Agents API
Create, manage, and interact with agents.All agent endpoints that require authentication are scoped to the authenticated user’s data through row-level security. You can only access agents that belong to your account.
List agents
401 error.
Response (backend)
The backend returns a flat array of agent objects:Response (web proxy)
The web proxy wraps the response in an object:The backend and web proxy return different response shapes. The backend returns a flat array with
created, subdomain, and url fields. The web proxy wraps the data in an agents key and includes name, model, websocketUrl, createdAt, and updatedAt fields.Create agent
Request body
Response (201 Created)
Errors
For provisioning an agent with messaging channel tokens and a live Render service deployment, use
POST /api/agents/provision or POST /api/provision instead.Get agent
Response (backend)
The backend returns the agent object directly without a wrapper:Response (web proxy)
The web proxy wraps the agent in an object:The backend returns the agent object directly. The web proxy wraps it in an
agent key and adds a top-level status field.Errors
Update agent
Request body
Response
Errors
To update agent configuration through the web proxy with session authentication, use
PUT /api/agents/:id/config instead.Delete agent
Response
Errors
The backend uses best-effort cleanup (service destruction and metadata removal). If the agent does not exist, the operation succeeds silently and returns
deleted: true.Provision agent
Provisioning requests may be processed asynchronously through the background task queue. The agent is created immediately with a
provisioning status and transitions to running once the backend deployment endpoint confirms the deployment. If deployment fails, the status changes to error.The provisioning endpoint calls
POST /api/deployments on the backend to deploy the agent as a Render service. The request includes a 15-second timeout. When the model is set to claude-opus-4-6, the AI provider is automatically set to anthropic; otherwise it falls back to the provider specified in the agent configuration (default: openrouter). The plan sent to the backend defaults to label when no tier is specified.Request body
The web proxy enforces agent limits based on the subscription tier (
starter: 1, pro: 3, enterprise: 100). The backend provisioning route (POST /api/provision) enforces its own limits (solo: 1, collective: 3, label: 10, network: practically unlimited). Plan resource allocations: solo → 2 GB RAM / 1 CPU, collective → 4 GB RAM / 2 CPUs, label → 8 GB RAM / 4 CPUs, network → 16 GB RAM / 4 CPUs. The limit cannot be overridden in the request body.Admin bypass
Admin users (configured viaADMIN_EMAILS) are exempt from the following restrictions:
- Subscription requirement — admins can provision agents without an active subscription (the
402error is not returned). - Agent limit — admins receive an elevated agent slot limit instead of the plan-based cap.
Response (201 Created)
Errors
Clone agent
This endpoint uses the x402 Tempo protocol for payment verification. The payment must be completed on the Tempo chain (chain ID
4217) before calling this endpoint.Request body
Payment proof object
Response (200)
Errors
Clone service health
List provisioned agents
Response
Errors
Get agent configuration
Response
Errors
Update agent configuration
Response
Errors
Get agent logs
Query parameters
Response
Errors
Stream agent logs
The live log streaming endpoints (
/api/logs/:agentId/stream, /api/logs/:agentId/history, POST /api/logs/:agentId/stop, and GET /api/logs/active) are planned for a future release. See the live log tail page for the intended specification.Get agent messages
Query parameters
Response
Errors
Get agent stats
Response (live)
Response (mock fallback)
When the backend is unavailable, mock data is returned with"status": "mock":
Agent lifecycle
Lifecycle operations are available at two endpoint patterns depending on which service you call:- Web proxy:
/api/instance/:userId/{action}— requires session authentication and proxies to the backend. - Backend direct:
/api/agents/:id/{action}— requires API key authentication.
All lifecycle operations require the Render API to be available. When the Render API is unreachable, these endpoints return
500 with an error message describing the failure. You can check availability using the backend health endpoint — when the docker field is unavailable, lifecycle operations will fail. The API itself continues to serve non-lifecycle endpoints normally.Start agent
Stop agent
Restart agent
Update agent image
Request body
Response
When the new service fails to start, the endpoint reverts to
previousImage. The caller still receives a 500 error, but the agent is restored to its prior working state. The pre-update backup remains available at backupPath for manual recovery if needed.Errors
Repair agent
Reset agent memory
Lifecycle error responses
Backend lifecycle endpoints return the following shape on failure:Get instance details
Response
Get instance stats
Response
Get agent gateway token
OPENCLAW_GATEWAY_TOKEN environment variable is not set) use 16 bytes (32 hex characters).
Errors
Agent verification
Agents can be verified using multiple verification types:eas (Ethereum Attestation Service), coinbase, ens, or webauthn.
Get verification status
The backend GET endpoint uses
/api/agents/:id/verification while POST and DELETE use /api/agents/:id/verify. The web API proxies all three methods through /api/agents/:id/verify.Verify agent
Request body
Requires
Content-Type: application/json header.The web API always sets
verified: true on success. When calling the backend directly, you can pass verified, verifierAddress, and metadata explicitly.Response
Errors
Remove verification
Provision with channel tokens
MUX_TOKEN_ID and MUX_TOKEN_SECRET are configured, the backend creates a real Mux live stream via the Mux API with public playback policy. When Mux credentials are not configured, placeholder streaming credentials are returned instead.
Request body
When a session is active, the server resolves the user email from the session via
getServerSession. If the email field is also present in the request body, the request body value takes precedence. The resolved email is sent to the backend provisioning service in the X-User-Email header.Response
The proxy returns a filtered subset of the backend response:The
/api/provision proxy returns only success, userId, subdomain, url, streamKey, and liveStreamId. The full response shape from the backend provisioning service is shown below.Full backend response
When calling the backend provisioning service directly, the response includes additional fields.The
container object is included when the backend successfully creates a service for the agent. If service creation fails (for example, when the Render API is unavailable), provisioning still succeeds and the container field is omitted. The agent can operate using API-side processing until the service becomes available. You can check Render API availability using the backend health endpoint.Errors
AI provider defaults
EachaiProvider value maps to a default model and base URL. There are two model configurations: the container config (used by the agent’s internal gateway) and the provision response metadata (aiProviderConfig field). These may differ.
Container config models
These models are configured inside the agent service at provisioning time and are used by the gateway’s model fallback chain:Provision response metadata models
TheaiProviderConfig object returned in the provision response uses different default models:
Each provider includes a fallback model in the service config that is used automatically when the primary model is unavailable or returns an error.
minimax is available as a fallback in the provider configuration map but is not currently accepted as a value for the aiProvider request parameter. Passing minimax as aiProvider returns a 400 validation error. This provider may be enabled in a future release.Channel configuration
When an agent is provisioned, its channel configuration is generated based on the tokens provided. All channels share a set of defaults and each channel type has specific settings.Channel defaults
Telegram channel settings
Discord channel settings
WhatsApp channel settings
Group chat mention patterns
All channels that support group chat use the following default mention patterns:@agent and agent. The agent only responds in group conversations when one of these patterns is detected in the message.
Tool profiles
Each agent is assigned a tool profile at provisioning time based on its plan tier. The tool profile determines which built-in tools the agent can use.The tool profile is set once at service creation and persists for the lifetime of the agent. Upgrading your plan does not automatically change the tool profile of existing agents — you need to reprovision the agent or use the repair endpoint to apply the new profile.
browser and canvas tools inside agent services. The coding profile includes shell commands (ls, cat, grep, curl, git, node, python3, and others) while the messaging profile restricts the agent to chat-oriented capabilities.
Deploy agent (backend)
This is a backend-only endpoint. It deploys an agent as a Render web service and requires a
Content-Type: application/json header. Requires bearer token authentication. Rate limited to 5 requests per minute per IP.Request body
Response (201 Created)
Response (200 Already Active)
If the agent service is already running, returns the existing deployment details with the same shape as the 201 response.Errors
OpenClaw version (backend)
Response
List instances (backend)
Response
Errors
Get instance service stats (backend)
Path parameters
Response
Agent interaction
userId is always bound to the authenticated session and cannot be overridden by the client.
GET actions
Pass theaction query parameter to select the operation.
List endpoints
Health
List sessions
Get session
Memory
Skills
Credentials
POST actions
Pass theaction field in the request body.