• Home
  • About Me
  • Associated Pages
  • Historical
  • Privacy

Wonko.Net

OpenClaw Projects

OpenClaw: Adding Multiple Codex OAuth Accounts for Automatic Failover

By admin on Friday, March 6, 2026
Diagram showing OpenClaw rotating between two Codex OAuth accounts to handle rate limits and provide automatic failover.

Adding multiple OAuth accounts for the same provider in OpenClaw is one of those features that sounds simple — until you actually try to set it up. The good news: OpenClaw does support rotating through multiple accounts automatically. If one account hits a rate limit, gets a billing issue, or has an auth failure, the system silently switches to the next one.

The bad news: openclaw configure --section model replaces the existing profile instead of adding to it. That behavior caught me off guard and wasted more time than it should have.


Why Bother?

Two main reasons:

Rate-limit and reliability insurance — OpenClaw rotates through all profiles for the same provider before falling back to a different model entirely. With two accounts, you get real redundancy without any manual intervention.

Cost arithmetic — I burned through a week’s worth of tokens in two days. At current pricing, two separate monthly accounts often costs less than upgrading to a business-tier plan, especially when business usually requires annual prepayment.

This technique scales to as many accounts as you want.


The Problem with openclaw configure

Running openclaw configure --section model twice in a row doesn’t add a second account. It replaces the first one. So the correct flow is: run configure once per account, save the auth file in between, then manually merge them.


The Process

Step 1 — Log in with your first account:

openclaw configure --section model

Complete the browser-based OAuth flow with account #1.

Step 2 — Back up the auth file immediately:

cp ~/.openclaw/agents/main/agent/auth-profiles.json \
   ~/.openclaw/agents/main/agent/auth-profiles.account1.bak

Don’t skip this. This backup is your only copy of account #1’s tokens after the next step.

Step 3 — Run configure again for the second account:

openclaw configure --section model

Sign in with account #2. This overwrites the file with only the new profile.

Step 4 — Merge both profiles:

python3 - << 'EOF'
import json

BAK_FILE  = "/home/USER/.openclaw/agents/main/agent/auth-profiles.account1.bak"
LIVE_FILE = "/home/USER/.openclaw/agents/main/agent/auth-profiles.json"

with open(BAK_FILE) as f:
    acct1 = json.load(f)

with open(LIVE_FILE) as f:
    acct2 = json.load(f)

merged = {
    "version": 1,
    "profiles": {
        "openai-codex:account1": acct1["profiles"]["openai-codex:default"],
        "openai-codex:account2": acct2["profiles"]["openai-codex:default"],
    },
    "usageStats": acct2.get("usageStats", {})
}

with open(LIVE_FILE, "w") as f:
    json.dump(merged, f, indent=2)

print("Merged. Profiles:", list(merged["profiles"].keys()))
EOF

Adjust the profile names (openai-codex:account1, openai-codex:account2) to whatever makes sense for your accounts — I use short memorable labels tied to which ChatGPT subscription each one belongs to.

Step 5 — Verify both accounts are in there:

python3 - << 'EOF'
import json, base64

with open("/home/USER/.openclaw/agents/main/agent/auth-profiles.json") as f:
    data = json.load(f)

for key, profile in data["profiles"].items():
    token = profile.get("access", "")
    if token:
        payload = token.split(".")[1]
        payload += "=" * (4 - len(payload) % 4)
        decoded = json.loads(base64.b64decode(payload))
        email = decoded.get("https://api.openai.com/profile", {}).get("email", "unknown")
        print(f"{key:30} → {email}")
EOF

You should see both accounts listed with their email addresses.

Step 6 — Set the rotation order and restart:

openclaw config set auth.order '{"openai-codex": ["openai-codex:account1", "openai-codex:account2"]}'
openclaw gateway restart

This tells OpenClaw to try account1 first, then fall back to account2 on failure.


How Failover Behaves

OpenClaw rotates through the listed profiles when it encounters:

  • 429 rate limit
  • 401/403 auth issues
  • Timeouts that look like rate limiting
  • Billing/credit failures

Each failed profile gets an exponential backoff cooldown: 1 minute → 5 minutes → 25 minutes → 1 hour cap. If all profiles for the provider are in cooldown, OpenClaw moves to the next model in your agents.defaults.model.fallbacks chain.

You can also manually switch mid-session with:

/model gpt-5.2@openai-codex:account2

Summary

StepCommand
First loginopenclaw configure --section model
Back up auth filecp auth-profiles.json auth-profiles.account1.bak
Second loginopenclaw configure --section model (again)
MergeRun the Python merge script above
VerifyRun the Python email decoder script above
Set rotation orderopenclaw config set auth.order '{…}'
Applyopenclaw gateway restart

Once you know that configure overwrites instead of appending, the rest is straightforward. Hopefully this saves someone else a few hours of head-scratching.

ai infrastructure ai tooling api failover api rate limits api reliability auth profiles automation cli tools codex developer tools devops json configuration multi-account oauth oauth oauth failover openai codex OpenClaw python scripting reliability engineering
0
Previous Post
Next Post
Related Posts
Cartoon rabbit with glasses shining a flashlight into a hole filled with “smbclient” gremlins while debugging a Nextcloud 502 error and password configuration issue.
AI Home Server OpenClaw Projects Tech Support

Upstreaming a Fix: The Nextcloud SMB Password Rabbit Hole (and Why OpenClaw Caught What I Missed)

Broken arcade claw machine labeled “OpenClaw” with an out-of-order sign and abandoned toys inside, symbolizing failed promises.
AI Musings OpenClaw Projects

The Broken Promises of OpenClaw

Cartoon illustration of a frustrated sysadmin at a terminal showing a WebSocket error "1008: pairing required". A small lobster tangled in cables is being blocked by a padlock labeled "nginx" while trying to connect a plug labeled "sub-agent" to the gateway. The sysadmin points triumphantly at a config file showing ws://127.0.0.1:18789.
AI Home Server Musings OpenClaw Projects

OpenClaw Sub-Agent Spawning Fails: “gateway closed (1008): pairing required”

Recent Posts

  • Why Are All the Top Local AI Models Chinese?
  • Upstreaming a Fix: The Nextcloud SMB Password Rabbit Hole (and Why OpenClaw Caught What I Missed)
  • OpenClaw: Adding Multiple Codex OAuth Accounts for Automatic Failover
  • The Broken Promises of OpenClaw
  • OpenClaw Sub-Agent Spawning Fails: “gateway closed (1008): pairing required”

Recent Comments

  1. Upstreaming a Fix: The Nextcloud SMB Password Rabbit Hole (and Why OpenClaw Caught What I Missed) - Wonko's Web Pages on Fixing the SMB Password Error in Nextcloud (Yunohost)
  2. How to Reset Service Interval on 2017 Maserati Quattroporte - Wonko's Web Pages on Replacing the Humidity Sensor Module in a Maserati: A Step-by-Step Guide
  3. admin on Navigating the Age of Misinformation: The Quest for Quasi-Informed Understanding
  4. Rp on Navigating the Age of Misinformation: The Quest for Quasi-Informed Understanding
  5. M DIAS on Connecting SharePoint to NextCloud

Archives

  • March 2026
  • February 2026
  • December 2025
  • September 2025
  • August 2025
  • January 2025
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • March 2024
  • February 2024
  • September 2023
  • March 2023
  • April 2021
  • March 2021
  • February 2021
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019

Categories

  • AI
  • Announcements
  • Cars
  • Compaq
  • Home Server
  • Household Tech
  • Musings
  • OpenClaw
  • Projects
  • Random Projects
  • Subaru Sambar
  • Tech Support
  • Uncategorized
  • Vine
  • Wifi Wasp
  • World
©2013-2025 Wonko.net. All Rights Reserved Theme by Scissor Themes Proudly powered by WordPress