OpenClaw Webhooks: Connect Any App in 5 Minutes
Your Apple Watch. A Google Form. A Zapier step. A cron job. If it can send an HTTP POST, it can talk to your OpenClaw agent.
No SDK. No OAuth dance. Just a URL and a payload.
Why Webhooks First
Most "integrations" require: install our app, connect your account, grant 47 permissions. Webhooks flip it: you expose an endpoint. They send data when something happens.
OpenClaw accepts webhook events, runs your agent logic (tools, conditions, approvals), and responds. Same pattern whether the source is a wearable, a form, or a legacy system.
The Flow
Any app → POST /webhook/your-topic → OpenClaw → Agent (tools, rules) → Action (Slack, email, API, etc.)
You define what "your-topic" means and what the agent does with the payload.
Step 1: Get Your Webhook URL
With Clawctl, every tenant gets:
https://your-tenant.clawctl.com/webhook/{topic}
Secure with an API key or JWT in the Authorization header. No open door to the internet.
Step 2: Send a Test Event
curl -X POST https://your-tenant.clawctl.com/webhook/fitness \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{"source": "garmin", "heart_rate": 72, "steps": 8400}'
Your agent receives the event. You write the rules: "If steps > 10k, send a Slack message." "If heart rate spikes, log and notify."
Step 3: Wire Up Real Sources
| Source | How it hits the webhook |
|---|---|
| Apple Watch / Shortcuts | Shortcuts app → "Get Contents of URL" (POST) with JSON body |
| Google Forms | Form submit → Apps Script or Zapier → POST to your URL |
| n8n / Make / Zapier | HTTP Request node → your webhook URL |
| Cron / script | curl or any HTTP client from your server |
| ESP32 / Arduino | HTTPClient POST (same as basement sensor) |
Same endpoint. Different payloads. One agent that routes, filters, and acts.
Payload Shape (You Choose)
OpenClaw doesn't mandate a schema. Your agent sees whatever you POST. Typical pattern:
{
"source": "garmin",
"event_type": "daily_summary",
"timestamp": "2026-02-02T08:00:00Z",
"data": { "steps": 12000, "sleep_hours": 7.2 }
}
Your rules: event.data.steps >= 10000 → send_slack("Steps goal hit!"). Or correlate with calendar, weather, other webhooks—all in one place.
Security in One Line
Clawctl validates every request (API key or JWT), rate-limits by source, and logs every event. Your agent never talks to the internet unless you've allowed specific egress. So "connect any app" doesn't mean "open any port."