Skip to main content
ClawUp exposes a public HTTP API so you can build integrations, CLIs, and automation on top of your account — without scraping the dashboard. The API is described by a machine-readable OpenAPI 3.1 spec, so you can also generate a client SDK in your language of choice.
Status: Draft v1. The spec currently covers authentication and the read-only catalog endpoints (plans, models, runtimes, tools, team templates). More endpoints are being added over time. Documented endpoints are stable — we only add fields, never rename or remove them, without a version bump.

Base URL

https://api.clawup.org
Every endpoint lives under /api/v1/.

The OpenAPI spec

The full machine-readable spec is served straight from the backend and always matches the live API (it’s generated from the server code, so it never drifts): 
GET https://api.clawup.org/openapi.json
Point any OpenAPI tool at that URL to explore endpoints or generate a typed client: 
# Generate a TypeScript client
npx @openapitools/openapi-generator-cli generate \
  -i https://api.clawup.org/openapi.json \
  -g typescript-fetch \
  -o ./clawup-client

Authentication

All API calls authenticate with an API key passed as a Bearer token: 
Authorization: Bearer cu_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
A key grants the same access as your account, so treat it like a password.

Creating an API key

  1. Sign in at clawup.org.
  2. Go to Account → API Keys.
  3. Click Create key. The new key appears in the list.
  4. Click Reveal to show the key, then Copy it.
Keys are hidden by default and shown only when you reveal them. You can set an optional expiry when creating a key, and Revoke a key at any time — revoked keys stop working immediately.
Keys are prefixed cu_. Older keys with an eb_ prefix continue to work.

Quick example

Verify your key by fetching your own account: 
curl https://api.clawup.org/api/v1/auth/me \
  -H "Authorization: Bearer cu_your_key_here"

{
  "id": "0553776e-62bf-49be-ad29-4ab320a6afc3",
  "email": "you@example.com",
  "credit_balance_cents": 0,
  "is_node_admin": false,
  "created_at": "2026-05-06T07:14:56.272Z",
  "last_login_at": "2026-05-06T07:14:56.272Z",
  "login_count": 1
}

Available endpoints (v1)

MethodPathDescription
GET/api/v1/auth/meThe currently authenticated user
GET/api/v1/plansSubscription plans and their limits
GET/api/v1/modelsProvider × model catalog
GET/api/v1/runtime/imagesAvailable runtime types and images
GET/api/v1/toolsMCP tool catalog
GET/api/v1/teams/templatesBuilt-in team templates
See https://api.clawup.org/openapi.json for the authoritative, always-current list, request/response schemas, and which endpoints require authentication.

Errors

Errors use a consistent JSON shape: 
{ "error": "AUTH_401", "message": "missing or invalid credentials" }
The error field is a stable string code (e.g. AUTH_401); message is human-readable and may change. A 401 means the key is missing, invalid, expired, or revoked.

Versioning

Every route is under /api/v1/. Breaking changes ship as a new version (/api/v2/) and the old version keeps working during a deprecation window. Within a version, we only add optional request fields and additive response fields.