​

Tools Invoke (HTTP)

• POST /tools/invoke
• Same port as the Gateway (WS + HTTP multiplex): http://<gateway-host>:<port>/tools/invoke

​

Authentication

• Authorization: Bearer <token>

• When gateway.auth.mode="token", use gateway.auth.token (or OPENCLAW_GATEWAY_TOKEN).
• When gateway.auth.mode="password", use gateway.auth.password (or OPENCLAW_GATEWAY_PASSWORD).

​

Request body

{
  "tool": "sessions_list",
  "action": "json",
  "args": {},
  "sessionKey": "main",
  "dryRun": false
}

• tool (string, required): tool name to invoke.
• action (string, optional): mapped into args if the tool schema supports action and the args payload omitted it.
• args (object, optional): tool-specific arguments.
• sessionKey (string, optional): target session key. If omitted or "main", the Gateway uses the configured main session key (honors session.mainKey and default agent, or global in global scope).
• dryRun (boolean, optional): reserved for future use; currently ignored.

​

Policy + routing behavior

• tools.profile / tools.byProvider.profile
• tools.allow / tools.byProvider.allow
• agents.<id>.tools.allow / agents.<id>.tools.byProvider.allow
• group policies (if the session key maps to a group or channel)
• subagent policy (when invoking with a subagent session key)

• x-openclaw-message-channel: <channel> (example: slack, telegram)
• x-openclaw-account-id: <accountId> (when multiple accounts exist)

​

Responses

• 200 → { ok: true, result }
• 400 → { ok: false, error: { type, message } } (invalid request or tool error)
• 401 → unauthorized
• 404 → tool not available (not found or not allowlisted)
• 405 → method not allowed

​

Example

curl -sS http://127.0.0.1:18789/tools/invoke \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "tool": "sessions_list",
    "action": "json",
    "args": {}
  }'