vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-05 22:40:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(security): mark shared-secret HTTP auth as designed

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-31 22:57:35 +09:00
parent a4d72a83f0
commit dc0e0b0f68
4 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/gateway/tools-invoke-http-api.md
View File

@@ -8,7 +8,7 @@ title: "Tools Invoke API"
# Tools Invoke (HTTP)
OpenClaws Gateway exposes a simple HTTP endpoint for invoking a single tool directly. It is always enabled and uses Gateway auth plus tool policy, but unlike the OpenAI-compatible `/v1/*` surface, shared-secret bearer auth is not enough to use it.
OpenClaws Gateway exposes a simple HTTP endpoint for invoking a single tool directly. It is always enabled and uses Gateway auth plus tool policy. Like the OpenAI-compatible `/v1/*` surface, shared-secret bearer auth is treated as trusted operator access for the whole gateway.
- `POST /tools/invoke`
- Same port as the Gateway (WS + HTTP multiplex): `http://<gateway-host>:<port>/tools/invoke`