“Pairing” is OpenClaw’s explicit owner approval step. It is used in two places:

1. DM pairing (who is allowed to talk to the bot)
2. Node pairing (which devices/nodes are allowed to join the gateway network)

Security context: Security

When a channel is configured with DM policy pairing, unknown senders get a short code and their message is not processed until you approve.

Default DM policies are documented in: Security

Pairing codes:

• 8 characters, uppercase, no ambiguous chars (0O1I).
• Expire after 1 hour. The bot only sends the pairing message when a new request is created (roughly once per hour per sender).
• Pending DM pairing requests are capped at 3 per channel by default; additional requests are ignored until one expires or is approved.

openclaw pairing list telegram
openclaw pairing approve telegram <CODE>

Supported channels: telegram, whatsapp, signal, imessage, discord, slack.

Stored under ~/.openclaw/credentials/:

• Pending requests: <channel>-pairing.json
• Approved allowlist store: <channel>-allowFrom.json

Treat these as sensitive (they gate access to your assistant).

Nodes connect to the Gateway as devices with role: node. The Gateway creates a device pairing request that must be approved.

openclaw devices list
openclaw devices approve <requestId>
openclaw devices reject <requestId>

Stored under ~/.openclaw/devices/:

• pending.json (short-lived; pending requests expire)
• paired.json (paired devices + tokens)

• The legacy node.pair.* API (CLI: openclaw nodes pending/approve) is a separate gateway-owned pairing store. WS nodes still require device pairing.

• Security model + prompt injection: Security
• Updating safely (run doctor): Updating
• Channel configs:
  • Telegram: Telegram
  • WhatsApp: WhatsApp
  • Signal: Signal
  • iMessage: iMessage
  • Discord: Discord
  • Slack: Slack