Model providers

Using Cloudflare AI Gateway with OpenClaw

3 min read

Browse more in Model providers.

All model providers guides →

This guide shows you how to route Anthropic traffic from OpenClaw through Cloudflare AI Gateway. You will configure the provider, set a default model, and handle authenticated gateways so you get analytics and controls without changing your agents.

By the end, your OpenClaw setup will call Anthropic via your Cloudflare AI Gateway endpoint with the right headers and API keys.

Setup flow

Prerequisites

  • An existing Cloudflare AI Gateway with an Anthropic route configured, including an account ID and gateway ID.
  • An Anthropic API key that you will use as the provider API key for requests through the Gateway.
  • An OpenClaw environment where you can run the `openclaw` CLI and edit your agent configuration (local or daemonized via launchd/systemd).
  • Access to set environment variables for the OpenClaw process, such as editing `~/.openclaw/.env` or configuring `env.shellEnv`.

Steps

  1. 1

    Identify your Cloudflare AI Gateway endpoint and IDs

    Before you wire OpenClaw to Cloudflare, you need the account ID and gateway ID that form your Anthropic endpoint. OpenClaw talks to Anthropic through this URL, so make sure you copy the IDs exactly from your Cloudflare dashboard.

    You will pass these values into the onboarding command in the next step.

    text
    Base URL: `https://gateway.ai.cloudflare.com/v1/<account_id>/<gateway_id>/anthropic`
  2. 2

    Onboard Cloudflare AI Gateway with the OpenClaw CLI

    Use the interactive onboarding flow to register Cloudflare AI Gateway as a provider in your OpenClaw setup. This command prompts you for the provider API key and Gateway details so OpenClaw can call Anthropic through your Gateway.

    Pick this when you want a guided setup instead of passing everything on the command line.

    bash
    openclaw onboard --auth-choice cloudflare-ai-gateway-api-key
  3. 3

    Run a non-interactive onboarding for automated environments

    For CI, scripts, or headless servers, use the non-interactive onboarding variant. This lets you pass the account ID, gateway ID, and API key as flags so you can bake the configuration into automation.

    Make sure the `CLOUDFLARE_AI_GATEWAY_API_KEY` environment variable is set before running this command, since the CLI reads it for the API key flag.

    bash
    openclaw onboard --non-interactive \
  --mode local \
  --auth-choice cloudflare-ai-gateway-api-key \
  --cloudflare-ai-gateway-account-id "your-account-id" \
  --cloudflare-ai-gateway-gateway-id "your-gateway-id" \
  --cloudflare-ai-gateway-api-key "$CLOUDFLARE_AI_GATEWAY_API_KEY"
  4. 4

    Set the default Cloudflare AI Gateway model in your agent config

    Point your agents at the Cloudflare-backed Anthropic model so they use the Gateway by default. This config sets `cloudflare-ai-gateway/claude-sonnet-4-5` as the primary model for all agents that rely on defaults.

    Update your OpenClaw config file with this block so you do not have to specify the model on every call.

    json
    {
  agents: {
    defaults: {
      model: { primary: "cloudflare-ai-gateway/claude-sonnet-4-5" },
    },
  },
}
  5. 5

    Configure headers for authenticated Cloudflare AI Gateways

    If you enabled authentication on your Cloudflare AI Gateway, you must send the `cf-aig-authorization` header in addition to the provider API key. Add this header configuration under the `cloudflare-ai-gateway` provider so every request carries the bearer token.

    Without this, Cloudflare rejects calls even if the API key is correct.

    json
    {
  models: {
    providers: {
      "cloudflare-ai-gateway": {
        headers: {
          "cf-aig-authorization": "Bearer <cloudflare-ai-gateway-token>",
        },
      },
    },
  },
}
  6. 6

    Expose CLOUDFLARE_AI_GATEWAY_API_KEY to daemonized OpenClaw processes

    When you run OpenClaw as a daemon via launchd or systemd, the service environment often differs from your shell. You must ensure `CLOUDFLARE_AI_GATEWAY_API_KEY` is available to that process or requests through the Gateway will fail.

    shellEnv` so the daemon can read it.

    text
    If the Gateway runs as a daemon (launchd/systemd), make sure `CLOUDFLARE_AI_GATEWAY_API_KEY` is available to that process (for example, in `~/.openclaw/.env` or via `env.shellEnv`).

Configuration

OptionDescriptionExample
CLOUDFLARE_AI_GATEWAY_API_KEYYour provider API key for requests sent through the Cloudflare AI Gateway; for Anthropic models this is your Anthropic API key.sk-ant-api03-abc123-example
cloudflare-ai-gateway/claude-sonnet-4-5The default Anthropic model identifier used when routing through Cloudflare AI Gateway.cloudflare-ai-gateway/claude-sonnet-4-5
cf-aig-authorizationHTTP header used when Gateway authentication is enabled in Cloudflare, carrying the bearer token required by the AI Gateway.Bearer cf-aig-token-abc123
agents.defaults.model.primaryOpenClaw config key that sets the primary model for agents, here pointing to the Cloudflare AI Gateway-backed Anthropic model.cloudflare-ai-gateway/claude-sonnet-4-5
models.providers."cloudflare-ai-gateway".headersProvider-level headers configuration for the Cloudflare AI Gateway, where you attach the `cf-aig-authorization` token.{ "cf-aig-authorization": "Bearer cf-aig-token-abc123" }

Troubleshooting

Requests through Cloudflare AI Gateway fail when running OpenClaw as a systemd or launchd service.

The daemon process does not see `CLOUDFLARE_AI_GATEWAY_API_KEY`, so calls to Anthropic via the Gateway are unauthorized. shellEnv` in your service configuration.

bash
If the Gateway runs as a daemon (launchd/systemd), make sure `CLOUDFLARE_AI_GATEWAY_API_KEY` is available to that process (for example, in `~/.openclaw/.env` or via `env.shellEnv`).

Cloudflare AI Gateway returns authentication errors even though the provider API key is set.

If you enabled Gateway authentication in Cloudflare, the Gateway expects the `cf-aig-authorization` header in addition to your provider API key. Add the header under the `cloudflare-ai-gateway` provider configuration with a `Bearer` token so every request includes the required Gateway auth.

bash
{
  models: {
    providers: {
      "cloudflare-ai-gateway": {
        headers: {
          "cf-aig-authorization": "Bearer <cloudflare-ai-gateway-token>",
        },
      },
    },
  },
}

Frequently asked questions

Powered by Mem0

Add persistent memory to OpenClaw

Official Mem0 plugin for OpenClaw keeps context across chats and tools. Smaller prompts, lower cost, better continuity for your agents.

Read the official Mem0 guideOpen Mem0

More in Model providers

Model providers

Using Alibaba Model Studio with OpenClaw

Model providers

Using BytePlus with OpenClaw

Model providers

Using fal with OpenClaw

Model providers

Using GLM (Zhipu AI) with OpenClaw

Model providers

Using Hugging Face with OpenClaw

Model providers

Using Inferrs with OpenClaw