# Pairing

## Overview

OpenClaw implements an explicit **owner approval step** called pairing to control access in two contexts:
1. Direct Message channels
2. Node devices connecting to the gateway network

## DM Pairing (Inbound Chat Access)

When configured with pairing policy, unknown senders receive a code before message processing occurs.

### Key Characteristics

- **Code format**: 8 characters, uppercase, no ambiguous chars (`0O1I`)
- **Expiration**: Codes last one hour
- **Request limits**: Capped at 3 pending requests per channel by default

### Approval Commands

```bash
openclaw pairing list telegram
openclaw pairing approve telegram <CODE>
```

### Supported Channels

- Telegram
- WhatsApp
- Signal
- iMessage
- Discord
- Slack

### State Storage Locations

Under `~/.openclaw/credentials/`:
- Pending requests: `<channel>-pairing.json`
- Approved list: `<channel>-allowFrom.json`

## Node Device Pairing

Devices connecting as nodes require gateway approval.

### Management Commands

```bash
openclaw devices list
openclaw devices approve <requestId>
openclaw devices reject <requestId>
```

### State Files

Under `~/.openclaw/devices/`:
- `pending.json` (temporary requests)
- `paired.json` (active devices with tokens)

**Note:** A legacy `node.pair.*` API exists separately for gateway-owned pairing.