Registration API
Register self-hosted (Home) and linked (Link) agent installations. These endpoints are backend-only and support the Home and Link deployment modes alongside the default Cloud mode.Home mode runs the agent container on your own hardware via Docker. Link mode connects an existing OpenClaw instance to the Agentbot platform. Cloud mode (the default) runs the agent on Agentbot infrastructure.
Install script
text/plain.
This script automates the setup of a self-hosted agent container. Pipe it to your shell to begin the Home mode installation:
Link script
text/plain.
This script connects an existing OpenClaw instance to the Agentbot platform. Pipe it to your shell to begin the Link mode setup:
Validate API key
api_keys database table. Raw keys are never stored or compared directly. No session authentication is required — the API key is passed in the Authorization header.
The web application’s key validation endpoint uses a separate bcrypt-based lookup with the
sk_ prefix convention. The backend endpoint documented here uses SHA-256 hashing and does not require the sk_ prefix.Headers
Response
Errors
Authentication
All registration endpoints use the backendauthenticate middleware, which extracts user context from identity headers (x-user-email, x-user-id, x-user-role).
When the HMAC_SECRET environment variable is configured (falls back to INTERNAL_API_KEY), the middleware requires an additional x-user-signature header containing an HMAC-SHA256 signature of the identity payload. The frontend signs the string {userId}:{userEmail}:{userRole} with the shared secret.
Register Home installation
The web proxy forwards identity headers from the active session. The backend
authenticate middleware reads these headers and attaches them to the request context. If no headers are provided, userId defaults to anonymous.Request body
Response
Errors
Register Link installation
The web proxy forwards identity headers from the active session. The backend
authenticate middleware reads these headers and attaches them to the request context. If no headers are provided, userId defaults to anonymous.Request body
Response
Errors
List installations
Response
Errors
Registration heartbeat
userId matches a known registration, the last_seen timestamp is updated and the status is set to active. Requires authentication.
This is a backend registration heartbeat for Home and Link installations. It is separate from the web heartbeat settings endpoint, which configures heartbeat scheduling for the web dashboard.
Endpoint authentication
This endpoint uses theauthenticate middleware. See authentication above for the full header requirements including HMAC signature verification. When HMAC_SECRET is not configured, the middleware assigns default values (userId defaults to anonymous) and the request proceeds without rejecting unauthenticated requests.