Skip to main content
Archal has two auth layers: one for the Archal API (sessions, twins, billing) and optionally one for your execution engine (running the agent).

Archal API auth

Browser login

archal login
Opens a browser, you approve, and credentials get saved to ~/.archal/credentials.json. Done.

API key

Create one from the dashboard: 
export ARCHAL_TOKEN=archal_...
This is what you want for CI and automation.

Engine auth (API mode only)

If your engine endpoint needs a token (e.g. an OpenClaw gateway), pass it separately: 
export ARCHAL_ENGINE_TOKEN="<your-engine-token>"
OPENCLAW_GATEWAY_TOKEN still works as a fallback. Local mode doesn’t need engine auth. Your harness handles its own credentials.

Check everything

archal doctor
Validates auth, direct model-key availability for bundled/local harnesses, config, Node version, and the rest of the stack.