What is the OpenClaw Gateway?
The Gateway is the always-on process at the heart of OpenClaw — it connects your chat apps to your agent. Here's what it does, in plain language.
The Gateway is the single always-on program at the center of an OpenClaw setup. It holds your agent’s sessions, connects your chat apps (Telegram, WhatsApp, Discord and others), and routes every message between you and the agent. If the Gateway isn’t running, your agent isn’t reachable.
One process, three jobs
When you install OpenClaw, you’re really installing a small family of pieces — a command-line tool, a web dashboard, config files, a workspace — and it’s easy to lose track of what actually runs. The answer is one thing: the Gateway. OpenClaw’s own docs call it the single source of truth for sessions, routing, and channel connections. In practice it does three jobs:
- It keeps your conversations. Sessions — the running context of each conversation with your agent — live in the Gateway, with isolated sessions per agent, workspace, or sender.
- It connects your chat apps. Channels like Telegram, WhatsApp, Discord, Signal, and Slack all plug into the Gateway. You message your agent in an app you already use; the Gateway is the thing on the other end.
- It routes everything. Messages, images, audio, documents — the Gateway decides which agent and session each one belongs to and carries the reply back.
Gateway, daemon, dashboard — what’s the difference?
Three words that confuse almost everyone on day one:
- The Gateway is the program itself — the process doing the work described above.
- The daemon is how the Gateway stays running. When you run
openclaw onboard --install-daemon, OpenClaw registers the Gateway as a background service on your machine, so it starts automatically and keeps running after you close the terminal. - The dashboard (also called the Control UI) is the web page you open to talk to and manage your agent —
openclaw dashboardopens it in your browser. It’s a window onto the Gateway, not a separate system.
Where it runs — and who can reach it
By default the Gateway binds to loopback — your machine’s private internal address (127.0.0.1). That means only programs on the same computer can connect to it. Your browser on the same laptop? Fine. Anyone else on the internet? They can’t reach it at all, which is exactly what you want.
This default is doing real security work. An OpenClaw agent can run commands, read and write files, and browse the web on the machine it lives on — so the question “who can talk to the Gateway?” is really the question “who can act on this computer?” OpenClaw’s docs are blunt about it: never expose the Gateway unauthenticated to the open internet. If you’re curious what can go wrong and what the safe alternatives look like, we’ve written that up separately.
It wants to run all the time
The Gateway is designed to be always on. That’s what makes an OpenClaw agent feel like an agent rather than a chatbot tab: it can receive a message at 7am, run a scheduled job overnight, or keep working after you close your laptop — but only if the machine it lives on stays awake and connected.
This is the single biggest thing to decide before you settle in with OpenClaw: which machine is the always-on one? A laptop that sleeps when you close the lid takes your agent down with it. That’s why many people move the Gateway to a small cloud machine — either one they rent and manage themselves, or a managed home like an Everpod pod, where the always-on part, the security, and the backups are someone else’s job.