How to Unlock DM Access on Your OpenClaw Bot

Your OpenClaw bot is highly configurable — you can change who is allowed to talk to it just by chatting with it. That flexibility means you can accidentally lock yourself out.

This guide covers how DM access control works on each channel, how lockouts happen, and how to recover using the ClawCloud dashboard or the Console tab. For the full list of CLI commands available in the Console, see OpenClaw CLI Commands. To proactively configure the DM policy before you get locked out, see How to Change the OpenClaw DM Policy.

For group chat behavior (requireMention / groupPolicy), see How to Configure OpenClaw Group Chat Behavior. For channel setup tokens, see Create a Telegram Bot Token or Create a Discord Bot Token.

DM Policy Overview

OpenClaw uses two settings to control Direct Message access:

• dmPolicy — the access rule: open, pairing, allowlist, or disabled.
• allowFrom — a list of user IDs that are explicitly allowed to DM the bot.

These settings are per-channel. Telegram and Discord each have their own dmPolicy and allowFrom under channels.telegram and channels.discord respectively.

When you deploy on ClawCloud, both channels start with dmPolicy: "open" and allowFrom: ["*"] so you can immediately talk to your bot.

Policy Quick Reference

How Lockouts Happen

OpenClaw is a self-modifying agent. You can tell it to change its own rules. For example:

"From now on, only talk to me and ignore everyone else."

The bot might update dmPolicy to allowlist and set allowFrom to a wrong ID — an old username, an incorrect numeric ID, or a format the channel doesn't accept. The result: the bot ignores your messages or responds with "You are not authorized."

Telegram

Telegram User IDs

Telegram requires numeric user IDs in allowFrom. Usernames (@handle) are not valid — they will be silently ignored or rejected.

Find your Telegram user ID while you still have access:

/whoami

The bot replies with something like telegram:123456789. That numeric portion is the value to use.

If you're already locked out, check the gateway logs from the Console tab:

openclaw logs

Look for the from.id field in incoming message entries.

Telegram Config Structure

DM settings for Telegram live under channels.telegram:

{
  "channels": {
    "telegram": {
      "dmPolicy": "open",
      "allowFrom": ["*"],
      "groupPolicy": "open",
      "groups": { ... }
    }
  }
}

Key differences from Discord: Telegram uses groups for group chat config (not guilds). The requireMention setting lives under channels.telegram.groups["*"].requireMention. See the OpenClaw Telegram channel docs for the full schema.

Telegram: Change DM Policy via Console

Open the Console tab in your ClawCloud dashboard and run:

# Check current state
config get channels.telegram

# Set strict allowlist with your numeric user ID
config set channels.telegram.dmPolicy allowlist
config set channels.telegram.allowFrom '["123456789"]'

# Or switch to pairing mode
config set channels.telegram.dmPolicy pairing

# Or restore open access
config set channels.telegram.dmPolicy open
config set channels.telegram.allowFrom '["*"]'

# Restart to apply
gateway restart

# Verify
doctor

Telegram: Change DM Policy via Chat

If you still have access, you can use slash commands directly in the chat:

/allowlist
/allowlist add 123456789
/allowlist remove 987654321
/config set channels.telegram.dmPolicy allowlist

Or ask in plain language:

"Only allow user 123456789 to DM me on Telegram."

When /allowlist edits are disabled

By default, /allowlist add and /allowlist remove require commands.config to be enabled. If you try before enabling it, the bot responds:

⚠️ /allowlist edits are disabled. Set commands.config=true to enable.

To fix this, open the Console tab in your ClawCloud dashboard and run:

config set commands.config true
gateway restart

After that, go back to Telegram and the commands work normally:

1. Run /whoami — the bot shows your identity, channel, user ID, and current allowFrom value.
2. Run /allowlist — see the full allowlist state (DM policy, group policy, config entries, paired entries).
3. Run /allowlist add 123456789 — the bot confirms: "DM allowlist added: pairing store."
4. Run /allowlist again to verify the entry was saved.

This is a common first-time setup step. ClawCloud sets commands.config: true during provisioning, but if the bot resets its own config via a self-modification, you may need to re-enable it from the Console. See OpenClaw CLI Commands for all available Console commands.

Discord

Discord User IDs

Discord uses snowflake IDs (18-digit numbers) in allowFrom. To find yours:

1. Open Discord → User Settings → Advanced → enable Developer Mode.
2. Right-click your avatar and click Copy User ID.

Or while you still have access, send /whoami to the bot.

Discord Config Structure

DM settings for Discord live under channels.discord:

{
  "channels": {
    "discord": {
      "dmPolicy": "open",
      "allowFrom": ["*"],
      "groupPolicy": "open",
      "guilds": { ... }
    }
  }
}

Key differences from Telegram: Discord uses guilds for server-level config (not groups). The requireMention setting lives under channels.discord.guilds["*"].requireMention. See the OpenClaw Discord channel docs for the full schema.

Discord: Change DM Policy via Console

Open the Console tab in your ClawCloud dashboard and run:

# Check current state
config get channels.discord

# Set strict allowlist with your Discord user ID
config set channels.discord.dmPolicy allowlist
config set channels.discord.allowFrom '["123456789012345678"]'

# Or switch to pairing mode
config set channels.discord.dmPolicy pairing

# Or restore open access
config set channels.discord.dmPolicy open
config set channels.discord.allowFrom '["*"]'

# Restart to apply
gateway restart

# Verify
doctor

Discord: Change DM Policy via Chat

If you still have access, use slash commands in a DM with the bot:

/allowlist
/allowlist add 123456789012345678
/config set channels.discord.dmPolicy allowlist

Or in natural language:

"Only allow user 123456789012345678 to DM me on Discord."

If /allowlist add responds with "edits are disabled", enable commands.config from the Console tab first — see the equivalent Telegram section above for the exact steps.

Dashboard Recovery (Unlock DM Access)

If you're locked out on any channel, ClawCloud provides a one-click recovery action — no SSH or server rebuild needed.

1. Go to your ClawCloud Dashboard.
2. Find the instance where your bot is running.
3. Click the Actions button (gear icon).
4. Click Unlock DM Access (warning shield icon).
5. Confirm the prompt.

This option only appears when the bot's current policy is restrictive.

What this action does

It resets exactly two settings on the affected channel:

• Sets dmPolicy back to "open".
• Sets allowFrom back to ["*"].

It does not change your bot's name, personality, system prompt, model, tools, or any other configuration. It only restores DM access so you can message the bot again. For a full comparison of recovery options, see Destroy vs Regenerate: When to Rebuild Your OpenClaw Server.

Console recovery alternative

If you prefer CLI over the button, open the Console tab and run the equivalent commands for your channel:

# Telegram
config set channels.telegram.dmPolicy open
config set channels.telegram.allowFrom '["*"]'
gateway restart

# Discord
config set channels.discord.dmPolicy open
config set channels.discord.allowFrom '["*"]'
gateway restart

See OpenClaw CLI Commands for the full list of commands available in the Console tab.

Best Practices

• Keep pairing as the default. Approve yourself once and the bot remembers it. Safest option for personal bots.
• Always use numeric IDs. Telegram IDs are numeric. Discord IDs are 18-digit snowflakes. Usernames and display names don't work in allowFrom.
• Run doctor after every DM policy change. It catches risky open policies, missing allowFrom values, and config errors.
• Check pending pairings with pairing list telegram or pairing list discord in the Console if someone can't reach the bot.
• Test with a second account before locking down access on your primary channel.
• Use the Console tab on ClawCloud to run config get channels and doctor without SSH.

For more details, see the Telegram channel guide or the Discord channel guide.