Why does MiniMax return 401 in OpenClaw?

OpenClaw sends the API key in the request body by default. MiniMax expects it in the Authorization header. Setting authHeader to true switches to header-based auth.

What is the fastest stable fix?

Set provider.minimax.authHeader to true in your config and restart the gateway service.

Is there an upstream fix already?

Yes. OpenClaw v2026.2.26 defaults MiniMax authHeader to true for new installs. Existing configs need manual update.

How do I verify it is fixed?

Run doctor, send a real MiniMax request, and confirm no 401 lines appear in gateway logs during that request window.

Fix MiniMax 401 Unauthorized

Misleading Error — Your Key Is Probably Fine

This 401 error is not caused by an invalid API key. The key works when you test MiniMax directly — it only fails inside OpenClaw because the auth format is wrong. Don't rotate your key; fix the config instead.

OpenClaw sends MiniMax API credentials in the request body by default. MiniMax's API expects them in the Authorization HTTP header. This format mismatch causes every request to return 401 Unauthorized even though your key is valid. One config flag fixes it.

Related report: openclaw/openclaw#28458.

Next Step

Fix now, then reduce repeat incidents

If this issue keeps coming back, validate your setup in Doctor first, then harden your config.

Open Doctor Harden Config

Need proactive alerts? Join Monitor early access.

Jump to Section

What the Error Looks Like Why This Happens 30-Second Fix Confirm It's This Issue Version & Upstream Status Verify Fix Still Getting 401

What the Error Looks Like

401 Unauthorized — MiniMax API

error: authentication failed for provider "minimax"

[gateway] minimax request failed: 401

MiniMax: Invalid authentication credentials

The error appears in gateway logs for every MiniMax API call. The Gateway retries the same request format, so it fails repeatedly until you fix the auth header configuration.

Why This Happens

Body-based auth vs header-based auth

Most LLM providers (OpenAI, DeepSeek, Anthropic) accept API keys in the Authorization header. MiniMax also requires header auth, but OpenClaw's default MiniMax provider config sends credentials in the request body. The MiniMax API ignores body-based auth and returns 401.

Config created before v2026.2.26

If you set up MiniMax before the v2026.2.26 release, your config was generated with the old default (authHeader: false or absent). The fix in v2026.2.26 only applies to new configs — existing configs need manual update.

Config Wizard template was outdated

The ClawKit Config Wizard MiniMax template also didn't include authHeader until we updated it. If you generated your config via the Wizard before the fix, the field is missing.

30-Second Fix

Add authHeader: true

Add the authHeader field to your MiniMax provider config. This tells OpenClaw to send the API key in the HTTP Authorization header instead of the request body.

Option A — Edit config file directly

# ~/.openclaw/config.json
{
  "provider": {
    "minimax": {
      "apiKey": "YOUR_MINIMAX_KEY",
      "authHeader": true
    }
  }
}

openclaw gateway restart

Option B — Use CLI config command

openclaw config set provider.minimax.authHeader true
openclaw gateway restart

Option C — Use Config Wizard (recommended)

# Open https://getclawkit.com/tools/config and select MiniMax template

How to Confirm It's This Issue

Before applying the fix, verify you have the auth format problem and not a different 401 cause:

Same key works with direct MiniMax API test

Use curl or Postman to call MiniMax directly with your API key. If it works, the key is valid — the issue is format.

Error only appears inside OpenClaw

Gateway logs show 401 on MiniMax requests, but no other provider errors.

Config has no authHeader field

Check your config: if provider.minimax.authHeader is missing or false, this is the issue.

Quick diagnostic — check logs for MiniMax 401

openclaw logs --tail 200 | grep -Ei 'minimax|401|unauthorized|authentication'

Check current authHeader value

openclaw config get provider.minimax

Version & Upstream Status

Issue

openclaw/openclaw#27600

Fixed in

v2026.2.26 (new configs only)

Action needed

Existing configs must add authHeader: true manually

Verify the Fix

Post-fix verification

# Step 1: Run doctor
openclaw doctor

# Step 2: Send a real MiniMax request in your normal workflow
# (chat, agent task, etc.)

# Step 3: Check logs — should have zero 401 lines
openclaw logs --tail 100 | grep -Ei '401|unauthorized'

If the grep returns empty results after sending a MiniMax request, the fix is confirmed. You should see 200 or lane task done in the logs instead.

Still Getting 401?

If 401 persists after setting authHeader: true, the problem may be account-level rather than config-level:

API key has insufficient permissions

Log into the MiniMax platform and check your key's scope. Some keys are restricted to specific models or endpoints.

Account region restriction

MiniMax may restrict API access by region. Check if your server IP is in a supported region.

Key was rotated/revoked

Generate a new API key from the MiniMax platform and update your config.

Rate limit disguised as 401

Some providers return 401 instead of 429 during rate limiting. Wait 60 seconds and retry.

Run the Doctor

npx clawkit-doctor@latest

Checks provider config, API key validity, auth header settings, and gateway connectivity.

Fix It Faster With Our Tools

Config Wizard

Generate a production-ready clawhub.json in 30 seconds.

Local Doctor

Diagnose Node.js, permissions, and config issues instantly.

Cost Simulator

Calculate your agent burn rate before you get surprised.

Gateway Monitor

Detect token spikes and gateway incidents before users complain.

Skill Finder

Describe your use case and find the right Claude Code skill instantly.

Did this guide solve your problem?