Web Operator API
This page summarizes the Web control-plane APIs and observability settings.
Authentication
MicroClaw Web supports:
- Session cookie login (
POST /api/auth/login,POST /api/auth/logout) - Scoped API keys (
/api/auth/api_keys) - Legacy bearer token (
web_auth_token) for compatibility
Password bootstrap behavior:
- If no operator password exists at startup, MicroClaw initializes a temporary default password:
helloworld. GET /api/auth/statusincludeshas_password,authenticated, andusing_default_password.- Web UI prompts the operator to replace the default password after sign-in (skip is allowed for testing).
- CLI helpers:
microclaw web(show usage)microclaw web password <value>microclaw web password-generatemicroclaw web password-clear
Available scopes:
operator.readoperator.writeoperator.adminoperator.approvals
Session APIs
GET /api/sessionsGET /api/history?session_key=<key>POST /api/resetPOST /api/delete_sessionPOST /api/sessions/forkGET /api/sessions/tree
Config APIs
GET /api/configPOST /api/configGET /api/config/self_check
GET /api/config returns:
- redacted
configpayload soul_files: discovered*.mdfilenames from./soulsand<data_dir>/souls(used by Web Settings per-botsoul_pathpicker)requires_restart
Metrics APIs
GET /api/metricsGET /api/metrics/summaryGET /api/metrics/history?minutes=1440&limit=2000
Metrics history is persisted in SQLite and trimmed by channels.web.metrics_history_retention_days.
OTLP Export
Optional OTLP/HTTP protobuf export:
channels:
observability:
otlp_enabled: true
otlp_endpoint: "http://127.0.0.1:4318/v1/metrics"
service_name: "microclaw"
otlp_export_interval_seconds: 15
otlp_queue_capacity: 256
otlp_retry_max_attempts: 3
otlp_retry_base_ms: 500
otlp_retry_max_ms: 8000
Exporter behavior:
- bounded queue with drop-on-full
- retry with exponential backoff
Config Self-check
GET /api/config/self_check returns startup risk warnings and risk_level (none / medium / high) to quickly spot unsafe settings.