Client self-authorization (OAuth)

You will authorize integrations yourself by clicking OAuth consent screens. We do not ask for passwords. You can revoke access at any time.

The workflow

We send you an authorization link (or you run a one-line command) for each integration.
You approve the scopes (we recommend least-privilege scopes).
You copy the resulting token/credential file into a designated location (we provide exact paths).
We verify access with evidence-based commands and show you the outputs.

Common integrations

Google (Gmail / Calendar / Drive)

You will see a Google consent screen. Confirm the account and requested scopes.
Prefer a dedicated service account or a dedicated Google Workspace user if possible.
After approval, you’ll receive a credential artifact (token JSON). Store it only on the machine running OpenClaw.
Revocation: Google Account → Security → Third-party access → remove access.

Slack

Authorize a Slack app with the minimal scopes needed (read vs write).
Use a dedicated Slack workspace/app whenever possible.
Revocation: Workspace settings → Manage apps → remove app.

Notion

Authorize the integration and explicitly select the pages/databases it can access.
Use a dedicated workspace integration token when possible.
Revocation: Notion Settings → Connections → remove connection.

How to share credentials safely (async)

Preferred: you place the credential file directly on the machine running OpenClaw (we provide the path).
If you must send something: share a temporary secure file link (expiring) and revoke/rotate after setup.
Never paste long-lived secrets into public tickets or shared docs.

If you’re uncomfortable granting access

That’s normal. We can still deliver a Setup Kit using mock/test integrations and a clean “wiring diagram”. You can then authorize production access later and re-run the verification steps.