "your-secret-token" # On the client machine — set the remote token openclaw config set gateway.remote.token "your-secret-token" # Restart gateway openclaw gateway restart
For Control UI connecting to a remote gateway, open the dashboard URL of the remote gateway (e.g. http://your-server-ip:18788) and paste the token in Settings.
Disable Auth (Local Setups Only)
If you are running OpenClaw locally for personal use and do not need authentication:
# Remove the auth token (disables auth requirement) openclaw config set gateway.auth.token "" # Restart gateway openclaw gateway restart
Do not disable auth on remote or shared gateways
Without a token, anyone who can reach your gateway port can connect to it. Only disable auth if your gateway is on localhost and behind a firewall.
Token Missing vs Token Mismatch
gateway token missingCause: No token was provided at all
Fix: Paste gateway.auth.token value into Control UI Settings
gateway token mismatchCause: A token was provided, but it does not match gateway.auth.token
Fix: Ensure gateway.auth.token = gateway.remote.token on client, or re-paste the correct token in Control UI
Still Not Working?
Run the Doctor
The Doctor checks token alignment automatically. Or use the web Error Doctor to diagnose any auth error.
Related Auth Errors
Other token and auth issues:
Did this guide solve your problem?