Understanding DM Pairing
DM Pairing is OpenClaw's authentication mechanism for messaging channels. It ensures that your agent only responds to authorized users by creating a cryptographic pairing between a specific user identity and the agent instance.
How DM Pairing Works
- Initiation: When you first message your OpenClaw agent through any channel (WhatsApp, Discord, Telegram, etc.), the agent generates a unique pairing challenge.
- Verification: You must confirm the pairing by entering a one-time code displayed in your OpenClaw dashboard.
- Binding: Once verified, the agent creates a persistent binding between your messaging identity and your OpenClaw account.
- Enforcement: All future messages from unrecognized identities are either ignored or forwarded to a quarantine queue.
Why DM Pairing Matters
Without DM pairing, anyone who discovers your agent's messaging endpoint could send it commands. In messaging platforms like WhatsApp or Telegram, this means a stranger could potentially instruct your agent to execute actions on your systems.
DM pairing eliminates this attack vector entirely. Even if someone finds your agent's phone number or bot handle, they cannot interact with it without completing the pairing process.
Multi-Device Pairing
OpenClaw supports pairing multiple devices and identities to a single agent. Each pairing can have different permission levels:
- Admin: Full control, can modify agent configuration and approve high-risk actions
- Operator: Can send commands and receive responses, but cannot modify configuration
- Viewer: Read-only access to agent status and logs
Revoking Pairings
You can revoke any pairing at any time through the OpenClaw dashboard or by running openclaw unpair --identity [ID]. Revoked pairings take effect immediately — the revoked identity will receive no further responses.