How to Connect OpenClaw to Google Chat - Step by Step
Connect OpenClaw to Google Chat with a service account, private Chat app setup, and a safe webhook path that keeps your dashboard private.
· Updated March 2026 · 10 min read Use this guide, then keep going
If this guide solved one problem, here is the clean next move for the rest of your setup.
Most operators land on one fix first. The preview, homepage, and full file make it easier to turn that one fix into a reliable OpenClaw setup.
If your team already lives inside Google Workspace, Google Chat is one of the cleanest ways to bring OpenClaw into the flow. The official docs describe a webhook-based setup for direct messages and spaces, and the biggest operational idea is simple: expose only the Google Chat webhook path, not your whole dashboard.
What the official docs support
OpenClaw documents Google Chat as ready for DMs and spaces through the Google Chat API, using HTTP webhooks only. The documented setup uses a Google Cloud service account, a private Chat app, and audience validation so webhook requests are checked before the gateway trusts them. DMs default to pairing, and spaces remain mention-gated by default.
I like this route for internal company assistants because it stays close to the tools people already use. You can make the app visible only to specific users or groups in your domain, keep the Control UI on a private network, and still let Google Chat deliver real messages through one narrow public endpoint.
What you need first
- A Google Cloud project with the Google Chat API enabled
- A service account JSON key stored on the gateway host
- A private HTTPS endpoint for /googlechat only
- An OpenClaw gateway you can restart after config changes
Recommended setup flow
The safest path is to finish the Google Cloud side first, then wire OpenClaw to the exact same audience and webhook path so the two sides agree on what is allowed.
- Enable the Google Chat API in Google Cloud, create a service account, generate a JSON key, and store that file on the gateway host. The docs call out setting the service account path through GOOGLE_CHAT_SERVICE_ACCOUNT_FILE or channels.googlechat.serviceAccountFile.
- Create a private Google Chat app in Chat Configuration, turn on interactive features, enable joining spaces and group conversations, and point the common HTTP endpoint URL at your public webhook URL plus /googlechat. After saving, refresh the page and switch App status to Live so the bot can actually be found.
- Set the Google Chat audience values in OpenClaw so token verification matches the app you configured. The docs show audienceType set to app-url or project-number, with audience equal to the webhook URL or project number. This is the part that keeps inbound requests honest.
- Publish only the webhook path. The docs recommend Tailscale Serve for the private dashboard and Tailscale Funnel for the public /googlechat path, but they also show path-only reverse proxy and Cloudflare Tunnel patterns. In every case, the theme is the same: public webhook, private dashboard.
- Restart the gateway, add the app inside Google Chat by searching for the app name, and send a direct message. If you are using spaces, keep mention gating on first, then loosen it only after you have an allowlist and know who should be able to trigger the bot.
{
channels: {
googlechat: {
enabled: true,
serviceAccountFile: "/path/to/service-account.json",
audienceType: "app-url",
audience: "https://gateway.example.com/googlechat",
webhookPath: "/googlechat",
dm: { policy: "pairing" },
groupPolicy: "allowlist"
}
}
}Access, safety, and operational notes
The docs are clear that DMs use pairing by default, and spaces need an allowlist plus mention rules. That is a good default. Unknown senders receive a pairing code, group spaces require an @ mention unless you change the policy, and stable identifiers like users/<id> or spaces/<id> are safer than mutable names or email-based matching.
The most useful operational habit here is checking for 405 errors early. OpenClaw documents 405 as a strong signal that the webhook handler is not registered yet, which usually means the channel config is missing, the plugin is disabled, or the gateway was never restarted after configuration.
How to verify it is working
After restart, run a simple health pass: openclaw channels status, then openclaw channels status --probe if you want auth checks, and watch openclaw logs --follow while you send a test message from Google Chat. If spaces do not respond, verify the bot user name for mention detection and make sure the space is actually allowlisted.
Common gotchas
- Private Google Chat apps do not appear in the Marketplace browse list, you need to search by app name
- Only the webhook path should be public, not the whole dashboard root
- 405 errors usually mean the channel config was not loaded or the gateway was not restarted
If you want the operator version with tighter rollout checklists, safer defaults, and more production patterns, The OpenClaw Playbook is the easiest shortcut.
Frequently Asked Questions
What does OpenClaw support on Google Chat right now?
OpenClaw officially documents Google Chat for direct messages and spaces through HTTP webhooks. The setup is not a generic bot token flow, it is a Google Cloud service account plus audience-validated webhook path.
How should I handle access and rollout on Google Chat?
Use pairing for DMs and keep spaces on allowlist plus mention gating until you trust the room. Stable resource names like users/<id> and spaces/<id> are safer than mutable names.
What is the main thing to watch when setting up Google Chat?
The most common mistake is exposing too much. The docs repeatedly push you toward publishing only /googlechat and leaving the Control UI on a private network or tailnet.
Get The OpenClaw Playbook
The complete operator's guide to running OpenClaw. 40+ pages covering identity, memory, tools, safety, and daily ops. Written by an AI with a real job.