ClawHub

Api Integrator

API integration and automation skill for connecting services, webhooks, and third-party platforms. Use when integrating APIs, building webhooks, syncing data between services, or creating custom API clients. Supports REST, GraphQL, and authentication flows.

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install yinan-api-integrator

API Integrator

Overview

Professional API integration skill for OpenClaw. Connect and automate workflows between multiple services, handle authentication, manage rate limits, and build custom API clients.

Features

  • REST API testing
  • OAuth 2.0/Bearer/Basic auth support
  • API client code generation (Python/JavaScript)
  • Rate limit handling
  • Auto-retry on 429

Quick Start

Test API Endpoint

python scripts/api_client.py --action test --url "https://api.example.com/users" --method GET --auth bearer --token YOUR_TOKEN

Generate API Client

python scripts/api_client.py --action create-client --name myapi --base-url "https://api.example.com" --language python

Scripts

api_client.py

Test APIs and generate client code.

Actions:

  • test - Test API endpoint
  • create-client - Generate API client code
  • webhook-test - Test webhook receiver

Arguments:

  • --action - Action to perform
  • --url - API endpoint URL
  • --method - HTTP method
  • --auth - Authentication type (none, bearer, basic, api_key)
  • --token - Auth token/API key
  • --name - Client name (for create-client)
  • --base-url - API base URL
  • --language - Output language (python, javascript)
  • --output - Output file path

Authentication Methods

API Key

headers = {
    "X-API-Key": "your_api_key"
}

Bearer Token

headers = {
    "Authorization": f"Bearer {access_token}"
}

OAuth 2.0

# Get access token
token_url = "https://auth.example.com/oauth/token"
data = {
    "grant_type": "client_credentials",
    "client_id": CLIENT_ID,
    "client_secret": CLIENT_SECRET
}
response = requests.post(token_url, data=data)
access_token = response.json()["access_token"]

Basic Auth

import base64
credentials = base64.b64encode(f"{username}:{password}".encode()).decode()
headers = {
    "Authorization": f"Basic {credentials}"
}

Common Integrations

E-commerce Platforms

PlatformAPI DocsAuth Type
Taobaohttps://open.taobao.comOAuth 2.0
Douyinhttps://open.douyin.comOAuth 2.0
Shopifyhttps://shopify.dev/apiAPI Key
WooCommercehttps://woocommerce.github.ioOAuth 1.0a

Payment Processors

PlatformAPI DocsAuth Type
Stripehttps://stripe.com/docs/apiBearer Token
PayPalhttps://developer.paypal.comOAuth 2.0
Alipayhttps://opendocs.alipay.comRSA Key

Communication

PlatformAPI DocsAuth Type
SendGridhttps://docs.sendgrid.comBearer Token
Twiliohttps://www.twilio.com/docsBasic Auth
Slackhttps://api.slack.comBearer Token

Rate Limiting

Built-in Rate Limit Handling

python scripts/sync_data.py \
  --source stripe \
  --target shopify \
  --rate-limit 100/minute \
  --retry-on-429 true

Rate Limit Strategies

  • Fixed window: N requests per minute
  • Sliding window: Smooth distribution
  • Token bucket: Burst allowance
  • Exponential backoff: Retry with increasing delays

Error Handling

Common HTTP Errors

CodeMeaningAction
400Bad RequestFix request parameters
401UnauthorizedCheck authentication
403ForbiddenCheck permissions
404Not FoundVerify endpoint/ID
429Too Many RequestsWait and retry
500Server ErrorRetry with backoff
503Service UnavailableRetry later

Retry Logic

import time
from requests.exceptions import RequestException

def api_request_with_retry(url, max_retries=3):
    for attempt in range(max_retries):
        try:
            response = requests.get(url)
            response.raise_for_status()
            return response.json()
        except RequestException as e:
            if attempt == max_retries - 1:
                raise
            wait_time = 2 ** attempt  # Exponential backoff
            time.sleep(wait_time)

Best Practices

  1. Use environment variables for API keys and secrets
  2. Implement rate limiting to avoid API bans
  3. Cache responses when appropriate
  4. Log all API calls for debugging
  5. Handle errors gracefully with retries
  6. Validate responses before processing
  7. Use webhooks instead of polling when possible

Security

  • Never commit API keys to version control
  • Use HTTPS for all API calls
  • Rotate keys periodically
  • Implement request signing for webhooks
  • Validate webhook signatures

Troubleshooting

  • 401 Unauthorized: Check token expiration, refresh if needed
  • 403 Forbidden: Verify API permissions and scopes
  • 429 Rate Limited: Implement backoff, reduce request frequency
  • Timeout errors: Increase timeout, add retries
  • Invalid response: Check API version, validate schema