Cloudflare AI Gateway sits in front of provider APIs and lets you add analytics, caching, and controls. For Anthropic, OpenClaw uses the Anthropic Messages API through your Gateway endpoint.
PropertyValue
Providercloudflare-ai-gateway
Base URLhttps://gateway.ai.cloudflare.com/v1/<account_id>/<gateway_id>/anthropic
Default modelcloudflare-ai-gateway/claude-sonnet-4-6
API keyCLOUDFLARE_AI_GATEWAY_API_KEY (your provider API key for requests through the Gateway)
For Anthropic models routed through Cloudflare AI Gateway, use your Anthropic API key as the provider key.
When thinking is enabled for Anthropic Messages models, OpenClaw strips trailing assistant prefill turns before sending the payload through Cloudflare AI Gateway. Anthropic rejects response prefilling with extended thinking, while ordinary non-thinking prefill remains available.

Getting started

1

Set the provider API key and Gateway details

Run onboarding and choose the Cloudflare AI Gateway auth option:
openclaw onboard --auth-choice cloudflare-ai-gateway-api-key
This prompts for your account ID, gateway ID, and API key.
2

Set a default model

Add the model to your OpenClaw config:
{
  agents: {
    defaults: {
      model: { primary: "cloudflare-ai-gateway/claude-sonnet-4-6" },
    },
  },
}
3

Verify the model is available

openclaw models list --provider cloudflare-ai-gateway

Non-interactive example

For scripted or CI setups, pass all values on the command line: 
openclaw onboard --non-interactive \
  --mode local \
  --auth-choice cloudflare-ai-gateway-api-key \
  --cloudflare-ai-gateway-account-id "your-account-id" \
  --cloudflare-ai-gateway-gateway-id "your-gateway-id" \
  --cloudflare-ai-gateway-api-key "$CLOUDFLARE_AI_GATEWAY_API_KEY"

Advanced configuration

If you enabled Gateway authentication in Cloudflare, add the cf-aig-authorization header. This is in addition to your provider API key.
{
  models: {
    providers: {
      "cloudflare-ai-gateway": {
        headers: {
          "cf-aig-authorization": "Bearer <cloudflare-ai-gateway-token>",
        },
      },
    },
  },
}
The cf-aig-authorization header authenticates with the Cloudflare Gateway itself, while the provider API key (for example, your Anthropic key) authenticates with the upstream provider.
If the Gateway runs as a daemon (launchd/systemd), make sure CLOUDFLARE_AI_GATEWAY_API_KEY is available to that process.
A key sitting only in ~/.profile will not help a launchd/systemd daemon unless that environment is imported there as well. Set the key in ~/.openclaw/.env or via env.shellEnv to ensure the gateway process can read it.

Model selection

Choosing providers, model refs, and failover behavior.

Troubleshooting

General troubleshooting and FAQ.