How to Fix Pairing “OpenClaw Gateway Connect Required” (1008) Error

Many OpenClaw users see the message “Terminated (1008): pairing required” when you connect the gateway to the Control UI or dashboard. This happens when the gateway and the client (browser or application) have not completed device authentication. OpenClaw enforces pairing to stop unauthorized access. When you first try to connect, the gateway expects an authorized device identity and token. If these are missing or not approved, you will see error 1008 instead of the live dashboard.

To restore the connection, you must complete the pairing and verification process. That means giving the client a gateway token and approving pending pairing requests. Once the pairing is complete, the UI connects and stays connected without showing an error.

What the Error Means

This flaw comes from OpenClaw’s security model. The gateway requires a valid token or authorized device before it can accept a WebSocket connection. Control UI runs in the browser. That browser sends the device identity to the gateway when it tries to connect. If the gateway does not accept that identity, it rejects the connection with code 1008.

Common causes include:

• Browsing the dashboard without a valid gateway token.
• It runs OpenClaw behind Docker without forwarding or trusting local network headers.
• Reinstalling the app or clearing local browser storage, which removes stored tokens.

Solve the Pairing Need

Here are the troubleshooting steps required to pair and connect the gateway.

Redeem and redeem your gateway token

• Get a token stored on your host, usually login ~/.openclaw/openclaw.json or similar setup file.
• You can also generate a new token using tools like openclaw doctor --generate-gateway-token.
• In the UI control dashboard settings, paste this token and save.
• Refresh the dashboard after saving the token to retry the connection.

Approve pending device requests

• Use the OpenClaw CLI or container to list pending pairing requests.
• To set up Docker, use a command like:

docker compose exec openclaw-gateway 
  node dist/index.js devices list

• You will see pending requests with IDs.
• To validate one, use:

docker compose exec openclaw-gateway 
  node dist/index.js devices approve 

• After authorization, the dashboard should connect without the 1008 error.

Reconfigure after configuration changes

• If you reinstall the browser application or clear the storage, the stored identity is lost.
• If so, you need to reassemble. Open the dashboard, paste the token, and approve the new device request when prompted.

Check network and proxy settings

• In other hosts or reverse proxies, requests arrive at the gateway with changed addresses.
• The gateway may treat this as a mistrust and demand match.
• Configure trusted proxies or bind the gateway to the local host where appropriate so that the client is considered local and the token is accepted.

More tips

• If you’re using Docker, make sure you’re accessing the dashboard at localhost:18789. Remote hosts or ports can be difficult to authenticate the token.
• After making the changes, restart the gateway service with openclaw gateway restart.
• If the errors persist, check the gateway logs for mismatched messages or network rejections.

The conclusion

OpenClaw stores device credentials and pairing tokens to protect remote access. This process prevents unauthenticated clients from controlling the gateway. Pairing also authorizes nodes or applications beyond the CLI terminal, to run reliably.

With the correct matching and configuration of tokens, the gateway connects properly. Then you get full access to the Control UI, logs, and management tools without repeated pairing prompts.