Skip to main content

Registration API

Register self-hosted (Home) and linked (Link) agent installations. These endpoints are backend-only and support the Home and Link deployment modes alongside the default Cloud mode.
Home mode runs the agent container on your own hardware via Docker. Link mode connects an existing OpenClaw instance to the Agentbot platform. Cloud mode (the default) runs the agent on Agentbot infrastructure.

Install script

Returns the Home mode installation shell script. No authentication required. The response content type is text/plain. This script automates the setup of a self-hosted agent container. Pipe it to your shell to begin the Home mode installation:
Returns the Link mode setup shell script. No authentication required. The response content type is text/plain. This script connects an existing OpenClaw instance to the Agentbot platform. Pipe it to your shell to begin the Link mode setup:

Validate API key

Validates a bearer token by computing a SHA-256 hash of the raw key and looking it up in the api_keys database table. Raw keys are never stored or compared directly. No session authentication is required — the API key is passed in the Authorization header.
The web application’s key validation endpoint uses a separate bcrypt-based lookup with the sk_ prefix convention. The backend endpoint documented here uses SHA-256 hashing and does not require the sk_ prefix.

Headers

Response

Errors

Register Home installation

Registers a Home mode installation. Requires identity headers (x-user-email, x-user-id, x-user-role) set by the authenticated frontend. The backend middleware extracts these headers but does not independently verify a bearer token on this route.
The web proxy forwards identity headers from the active session. The backend authenticate middleware reads these headers and attaches them to the request context. If no headers are provided, userId defaults to anonymous.

Request body

Response

Errors

Registers a Link mode installation that connects an existing OpenClaw instance. Requires identity headers (x-user-email, x-user-id, x-user-role) set by the authenticated frontend.
The web proxy forwards identity headers from the active session. The backend authenticate middleware reads these headers and attaches them to the request context. If no headers are provided, userId defaults to anonymous.

Request body

Response

Errors

List installations

Returns all registered installations across all deployment modes. Requires identity headers (x-user-email, x-user-id, x-user-role) set by the authenticated frontend.

Response

Errors

Registration heartbeat

Reports the status of a registered installation. When the userId matches a known registration, the last_seen timestamp is updated and the status is set to active. Requires authentication.
This is a backend registration heartbeat for Home and Link installations. It is separate from the web heartbeat settings endpoint, which configures heartbeat scheduling for the web dashboard.

Authentication

This endpoint uses the authenticate middleware which reads identity headers (x-user-email, x-user-id, x-user-role) from the request. If no headers are provided, the middleware assigns default values (userId defaults to anonymous) and the request proceeds. The middleware does not reject unauthenticated requests.

Request body

Response