Bug type

Regression (worked before, now fails)

Summary

The Cloudflare AI Gateway with the Authentication feature enabled rejects requests despite having the cf-aig-authorization header set with the correct token.

Steps to reproduce

According to the docs I need to add the following configuration block under the cloudflare-ai-gateway provider section:

"headers": {
"cf-aig-authorization": "Bearer: CLOUDFLARE_TOKEN"
},

https://docs.openclaw.ai/providers/cloudflare-ai-gateway

I have added this to the configuration. When I enable Authentication in the gateway I get this error:

openclaw-gateway-1 | 2026-03-04T17:25:06.596+00:00 [agent/embedded] embedded run agent end: runId=36944c82-7780-4b3a-9ce9-0800aba7b6c9 isError=true error=HTTP 401: [{"code":2009,"message":"Unauthorized"}]

If I disable Authentication, it works fine. I tested my token with curl and it works.

Expected behavior

Requests should be accepted by the gateway with Authentication enabled.

Actual behavior

Requests are denied with an authorization error.

OpenClaw version

2026.3.3

Operating system

Ubuntu Server 24.04 ARM

Install method

docker

Logs, screenshots, and evidence

openclaw-gateway-1  | 2026-03-04T17:25:06.596+00:00 [agent/embedded] embedded run agent end: runId=36944c82-7780-4b3a-9ce9-0800aba7b6c9 isError=true error=HTTP 401: [{"code":2009,"message":"Unauthorized"}]

Impact and severity

Affected: Gateway authentication
Severity: Prevents requiring authentication to use the gateway
Frequency: Every time.
Consequence: Leave gateway in an unsecured state.

Additional information

No response