Step-by-Step Fix
1. Read the Full Error in Cron Logs
In the OpenClaw dashboard, navigate to your cron job, open the Run History tab, and click on the failed run. Expand the log output. A 401 error from the Anthropic API looks like:
Error: 401 Unauthorized
{"error": {"type": "authentication_error", "message": "Invalid API key"}}
Note the exact error type. authentication_error confirms it is an API key problem. permission_error would indicate a different issue with your Anthropic account tier.
2. Verify the API Key in Anthropic Console
Go to console.anthropic.com > API Keys. Confirm:
- Your key is listed (not deleted)
- Status shows Active
- The key has not exceeded any usage limits that caused suspension
If the key is missing or revoked, click Create Key, name it (e.g., openclaw-cron), copy the value, and proceed to step 3.
3. Update the Key in Your OpenClaw Cron Job
In OpenClaw:
- Open Workflows or Cron Jobs in the sidebar
- Click on the failing job to open its configuration
- Scroll to Environment Variables
- Find
ANTHROPIC_API_KEY— if it is missing, click Add Variable - Paste the new key value
- Click Save
The key is encrypted at rest in OpenClaw and is not visible in plaintext after saving.
4. Manually Trigger the Job to Confirm the Fix
Do not wait for the next scheduled run. Click Run Now to trigger the cron job immediately. Watch the live log output. If authentication succeeds, you will see the agent begin processing within a few seconds rather than returning a 401 error.
5. Check for Workspace-Level Key Conflicts
If you have multiple workspaces in OpenClaw, each workspace has its own environment configuration. A key that works in workspace A does not automatically apply to workspace B. Confirm you are editing the correct workspace's cron job settings.
6. Confirm the Anthropic API Tier Matches Your Model Usage
A 401 error can also appear if your Anthropic API account is on a tier that does not permit the model your agent is requesting. For example, using claude-opus-4-5 on a free-tier key may produce authentication or permission errors. Go to console.anthropic.com > Usage Limits to confirm your tier, and adjust the model in your OpenClaw agent configuration if necessary.
Why This Happens
OpenClaw agents call Anthropic's Claude API directly using the key you provide. The 401 error originates from Anthropic's servers, not from OpenClaw itself. This occurs because cron jobs run in isolated worker containers that do not inherit environment variables from your local machine or browser session. Each cron job must have its own explicitly configured API key. Keys also get invalidated when you delete them from Anthropic's console, change your Anthropic account email, or when Anthropic suspends a key due to policy violations.
Common Mistakes to Avoid
- Assuming the key from a working manual run applies to cron jobs: Manual runs and cron job workers are separate execution environments. Always set the key explicitly in the cron job's environment variable panel.
- Copying the key with trailing whitespace: When pasting into OpenClaw's environment variable input, a single invisible space at the end will cause a 401. Use a plain text editor to inspect the value before pasting.
- Not testing after rotation: After updating an API key, always trigger a manual run to confirm success before the next scheduled execution.
- Using a key from the wrong Anthropic account: If you have multiple Anthropic accounts, ensure the key you paste belongs to the account with the correct billing and model access.
Q: Does the Anthropic API key expire automatically?
Anthropic API keys do not have a built-in expiration date by default — they remain active until you manually revoke them, your account is suspended, or you delete them from the console. However, keys can be automatically disabled if Anthropic detects unusual usage patterns or policy violations. If a previously working key suddenly produces 401 errors, log into console.anthropic.com and check whether the key shows a warning or disabled status. In most cases, generating a fresh key and updating it in OpenClaw resolves the issue immediately.
Q: Can I use the same Anthropic API key across multiple OpenClaw workspaces?
Yes, the same Anthropic API key can be used in multiple OpenClaw workspaces or cron job configurations simultaneously. However, all usage across those jobs counts toward the same Anthropic API quota. If one workspace runs a heavy job that approaches your per-minute token limit, other concurrent jobs using the same key will receive 429 rate limit errors. For high-volume setups, consider creating separate Anthropic API keys per workspace so rate limits on one job do not affect others.
Q: How do I securely store my Anthropic API key in OpenClaw without exposing it?
OpenClaw encrypts environment variable values at rest and does not display them in plaintext after saving — you only see a masked value in the UI. For additional security, avoid hardcoding the key in agent YAML files or workflow scripts that may be stored in version control. Always add the environment variable through OpenClaw's secure environment variable panel. If your repository is shared, ensure .env files containing the key are listed in .gitignore to prevent accidental exposure.
Related Issues
- OpenClaw login & API key issues
- OpenClaw rate limits affecting runs
- OpenClaw cron job failing – find logs and root cause
- OpenClaw model access errors – plan does not allow model
Additional FAQ
Q: How do I know if the problem is on my end or the platform's side? Check the platform's official status page first — most services maintain a public status page that shows current incidents and outages. If no incident is posted and the problem only affects your account (not reported widely on Reddit or Twitter), it is likely a local issue. Testing in incognito mode and on a different network also helps isolate whether the problem is browser-specific, network-specific, or account-specific.
Q: Why do hard refresh and regular refresh fix different problems? A regular refresh (F5) reloads the page using cached resources — it does not clear JavaScript bundles, service worker state, or session cookies. A hard refresh (Ctrl+Shift+R or Cmd+Shift+R) bypasses the cache and fetches all resources fresh from the server. Regular refresh fixes transient network hiccups; hard refresh fixes stale cached code. Neither clears cookies or session tokens — for that, you need to clear site data explicitly from browser settings.
Q: When should I contact support versus waiting it out? Contact support immediately if: you were charged but did not receive access, your account was suspended without explanation, or the problem affects billing or data. Wait and retry after 30–60 minutes if: a status page shows an ongoing incident, the error message says 'try again later', or the problem started very recently. For account-specific errors with no platform-wide incident, opening a support ticket is always the right move — document what you tried and include timestamps.
Related Articles
- OpenClaw login / API key fix
- OpenClaw rate limits affecting runs
- OpenClaw agent not starting
- OpenClaw tool calls failing
Additional FAQ
Q: How do I know if the problem is on my end or the platform's side? Check the platform's official status page first — most services maintain a public status page that shows current incidents and outages. If no incident is posted and the problem only affects your account (not reported widely on Reddit or Twitter), it is likely a local issue. Testing in incognito mode and on a different network also helps isolate whether the problem is browser-specific, network-specific, or account-specific.
Related Articles
- OpenClaw login / API key fix
- OpenClaw rate limits affecting runs
- OpenClaw agent not starting
- OpenClaw tool calls failing
Additional FAQ
Q: How do I know if the problem is on my end or the platform's side? Check the platform's official status page first — most services maintain a public status page that shows current incidents and outages. If no incident is posted and the problem only affects your account (not reported widely on Reddit or Twitter), it is likely a local issue. Testing in incognito mode and on a different network also helps isolate whether the problem is browser-specific, network-specific, or account-specific.