Providers

OpenAI

OpenClaw uses one provider id, openai, for both direct API-key auth and ChatGPT/Codex subscription auth. openai/* is the canonical model route. For embedded agent turns with runtime policy unset or auto, OpenAI's route facts decide whether OpenClaw may select the bundled Codex app-server runtime implicitly. The openai/* prefix alone does not select a runtime.

  • Agent models - openai/* through the runtime selected by explicit agentRuntime config or OpenAI's implicit route policy. Sign in with Codex auth for ChatGPT/Codex subscription use, or configure an API-key auth profile when you want key-based billing.
  • Non-agent OpenAI APIs - direct OpenAI Platform access, billed per use, through OPENAI_API_KEY or an openai API-key auth profile.
  • Legacy config - old Codex model refs and profile ids are repaired to openai/* by openclaw doctor --fix.

OpenAI explicitly supports subscription OAuth usage in external tools and workflows like OpenClaw.

Usage and cost tracking

OpenClaw keeps subscription quota and Platform API billing distinct:

  • ChatGPT/Codex OAuth shows the subscription plan, quota windows, and credit balance.
  • OPENAI_ADMIN_KEY shows 30 days of provider-reported organization cost and completions usage in Control UI Usage, including daily spend, request/token totals, top models, and cost categories.
  • OPENAI_PROJECT_ID optionally scopes Admin API history to one project.
  • OpenClaw never sends OPENAI_API_KEY or an openai inference profile to organization APIs; those credentials may belong to custom, Azure, or agent-local endpoints.

An explicit Admin key takes precedence over OAuth. Provider-reported history is not merged with OpenClaw's session-derived estimated cost; it can include API activity from other clients and provider-side billing adjustments.

OpenAI's API Usage Dashboard documentation describes the organization-owner and explicit Usage Dashboard permission requirements for usage data.

Provider, model, runtime, and channel are separate layers. If those labels are getting mixed together, read Agent runtimes before changing config.

Quick choice

Goal Use Notes
ChatGPT/Codex subscription, native Codex runtime openai/gpt-5.6-sol Fresh subscription setup; sign in with Codex auth.
Direct API-key billing for agent turns openai/gpt-5.6 plus an ordered API-key auth profile Fresh API-key setup; the bare direct-API id resolves to Sol.
Choose an exact GPT-5.6 tier openai/gpt-5.6-sol, -terra, or -luna Check models list for the tiers available to this account.
Account without GPT-5.6 access openai/gpt-5.5 Explicit recovery choice; OpenClaw does not silently downgrade.
Direct API-key billing, explicit OpenClaw runtime openai/gpt-5.6 plus provider/model agentRuntime.id: "openclaw" Select a normal openai API-key profile.
Latest ChatGPT Instant model alias openai/chat-latest Direct API-key only; moving alias, not the stable default.
Image generation or editing openai/gpt-image-2 Works with OPENAI_API_KEY or Codex OAuth.
Transparent-background images openai/gpt-image-1.5 Set outputFormat to png or webp and background=transparent.

Naming map

Name you see Layer Meaning
openai Provider prefix Canonical OpenAI model route; route facts determine the implicit runtime.
codex plugin Plugin Bundled plugin providing the native Codex app-server runtime and /codex chat controls.
provider/model agentRuntime.id: codex Agent runtime Force the native Codex app-server harness for matching embedded turns.
/codex ... Chat command set Bind/control Codex app-server threads from a conversation.
runtime: "acp", agentId: "codex" ACP session route Explicit fallback path that runs Codex through ACP/acpx.

Implicit agent runtime

When provider/model agentRuntime policy is unset or auto, OpenAI's provider-owned route policy chooses the implicit runtime from the effective endpoint and adapter:

Effective route facts Implicit runtime
Exact official Platform HTTPS endpoint with openai-responses, or exact official ChatGPT HTTPS endpoint with openai-chatgpt-responses; no authored request override Codex may be selected
Authored openai-completions adapter OpenClaw
Custom endpoint OpenClaw
Explicit exact official endpoint using HTTP Rejected
Route with an authored provider/model request override OpenClaw

An explicit non-default provider/model agentRuntime.id remains authoritative. For example, agentRuntime.id: "openclaw" keeps an otherwise Codex-eligible route on OpenClaw, while agentRuntime.id: "codex" requires Codex and fails closed when the effective route is not declared Codex-compatible. Runtime selection does not change credential type or billing: Platform API-key auth and ChatGPT/Codex subscription auth remain distinct.

openclaw doctor --fix migrates legacy Codex model refs, legacy Codex auth profile ids, and legacy Codex auth-order entries to the canonical openai route. Use auth.order.openai for new auth-order config.

GPT-5.6 limited preview

OpenClaw recognizes the exact openai/gpt-5.6-sol, openai/gpt-5.6-terra, and openai/gpt-5.6-luna model ids. All three expose xhigh and max reasoning in the current catalog. OpenAI describes Sol as the flagship tier, Terra as the balanced tier, and Luna as the fast, lower-cost tier. See the GPT-5.6 launch announcement and access guide.

With direct OpenAI API-key auth, the bare openai/gpt-5.6 id is an alias for Sol and is the fresh setup default. The native Codex catalog does not apply that direct-API alias client-side; depending on workspace access, it can show the exact Sol, Terra, and Luna ids. Fresh ChatGPT/Codex OAuth setup therefore uses openai/gpt-5.6-sol. Check the current account with:

bash
openclaw models list --provider openai

API organization and Codex workspace access can differ. If GPT-5.6 is not available, select GPT-5.5 explicitly:

bash
openclaw models set openai/gpt-5.5

OpenClaw surfaces the upstream access error and does not silently replace a GPT-5.6 selection with GPT-5.5.

OpenClaw feature coverage

OpenAI capability OpenClaw surface Status
Chat / Responses openai/<model> model provider Yes
Codex subscription models openai/<model> with OpenAI OAuth Yes
Legacy Codex model refs old Codex model refs, codex-cli/<model> Repaired by doctor to openai/<model>
Codex app-server harness Codex-compatible HTTPS route with runtime unset/auto, or explicit agentRuntime.id: codex Yes
Server-side web search Native OpenAI Responses tool Yes, when web search is enabled and no other provider is pinned
Images image_generate Yes
Videos video_generate Yes
Text-to-speech messages.tts.provider: "openai" / tts Yes
Batch speech-to-text tools.media.audio / media understanding Yes
Streaming speech-to-text Voice Call streaming.provider: "openai" Yes
Realtime voice Voice Call realtime.provider: "openai" / Control UI Talk talk.realtime.provider: "openai" Yes (OpenAI Platform API key)
Embeddings memory embedding provider Yes

Memory embeddings

OpenClaw can use OpenAI, or an OpenAI-compatible embedding endpoint, for memory_search indexing and query embeddings:

json5
{  agents: {    defaults: {      memorySearch: {        provider: "openai",        model: "text-embedding-3-small",      },    },  },}

For OpenAI-compatible endpoints that require asymmetric embedding labels, set queryInputType and documentInputType under memorySearch. OpenClaw forwards these as provider-specific input_type request fields: query embeddings use queryInputType; indexed memory chunks and batch indexing use documentInputType. See the Memory configuration reference for the full example.

Getting started

API key (OpenAI Platform)

Best for: direct API access and usage-based billing.

  • Get your API key

    Create or copy an API key from the OpenAI Platform dashboard.

  • Run onboarding

    bash
    openclaw onboard --auth-choice openai-api-key

    Or pass the key directly:

    bash
    openclaw onboard --openai-api-key "$OPENAI_API_KEY"
  • Verify the model is available

    bash
    openclaw models list --provider openai
  • Route summary

    Model ref Runtime policy or route facts Route Auth
    openai/gpt-5.6 unset/auto, exact official HTTPS native route, no request override Codex may be selected Ordered API-key auth profile
    openai/gpt-5.6 provider/model agentRuntime.id: "openclaw" OpenClaw embedded runtime Selected openai API-key profile
    openai/gpt-5.5 explicit provider/model agentRuntime.id Selected agent runtime Selected OpenAI API-key profile
    openai/* authored Completions, custom, or request override OpenClaw embedded runtime Credential type remains unchanged
    openai/* plaintext official HTTP endpoint Rejected Credential is not sent

    Config example

    json5
    {  env: { OPENAI_API_KEY: "example-openai-key-not-real" },  agents: { defaults: { model: { primary: "openai/gpt-5.6" } } },}

    The bare direct-API gpt-5.6 id resolves to the Sol tier. If this API organization does not expose GPT-5.6, set the primary to openai/gpt-5.5 explicitly.

    To try ChatGPT's current Instant model from the OpenAI API, set the model to openai/chat-latest:

    json5
    {  env: { OPENAI_API_KEY: "example-openai-key-not-real" },  agents: { defaults: { model: { primary: "openai/chat-latest" } } },}

    chat-latest is a moving alias. Fresh OpenAI API-key setup instead uses openai/gpt-5.6, whose bare direct-API id resolves to Sol. Existing explicit primaries, including openai/gpt-5.5, remain unchanged. The chat-latest alias only accepts medium text verbosity; OpenClaw forces any other requested verbosity to medium for this model.

    Codex subscription

    Best for: using your ChatGPT/Codex subscription with native Codex app-server execution instead of a separate API key. Codex cloud requires ChatGPT sign-in.

  • Run Codex OAuth

    bash
    openclaw onboard --auth-choice openai

    Or run OAuth directly:

    bash
    openclaw models auth login --provider openai

    For headless or callback-hostile setups, add --device-code to sign in with a ChatGPT device-code flow instead of the localhost browser callback:

    bash
    openclaw models auth login --provider openai --device-code
  • Use the canonical OpenAI model route

    bash
    openclaw config set agents.defaults.model.primary openai/gpt-5.6-sol

    No runtime config is required for this exact official HTTPS native route. It may select the Codex app-server runtime automatically, and OpenClaw installs or repairs the bundled Codex plugin when that runtime is chosen.

  • Verify Codex auth is available

    bash
    openclaw models list --provider openai

    After the gateway is running, send /codex status or /codex models in chat to verify the native app-server runtime.

  • Route summary

    Model ref Runtime policy or route facts Route Auth
    openai/gpt-5.6-sol unset/auto, exact official HTTPS native route, no request override Codex may be selected Codex sign-in, or an ordered openai auth profile
    openai/gpt-5.6-terra unset/auto, exact official HTTPS native route, no request override Codex may be selected Codex sign-in when the catalog exposes Terra
    openai/gpt-5.6-luna unset/auto, exact official HTTPS native route, no request override Codex may be selected Codex sign-in when the catalog exposes Luna
    openai/gpt-5.6-sol provider/model agentRuntime.id: "openclaw" OpenClaw embedded runtime, internal Codex-auth transport Selected openai OAuth profile
    openai/gpt-5.5 explicit provider/model agentRuntime.id Selected agent runtime Selected OpenAI auth profile
    openai/* authored Completions, custom, or request override OpenClaw embedded runtime Credential requirement remains route-specific
    openai/* plaintext official HTTP endpoint Rejected Credential is not sent
    Legacy Codex GPT-5.5 ref repaired by doctor Rewritten to openai/gpt-5.5 Migrated OpenAI OAuth profile
    codex-cli/gpt-5.5 repaired by doctor Rewritten to openai/gpt-5.5 Codex app-server auth

    Config example

    json5
    {  plugins: { entries: { codex: { enabled: true } } },  agents: {    defaults: {      model: { primary: "openai/gpt-5.6-sol" },    },  },}

    With an API-key backup, keep the selected model under openai/* and put the auth order under openai. OpenClaw tries the subscription first, then the API key, while staying on the Codex harness:

    json5
    {  plugins: { entries: { codex: { enabled: true } } },  agents: {    defaults: {      model: { primary: "openai/gpt-5.6-sol" },    },  },  auth: {    order: {      openai: [        "openai:user@example.com",        "openai:api-key-backup",      ],    },  },}

    Check and recover Codex OAuth routing

    bash
    openclaw models statusopenclaw models auth list --provider openaiopenclaw config get agents.defaults.model --jsonopenclaw config get models.providers.openai.agentRuntime --json

    For a specific agent, add --agent <id>:

    bash
    openclaw models status --agent <id>openclaw models auth list --agent <id> --provider openai

    If an older config still has legacy Codex GPT refs, or a stale OpenAI runtime session pin without explicit runtime config, repair it:

    bash
    openclaw doctor --fixopenclaw config validate

    If models auth list --provider openai shows no usable profile, sign in again:

    bash
    openclaw models auth login --provider openaiopenclaw models status --probe --probe-provider openai

    Use --profile-id for multiple Codex OAuth logins in the same agent, then control them via auth ordering or /model ...@<profileId>:

    bash
    openclaw models auth login --provider openai --profile-id openai:ritsukoopenclaw models auth login --provider openai --profile-id openai:lain

    Run openclaw doctor --fix to migrate older legacy OpenAI Codex prefix profile ids and order entries before relying on profile ordering.

    Status indicator

    Chat /status shows which model runtime is active for the current session. The bundled Codex app-server harness appears as Runtime: OpenAI Codex when an eligible implicit route or explicit provider/model runtime policy selects it.

    Doctor warning

    If legacy Codex model refs or stale OpenAI runtime pins remain in config or session state, openclaw doctor --fix rewrites them to openai/* with the Codex runtime unless OpenClaw is explicitly configured.

    Context window cap

    OpenClaw treats model metadata and the runtime context cap as separate values. For openai/gpt-5.5 through the Codex OAuth catalog:

    • Native contextWindow: 400000
    • Default runtime contextTokens cap: 272000

    The smaller default cap has better latency and quality characteristics in practice. Override it with contextTokens:

    json5
    {  models: {    providers: {      openai: {        models: [{ id: "gpt-5.5", contextTokens: 160000 }],      },    },  },}

    Catalog recovery

    OpenClaw uses upstream Codex catalog metadata for gpt-5.5 when it is present. If live Codex discovery omits the gpt-5.5 row while the account is authenticated, OpenClaw synthesizes that OAuth model row so cron, sub-agent, and configured default-model runs do not fail with Unknown model.

    Native Codex app-server auth

    The native Codex app-server harness uses openai/* model refs when an eligible exact official HTTPS route selects it implicitly, or when provider/model agentRuntime.id: "codex" selects it explicitly. Its auth is still account-based. OpenClaw selects auth in this order:

    1. Ordered OpenAI auth profiles for the agent, preferably under auth.order.openai. Run openclaw doctor --fix to migrate older legacy Codex auth profile ids and auth order.
    2. The app-server's existing account, such as a local Codex CLI ChatGPT sign-in. For the default isolated agent home, OpenClaw bridges that native CLI account into the app-server through its login RPC; it does not share the CLI's config, plugins, or thread store.
    3. For local stdio app-server launches only, and only when the app-server reports no account: CODEX_API_KEY, then OPENAI_API_KEY.

    A local ChatGPT/Codex subscription sign-in is not replaced just because the gateway process also has OPENAI_API_KEY for direct OpenAI models or embeddings. The env API-key fallback applies only to the local stdio no-account path; it is never sent over WebSocket app-server connections. When a subscription-style Codex profile is selected, OpenClaw also keeps CODEX_API_KEY and OPENAI_API_KEY out of the spawned stdio app-server child and sends the selected credentials through the app-server login RPC instead.

    When that subscription profile is blocked by a Codex usage limit, OpenClaw marks the profile blocked until Codex's advertised reset time and lets auth ordering rotate to the next openai:* profile, without changing the selected model or dropping out of the Codex harness. Once the reset time passes, the subscription profile is eligible again.

    Image generation

    The bundled openai plugin registers image generation through the image_generate tool. It supports both OpenAI API-key and Codex OAuth image generation through the same openai/gpt-image-2 model ref.

    Capability OpenAI API key Codex OAuth
    Model ref openai/gpt-image-2 openai/gpt-image-2
    Auth OPENAI_API_KEY OpenAI Codex OAuth sign-in
    Transport OpenAI Images API Codex Responses backend
    Max images per request 4 4
    Edit mode Enabled (up to 5 reference images) Enabled (up to 5 reference images)
    Size overrides Supported, including 2K/4K sizes Supported, including 2K/4K sizes
    Aspect ratio / resolution Not forwarded to OpenAI Images API Mapped to a supported size when safe
    json5
    {  agents: {    defaults: {      imageGenerationModel: { primary: "openai/gpt-image-2" },    },  },}

    gpt-image-2 is the default for OpenAI text-to-image generation and image editing. gpt-image-1.5, gpt-image-1, and gpt-image-1-mini remain usable as explicit model overrides. Use openai/gpt-image-1.5 for transparent-background PNG/WebP output; the current gpt-image-2 API rejects background: "transparent".

    For a transparent-background request, call image_generate with model: "openai/gpt-image-1.5", outputFormat: "png" or "webp", and background: "transparent"; the older openai.background provider option is still accepted. OpenClaw also protects the public OpenAI and OpenAI Codex OAuth routes by rewriting default openai/gpt-image-2 transparent requests to gpt-image-1.5; Azure and custom OpenAI-compatible endpoints keep their configured deployment/model names.

    The same setting is exposed for headless CLI runs:

    bash
    openclaw infer image generate \  --model openai/gpt-image-1.5 \  --output-format png \  --background transparent \  --prompt "A simple red circle sticker on a transparent background" \  --json

    Use the same --output-format and --background flags with openclaw infer image edit when starting from an input file. --openai-background remains available as an OpenAI-specific alias. Use --quality low|medium|high|auto to control OpenAI Images quality and cost. Use --openai-moderation low|auto to pass OpenAI's moderation hint from either image generate or image edit.

    For ChatGPT/Codex OAuth installs, keep the same openai/gpt-image-2 ref. When an openai OAuth profile is configured, OpenClaw resolves that stored OAuth access token and sends image requests through the Codex Responses backend; it does not first try OPENAI_API_KEY or silently fall back to an API key. Configure models.providers.openai explicitly with an API key, custom base URL, or Azure endpoint when you want the direct OpenAI Images API route instead. If that custom image endpoint is on a trusted LAN/private address, also set browser.ssrfPolicy.dangerouslyAllowPrivateNetwork: true; OpenClaw keeps private/internal OpenAI-compatible image endpoints blocked unless this opt-in is present.

    Generate:

    Code
    /tool image_generate model=openai/gpt-image-2 prompt="A polished launch poster for OpenClaw on macOS" size=3840x2160 count=1

    Generate a transparent PNG:

    Code
    /tool image_generate model=openai/gpt-image-1.5 prompt="A simple red circle sticker on a transparent background" outputFormat=png background=transparent

    Edit:

    Code
    /tool image_generate model=openai/gpt-image-2 prompt="Preserve the object shape, change the material to translucent glass" image=/path/to/reference.png size=1024x1536

    Video generation

    The bundled openai plugin registers video generation through the video_generate tool.

    Capability Value
    Default model openai/sora-2
    Modes Text-to-video, image-to-video, single-video edit
    Reference inputs 1 image or 1 video
    Size overrides Supported for text-to-video and image-to-video
    Aspect ratio Converted to the closest supported size, not forwarded raw
    Other overrides resolution, audio, watermark are unsupported and dropped with a tool warning

    OpenAI image-to-video requests use POST /v1/videos with an image input_reference. Single-video edits use POST /v1/videos/edits with the uploaded video in the video field.

    json5
    {  agents: {    defaults: {      videoGenerationModel: { primary: "openai/sora-2" },    },  },}

    GPT-5 prompt contribution

    OpenClaw adds a shared GPT-5 prompt contribution for GPT-5-family models on the openai provider (including legacy pre-repair Codex refs that normalize to openai/*). Other providers that also serve GPT-5-family model ids, such as OpenRouter or opencode routes, do not receive this overlay; it is gated on provider id openai, not on model id alone. Older GPT-4.x models never receive it.

    The native Codex app-server harness does not receive the persona/tool- discipline behavior contract or the friendly interaction-style overlay through developer instructions; native Codex keeps Codex-owned base, model, and project-doc behavior, and OpenClaw disables Codex's built-in personality for native threads so agent workspace personality files stay authoritative. OpenClaw contributes only runtime context to native Codex threads: channel delivery, OpenClaw dynamic tools, ACP delegation, workspace context, and OpenClaw skills. The heartbeat-guidance text from this same contribution is the one exception: native Codex heartbeat turns do get it, injected as dedicated collaboration instructions rather than through the shared prompt-contribution hook.

    The GPT-5 contribution adds a tagged behavior contract for persona persistence, execution safety, tool discipline, output shape, completion checks, and verification on matching OpenClaw-assembled prompts. Channel- specific reply and silent-message behavior stays in the shared OpenClaw system prompt and outbound delivery policy. The friendly interaction-style layer is separate and configurable.

    Value Effect
    "friendly" (default) Enable the friendly interaction-style layer
    "on" Alias for "friendly"
    "off" Disable only the friendly style layer

    Config

    json5
    {  agents: {    defaults: {      promptOverlays: {        gpt5: { personality: "friendly" },      },    },  },}

    CLI

    bash
    openclaw config set agents.defaults.promptOverlays.gpt5.personality off

    Voice and speech

    Speech synthesis (TTS)

    The bundled openai plugin registers speech synthesis for the messages.tts surface.

    Setting Config path Default
    Model messages.tts.providers.openai.model gpt-4o-mini-tts
    Voice messages.tts.providers.openai.speakerVoice coral
    Speed messages.tts.providers.openai.speed (unset)
    Instructions messages.tts.providers.openai.instructions (unset, gpt-4o-mini-tts only)
    Format messages.tts.providers.openai.responseFormat opus for voice notes, mp3 for files
    API key messages.tts.providers.openai.apiKey Falls back to OPENAI_API_KEY
    Base URL messages.tts.providers.openai.baseUrl https://api.openai.com/v1
    Extra body messages.tts.providers.openai.extraBody / extra_body (unset)

    Available models: gpt-4o-mini-tts, tts-1, tts-1-hd. Available voices: alloy, ash, ballad, cedar, coral, echo, fable, juniper, marin, onyx, nova, sage, shimmer, verse.

    extraBody is merged into /audio/speech request JSON after OpenClaw's generated fields, so use it for OpenAI-compatible endpoints that require additional keys such as lang. Prototype keys are ignored.

    json5
    {  messages: {    tts: {      providers: {        openai: { model: "gpt-4o-mini-tts", speakerVoice: "coral" },      },    },  },}
    Speech-to-text

    The bundled openai plugin registers batch speech-to-text through OpenClaw's media-understanding transcription surface.

    • Default model: gpt-4o-transcribe
    • Endpoint: OpenAI REST /v1/audio/transcriptions
    • Input path: multipart audio file upload
    • Used wherever inbound audio transcription reads tools.media.audio, including Discord voice-channel segments and channel audio attachments

    To force OpenAI for inbound audio transcription:

    json5
    {  tools: {    media: {      audio: {        models: [          {            type: "provider",            provider: "openai",            model: "gpt-4o-transcribe",          },        ],      },    },  },}

    Language and prompt hints are forwarded to OpenAI when supplied by the shared audio media config or per-call transcription request.

    Realtime transcription

    The bundled openai plugin registers realtime transcription for the Voice Call plugin.

    Setting Config path Default
    Model plugins.entries.voice-call.config.streaming.providers.openai.model gpt-4o-transcribe
    Language ...openai.language (unset)
    Prompt ...openai.prompt (unset)
    Silence duration ...openai.silenceDurationMs 800
    VAD threshold ...openai.vadThreshold 0.5
    Auth ...openai.apiKey, OPENAI_API_KEY, or openai API-key profile Platform API key required
    Realtime voice

    The bundled openai plugin registers realtime voice for the Voice Call plugin.

    Setting Config path Default
    Model plugins.entries.voice-call.config.realtime.providers.openai.model gpt-realtime-2.1
    Voice ...openai.voice alloy
    Temperature (Azure deployment bridge) ...openai.temperature 0.8
    VAD threshold ...openai.vadThreshold 0.5
    Silence duration ...openai.silenceDurationMs 500
    Prefix padding ...openai.prefixPaddingMs 300
    Reasoning effort ...openai.reasoningEffort (unset)
    Auth openai API-key profile, ...openai.apiKey, or OPENAI_API_KEY OpenAI Platform API key required

    Available built-in Realtime voices for gpt-realtime-2.1: alloy, ash, ballad, coral, echo, sage, shimmer, verse, marin, cedar. OpenAI recommends marin and cedar for the best Realtime quality. This is a separate set from the Text-to-speech voices above; a TTS-only voice such as fable, nova, or onyx is not valid for Realtime sessions. Set the model explicitly to gpt-realtime-2.1-mini when you prefer the smaller, lower-cost Realtime 2.1 variant.

    Azure OpenAI endpoints

    The bundled openai provider can target an Azure OpenAI resource for image generation by overriding the base URL. On the image-generation path, OpenClaw detects Azure hostnames on models.providers.openai.baseUrl and switches to Azure's request shape automatically.

    Use Azure OpenAI when:

    • You already have an Azure OpenAI subscription, quota, or enterprise agreement
    • You need regional data residency or compliance controls Azure provides
    • You want to keep traffic inside an existing Azure tenancy

    Configuration

    For Azure image generation through the bundled openai provider, point models.providers.openai.baseUrl at your Azure resource and set apiKey to the Azure OpenAI key (not an OpenAI Platform key):

    json5
    {  models: {    providers: {      openai: {        baseUrl: "https://<your-resource>.openai.azure.com",        apiKey: "<azure-openai-api-key>",      },    },  },}

    OpenClaw recognizes these Azure host suffixes for the Azure image-generation route:

    • *.openai.azure.com
    • *.services.ai.azure.com
    • *.cognitiveservices.azure.com

    For image-generation requests on a recognized Azure host, OpenClaw:

    • Sends the api-key header instead of Authorization: Bearer
    • Uses deployment-scoped paths (/openai/deployments/{deployment}/...)
    • Appends ?api-version=... to each request
    • Uses a 600s default request timeout for Azure image-generation calls. Per-call timeoutMs values still override this default.

    Other base URLs (public OpenAI, OpenAI-compatible proxies) keep the standard OpenAI image request shape.

    API version

    Set AZURE_OPENAI_API_VERSION to pin a specific Azure preview or GA version for the Azure image-generation path:

    bash
    export AZURE_OPENAI_API_VERSION="2024-12-01-preview"

    The default is 2024-12-01-preview when the variable is unset.

    Model names are deployment names

    Azure OpenAI binds models to deployments. For Azure image-generation requests routed through the bundled openai provider, the model field in OpenClaw must be the Azure deployment name you configured in the Azure portal, not the public OpenAI model id.

    If you create a deployment called gpt-image-2-prod that serves gpt-image-2:

    Code
    /tool image_generate model=openai/gpt-image-2-prod prompt="A clean poster" size=1024x1024 count=1

    The same deployment-name rule applies to any image-generation call routed through the bundled openai provider.

    Regional availability

    Azure image generation is currently available only in a subset of regions (for example eastus2, swedencentral, polandcentral, westus3, uaenorth). Check Microsoft's current region list before creating a deployment, and confirm the specific model is offered in your region.

    Parameter differences

    Azure OpenAI and public OpenAI do not always accept the same image parameters. Azure may reject options public OpenAI allows (for example certain background values on gpt-image-2) or expose them only on specific model versions. These differences come from Azure and the underlying model, not OpenClaw. If an Azure request fails with a validation error, check the parameter set supported by your specific deployment and API version in the Azure portal.

    Advanced configuration

    The per-model params examples below shape OpenClaw's embedded provider request. Configuring them is authored request behavior, so an otherwise eligible auto route stays on OpenClaw instead of selecting Codex implicitly. The native Codex app-server harness owns its own transport and request settings; explicit agentRuntime.id: "codex" fails closed when the effective route is not declared Codex-compatible.

    Transport (WebSocket vs SSE)

    OpenClaw uses WebSocket-first with SSE fallback ("auto") for openai/*.

    In "auto" mode, OpenClaw:

    • Retries one early WebSocket failure before falling back to SSE
    • After a failure, marks WebSocket as degraded for 60 seconds and uses SSE during cool-down
    • Attaches stable session and turn identity headers for retries and reconnects
    • Normalizes usage counters (input_tokens / prompt_tokens) across transport variants
    Value Behavior
    "auto" (default) WebSocket first, SSE fallback
    "sse" Force SSE only
    "websocket" Force WebSocket only
    json5
    {  agents: {    defaults: {      models: {        "openai/gpt-5.5": {          params: { transport: "auto" },        },      },    },  },}

    Related OpenAI docs:

    Fast mode

    OpenClaw exposes a shared fast-mode toggle for openai/*:

    • Chat/UI: /fast status|auto|on|off
    • Config: agents.defaults.models["<provider>/<model>"].params.fastMode

    When enabled, OpenClaw maps fast mode to OpenAI priority processing (service_tier = "priority"). Existing service_tier values are preserved, and fast mode does not rewrite reasoning or text.verbosity. fastMode: "auto" starts new model calls fast until the auto cutoff, then starts later retry, fallback, tool-result, or continuation calls without fast mode. The cutoff defaults to 60 seconds; set params.fastAutoOnSeconds on the active model to change it.

    json5
    {  agents: {    defaults: {      models: {        "openai/gpt-5.5": { params: { fastMode: "auto", fastAutoOnSeconds: 30 } },      },    },  },}
    Priority processing (service_tier)

    OpenAI's API exposes priority processing via service_tier. Set it per model in OpenClaw:

    json5
    {  agents: {    defaults: {      models: {        "openai/gpt-5.5": { params: { serviceTier: "priority" } },      },    },  },}

    Supported values: auto, default, flex, priority.

    Server-side compaction (Responses API)

    For direct OpenAI Responses models (openai/* on api.openai.com), the OpenAI plugin's OpenClaw stream wrapper auto-enables server-side compaction:

    • Forces store: true (unless model compat sets supportsStore: false)
    • Injects context_management: [{ type: "compaction", compact_threshold: ... }]
    • Default compact_threshold: 70% of contextWindow (or 80000 when unavailable)

    This applies to the built-in OpenClaw runtime path and to OpenAI provider hooks used by embedded runs. The native Codex app-server harness manages its own context through Codex and is not affected by this setting.

    Enable explicitly

    Useful for compatible endpoints like Azure OpenAI Responses:

    json5
    {  agents: {    defaults: {      models: {        "azure-openai-responses/gpt-5.5": {          params: { responsesServerCompaction: true },        },      },    },  },}

    Custom threshold

    json5
    {  agents: {    defaults: {      models: {        "openai/gpt-5.5": {          params: {            responsesServerCompaction: true,            responsesCompactThreshold: 120000,          },        },      },    },  },}

    Disable

    json5
    {  agents: {    defaults: {      models: {        "openai/gpt-5.5": {          params: { responsesServerCompaction: false },        },      },    },  },}
    Strict-agentic GPT mode

    For openai provider GPT-5-family models run through OpenClaw's embedded runtime, OpenClaw already defaults to a stricter execution contract called strict-agentic. It auto-activates whenever the resolved provider is openai and the model id matches the GPT-5 family, unless config explicitly opts back out:

    json5
    {  agents: {    defaults: {      embeddedAgent: { executionContract: "default" },    },  },}

    Setting "strict-agentic" explicitly is a no-op on a supported lane (it is already the default) and inert on unsupported provider/model pairs.

    With strict-agentic active, OpenClaw:

    • Auto-enables update_plan for substantial work
    • Retries structurally empty or reasoning-only turns with a visible-answer continuation
    • Uses explicit harness plan events when the selected harness provides them

    OpenClaw does not classify assistant prose to decide whether a turn is a plan, progress update, or final answer.

    Native vs OpenAI-compatible routes

    OpenClaw treats direct OpenAI, Codex, and Azure OpenAI endpoints differently from generic OpenAI-compatible /v1 proxies:

    Native routes (openai/*, Azure OpenAI):

    • Keep reasoning: { effort: "none" } only for models that support the OpenAI none effort
    • Omit disabled reasoning for models or proxies that reject reasoning.effort: "none"
    • Default tool schemas to strict mode
    • Attach hidden attribution headers on verified native hosts only (Azure OpenAI does not get these headers, even though it is a native route)
    • Keep OpenAI-only request shaping (service_tier, store, reasoning-compat, prompt-cache hints)

    Proxy/compatible routes:

    • Use looser compat behavior
    • Strip Completions store from non-native openai-completions payloads
    • Accept advanced params.extra_body/params.extraBody pass-through JSON for OpenAI-compatible Completions proxies
    • Accept params.chat_template_kwargs for OpenAI-compatible Completions proxies such as vLLM
    • Do not force strict tool schemas or native-only headers
    Was this useful?
    On this page

    On this page